Privacy Policy

Effective Date: January 13, 2025 Last Updated: January 13, 2025

1. Introduction

Dark Matter Labs ("Company," "we," "us," or "our") operates the CodonQuant/ASSET platform at codonquant.com (the "Platform"). We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information.

This Privacy Policy explains:

What information we collect
How we use your information
How we protect your information
Your rights and choices
How to contact us

By using the Platform, you agree to this Privacy Policy. If you do not agree, please do not use the Platform.

Contact Information: Dark Matter Labs 1816 Allison Ave Panama City Beach, FL 32407 United States Email: support@codonquant.com

2. Information We Collect

2.1 Information You Provide

Account Registration:

Email address
Password (encrypted, we never see your plain-text password)
Display name (optional)
Phone number (if you enable SMS notifications)

API Credentials:

Alpaca API Key ID and Secret (encrypted using AES-256-GCM encryption)
Future integrations may require additional API credentials (e.g., Polygon.io)

Subscription and Payment:

Payment information processed through our payment processor (we do not store credit card numbers)
Billing history
Subscription tier and add-on purchases

Communications:

Messages you send us (support emails, feedback)
SMS message logs (if you enable SMS notifications)
Notification preferences (email/SMS settings, alert thresholds)

User-Generated Content:

Model configurations and hyperparameters
Trading strategy settings
Code snippets or notes you save
Comments or feedback on public models (if applicable)

2.2 Information We Collect Automatically

Usage Data:

Pages visited and features used
Time spent on the Platform
Interactions with models and training jobs
Error logs and debugging information

Model Training Data:

Model types trained (RL, Sentiment, Prediction)
Hyperparameters used
Training duration and resource usage (CPU/GPU hours)
Backtest results and performance metrics (anonymized)
Evaluation metrics (Sharpe ratio, returns, win rate, etc.)

Trading Activity (Anonymized):

We collect: Aggregate performance metrics (total returns, risk-adjusted returns, number of trades)
We do NOT collect: Individual trade details, positions, or real-time trading decisions

Technical Information:

IP address (for security and fraud prevention)
Browser type and version
Device type (desktop, mobile, tablet)
Operating system
Referral source (how you found our Platform)

Cookies and Similar Technologies:

Session cookies (required for Platform functionality)
Authentication tokens (Firebase)
Analytics cookies (Google Analytics, if enabled)
Preference cookies (language, theme settings)

2.3 Information from Third Parties

Firebase Authentication:

If you sign in with Google, Apple, or other social providers, we receive basic profile information (email, name, profile picture) as permitted by that provider

Alpaca Markets:

We do not receive your account balance or holdings
We only receive market data (prices, bars) and order confirmation data necessary for the Platform to function

3. How We Use Your Information

3.1 To Provide the Platform

Create and manage your account
Process subscriptions and billing
Train machine learning models on your behalf
Execute trading operations through third-party integrations (Alpaca)
Send you notifications (SMS/email alerts for predictions, sentiment analysis)
Provide customer support

3.2 To Improve the Platform

Analyze anonymized model performance data to improve recommendation algorithms
Conduct research on algorithmic trading effectiveness
Identify and fix bugs or technical issues
Develop new features and improvements
Generate aggregate statistics and insights (e.g., "Average Sharpe ratio for PPO models")

3.3 For Security and Fraud Prevention

Detect and prevent fraudulent activity
Monitor for unauthorized access or abuse
Enforce our Terms of Service
Comply with legal obligations

3.4 For Communications

Send you service-related emails (password resets, subscription confirmations)
Send you optional SMS/email alerts (if you enable notifications)
Respond to your support requests
Send you important Platform updates or changes to our policies (required communications)

3.5 For Analytics

Understand how users interact with the Platform
Measure effectiveness of features
Identify popular model types and configurations

We do NOT:

Sell your personal information to third parties
Share your individual trading data with third parties
Use your data for advertising purposes
Monitor your real-time trading decisions

4. How We Share Your Information

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers (Third Parties)

We share information with trusted third-party service providers who help us operate the Platform:

Google Cloud Platform / Firebase:

Purpose: Authentication, database storage, cloud computing
Data Shared: Account information, model data, training jobs
Privacy Policy: https://cloud.google.com/privacy

Alpaca Markets:

Purpose: Market data and trade execution
Data Shared: Your encrypted API credentials (you authorize this connection)
Privacy Policy: https://alpaca.markets/privacy

Twilio:

Purpose: SMS notifications
Data Shared: Phone number, SMS message content (alerts)
Privacy Policy: https://www.twilio.com/legal/privacy

Payment Processors:

Purpose: Process subscription payments
Data Shared: Payment information, billing history
Note: We do not store credit card numbers

Google Cloud Vertex AI:

Purpose: Train machine learning models
Data Shared: Training datasets, model configurations
Privacy Policy: https://cloud.google.com/privacy

4.3 Legal Requirements

We may disclose your information if required by law, such as:

In response to a valid subpoena, court order, or legal process
To protect the rights, property, or safety of Dark Matter Labs, our users, or the public
To detect, prevent, or address fraud, security issues, or technical problems
To enforce our Terms of Service

4.4 Business Transfers

If Dark Matter Labs is acquired, merged, or undergoes a business restructuring, your information may be transferred to the successor entity. You will be notified of any such change.

4.5 Anonymized Data

We may share anonymized, aggregated data that does not identify you personally:

Research publications on algorithmic trading
Public statistics (e.g., "95% of users prefer PPO over SAC")
Industry reports or whitepapers

4.6 Public Models (User Choice)

If you choose to make a model public (available on Hedge tier and above):

Other users can view and use your model
Other users may be able to fine-tune your model (future feature)
Your username or model name may be visible

You control whether your models are public or private through your account settings.

5. Data Security

5.1 Encryption

At Rest:

API credentials (Alpaca keys): AES-256-GCM encryption
Passwords: Hashed using Firebase Authentication (bcrypt/scrypt)
Sensitive data: Stored in Google Cloud Storage with encryption at rest

In Transit:

All data transmitted between your browser and our servers uses TLS 1.2+ encryption (HTTPS)
API calls to third-party services (Alpaca, Twilio) use secure HTTPS connections

5.2 Access Controls

Only authorized personnel have access to production systems
Service accounts use principle of least privilege (minimal permissions)
Multi-factor authentication (MFA) required for administrative access
Regular security audits and monitoring

5.3 Infrastructure Security

Platform hosted on Google Cloud Platform (industry-leading security)
Firestore database rules prevent unauthorized access
Rate limiting to prevent abuse
Regular backups and disaster recovery plans

5.4 Your Responsibilities

Keep your password secure and confidential
Do not share your account credentials
Enable two-factor authentication (if available)
Use a strong, unique password
Log out of shared/public devices

5.5 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

Notify you within 72 hours (if feasible)
Provide details of what information was affected
Describe steps we are taking to remediate
Advise you on protective actions you can take

6. Data Retention

6.1 Active Accounts

While your account is active, we retain all information necessary to provide Platform services.

6.2 Account Deletion/Cancellation

When you delete your account or cancel your subscription:

30-Day Grace Period:

All data retained for 30 days in case you wish to reactivate
You can contact us to reactivate within this period

After 30 Days:

Deleted: Personal identifiable information (email, name, phone number, API credentials)
Retained (Anonymized): Performance metrics, usage data, anonymized model configurations
Retained (Legal): Billing records, transaction history (as required by law)

6.3 Anonymized Data

Anonymized performance and usage data is retained indefinitely for:

Platform improvement and algorithm optimization
Research purposes
Aggregate statistics and reporting

Anonymized data cannot be linked back to your identity.

6.4 Legal Retention

Certain data may be retained longer as required by:

Tax laws (billing records: 7 years)
Anti-fraud regulations
Legal holds or ongoing litigation

7. Your Rights and Choices

7.1 Access Your Data

You can access most of your data through your account dashboard:

Account settings: Email, phone number, notification preferences
Subscription details: Billing history, current tier
Model data: Trained models, configurations, performance metrics

For data not accessible through the dashboard, contact support@codonquant.com.

7.2 Correct Your Data

You can update or correct your information through:

Account settings (email, phone number, preferences)
Contacting support for data you cannot update yourself

7.3 Delete Your Data

You have the right to request deletion of your personal data:

Self-service: Delete your account through account settings
Support request: Email support@codonquant.com with subject "Data Deletion Request"

We will process deletion requests within 30 days, subject to legal retention requirements.

7.4 Export Your Data

You can request a copy of your data by contacting support@codonquant.com. We will provide your data in a commonly used, machine-readable format (JSON/CSV) within 30 days.

7.5 Opt-Out of Communications

Required Communications:

Service-related emails (password resets, security alerts, billing issues)
Critical Platform updates

Optional Communications:

SMS notifications: Disable in account settings or reply "STOP" to any SMS
Email alerts: Disable in notification preferences
Marketing emails: Unsubscribe link at the bottom of each email (if we send any)

7.6 Cookie Preferences

You can control cookies through your browser settings:

Block all cookies (may break Platform functionality)
Block third-party cookies only
Clear cookies regularly

Note: Some cookies are essential for the Platform to function (authentication, session management).

8. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If we become aware that a user under 18 has provided personal information, we will:

Delete the account
Delete all associated data
Notify the parent/guardian (if possible)

If you believe a child under 18 has created an account, please contact us immediately at support@codonquant.com.

9. International Users

9.1 US-Only Service

The Platform is currently available only to users in the United States. We do not target or market to users outside the U.S.

9.2 Data Storage Location

Your data is stored on servers located in the United States (Google Cloud Platform, us-east4 region).

9.3 No GDPR Compliance Required

Since we do not offer services to EU residents, we are not subject to the General Data Protection Regulation (GDPR). However, we strive to follow data privacy best practices regardless of jurisdiction.

9.4 Future International Expansion

If we expand to serve international users in the future:

We will update this Privacy Policy
We will provide notice to all existing users
Additional compliance measures (e.g., GDPR, CCPA) will be implemented as needed

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

10.1 Right to Know

You can request details about the personal information we have collected about you in the past 12 months.

10.2 Right to Delete

You can request deletion of your personal information (subject to legal exceptions).

10.3 Right to Opt-Out of Sale

We do NOT sell your personal information. Therefore, there is no need to opt-out of sales.

10.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

10.5 How to Exercise CCPA Rights

Email us at support@codonquant.com with:

Subject line: "CCPA Request"
Your request type (access, deletion, etc.)
Sufficient information to verify your identity

We will respond within 45 days.

11. Changes to This Privacy Policy

11.1 Updates

We may update this Privacy Policy from time to time to reflect:

Changes in our practices
Changes in applicable laws
New features or services

11.2 Notification

We will notify you of material changes via:

Email to your registered email address
Prominent notice on the Platform
Updated "Last Updated" date at the top of this policy

11.3 Continued Use

Your continued use of the Platform after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree, you must stop using the Platform.

11.4 Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Third-Party Links

The Platform may contain links to third-party websites or services (Alpaca, Google, etc.). This Privacy Policy does not apply to those third parties.

We are not responsible for:

Privacy practices of third-party services
Content or security of external websites
How third parties collect or use your information

We encourage you to review the privacy policies of any third-party services you use.

13. Do Not Track (DNT)

Some browsers have "Do Not Track" (DNT) features. We currently do not respond to DNT signals because there is no industry standard for how to interpret them.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Dark Matter Labs Email: support@codonquant.com Address: 1816 Allison Ave, Panama City Beach, FL 32407 United States

Response Time: We aim to respond to all privacy inquiries within 30 days.

15. Summary of Key Points

What We Collect:

Account info (email, password, phone)
API credentials (encrypted)
Model performance metrics (anonymized)
Usage data and technical information

How We Use It:

Provide the Platform's services
Improve algorithms and features
Send notifications (if you enable them)
Security and fraud prevention

What We DON'T Do:

Sell your data
Share individual trading data
Monitor real-time trades
Use your data for advertising

Your Rights:

Access your data
Correct your data
Delete your account
Export your data
Opt-out of optional communications

Security:

AES-256 encryption for API keys
TLS encryption in transit
Google Cloud Platform security
Regular security audits

Data Retention:

30-day grace period after account deletion
Personal data deleted after 30 days
Anonymized metrics retained for research

16. Consent

By using the Platform, you consent to this Privacy Policy and our collection, use, and sharing of your information as described.

If you do not agree, please do not use the Platform.

Questions about your privacy? Contact us at support@codonquant.com

Home Terms of Service Contact