# Privacy Policy - Tropo Effective date: June 19, 2026 This Privacy Policy explains how Tropo collects, uses, stores, shares, and protects information when you use Tropo's web app, mobile app, API-backed product surfaces, and related support or beta-signup workflows. Tropo is a weather-market intelligence and decision-support tool. Tropo is not a broker, exchange, investment adviser, commodity trading adviser, or order-execution service. Tropo does not place trades, transmit orders, hold customer funds, custody assets, connect to your brokerage account, or decide whether you should trade. Any market information, model output, alert, journal, or dashboard view is provided for your own review and decision support only. ## 1. Who We Are Tropo is operated by the Tropo team. For privacy questions, rights requests, or complaints, contact: - Email: support@tropoapp.com ## 2. Information We Collect We collect only the categories needed to operate, secure, improve, and support Tropo. ### Account and Authentication Information When you create or use an account, Clerk, our authentication provider, processes your authentication session. Tropo stores account records needed to recognize your account and enforce access, such as: - Clerk user identifier. - Email address. - Display name, if provided. - Account status and entitlement tier. - Trial, subscription, or access-window metadata. - Session and security/audit records needed to protect the service. Clerk handles authentication credentials and sessions. Tropo does not store your Clerk password. ### Entitlements and Billing Information If you use a paid or trial feature, Tropo stores entitlement records such as tier, source, grant/revoke history, expiration dates, and related audit entries. If Stripe billing is configured and you purchase or manage a web subscription, Stripe processes checkout, payment, and subscription data. Tropo stores Stripe linkage needed to manage access, such as a Stripe customer identifier and webhook-processing records. Tropo does not store full card numbers. ### Product Preferences and User Content If you use account-backed product features, Tropo may store data you create or choose, including: - Dashboard preferences, filters, and settings. - Watchlists or saved views, where available. - Decision-journal or trade-journal entries you manually create, such as station, side, strike, price, size, status, and notes. - Edge-alert configurations, such as station, threshold, label, and creation time. - Push-notification registration data, including Expo push token and platform, if you opt into push notifications. Tropo journal and alert features are for decision support and recordkeeping only. They do not execute orders and do not connect to any trading account. ### Consent-Gated Product Analytics Tropo uses first-party product analytics only after you grant analytics consent. These events help us understand whether the product is usable and reliable. They may include: - Page or screen viewed. - Feature clicked or event type. - Session identifier generated in your browser. - Event timestamp. - Limited event metadata that the app explicitly sends. - Whether the request was authenticated. - Browser user-agent, origin, and IP address received by the API for rate limiting, abuse prevention, and service diagnostics. Tropo does not use Google Analytics, Meta Pixel, third-party ad trackers, or behavioral advertising scripts. ### Error Diagnostics For production services where Sentry is configured, Sentry error monitoring is always on. It is not used for advertising or behavioral tracking and is not consent-gated. We process it under our legitimate interest in keeping the service secure and reliable. Sentry may receive technical diagnostic data such as error messages, stack traces, route or page URL, browser/runtime information, release/environment identifiers, and timing or performance context. Tropo configures Sentry with personal-information scrubbing, including redaction of account identifiers, email addresses, tokens, cookies, authorization headers, Clerk identifiers, entitlement fields, and request bodies where applicable. ### Beta Signup and Support Information If you submit a beta signup, waitlist form, support request, or privacy request, Tropo may collect the information you provide, such as email address and message content. Beta signup records may also include source, referrer, local session identifier, IP address, user-agent, and submission timestamp for abuse prevention and operations. ### Security, Abuse-Prevention, and Operational Logs Tropo may process IP address, user-agent, timestamp, route, authentication state, rate-limit counters, and audit events to detect abuse, debug outages, secure accounts, and operate the service. ## 3. Information We Do Not Collect Tropo does not intentionally collect: - Brokerage usernames or passwords. - Kalshi account credentials. - Trading account balances. - Bank account or wallet credentials. - Government identification documents. - Full payment-card numbers. - Sensitive personal information for advertising or profiling. Tropo does not sell personal information. Tropo does not share personal information for cross-context behavioral advertising. ## 4. How We Use Information We use information to: - Authenticate users and maintain sessions through Clerk. - Provide account-backed product features. - Enforce trial, subscription, and entitlement access. - Store preferences, watchlists, journals, edge alerts, and push-token registrations you choose to use. - Send optional push notifications through Expo when you register for them. - Process web checkout and subscription management through Stripe when billing is configured. - Process consent-gated product analytics. - Detect abuse, enforce rate limits, prevent fraud, and protect accounts. - Diagnose crashes, errors, and reliability issues through Sentry. - Respond to support, privacy, deletion, and beta-signup requests. - Maintain audit records required to operate and secure the service. ## 5. Legal Bases for Processing For users in the European Economic Area, United Kingdom, and similar jurisdictions, our legal bases include: - Contract performance: account access, authentication, product features, entitlements, billing status, and support needed to provide Tropo. - Consent: optional first-party product analytics, optional push notifications, and any optional marketing or beta communications. - Legitimate interests: security, fraud prevention, abuse prevention, rate limiting, audit logging, service reliability, Sentry error diagnostics, debugging, and product safety. - Legal obligations: tax, accounting, payment-dispute, compliance, and legal-request handling where applicable. You may withdraw consent for consent-based analytics through the app's consent controls or your browser storage controls. Withdrawing consent does not affect processing that occurred before withdrawal. ## 6. Storage and Infrastructure Tropo's current architecture uses multiple stores and processors. We describe them plainly because no single storage claim covers the whole product. - Clerk: authentication, account sessions, and auth-related emails. - Railway: backend hosting and production database infrastructure. - Production relational database: Railway Postgres stores account records, Clerk identity mapping, entitlements, sessions, audit logs, billing linkage, consent-gated product analytics events in the analytics_events table, and other account-backed transactional records. - Product/model analytics SQLite: market snapshots, model probabilities, pipeline runs, and trade-decision artifacts are stored in an analytics SQLite database used by product/model pipelines. These records are product data, not user profile records. - Server-side JSON stores: the deployed API still uses per-user JSON files in the configured API data directory for trade-journal entries, edge-alert configurations, and Expo push-token registrations. - JSONL ingestion logs: first-party analytics ingestion and beta signup capture can append records to server-side JSONL files in configured data directories. - Product artifacts: generated market-intelligence artifacts are stored in report/artifact stores used by the product API. These are market/model outputs rather than user profile records. - Sentry: scrubbed error diagnostics and reliability telemetry. - Stripe: checkout, payment, subscription, and billing-portal processing when billing is configured. - Expo: delivery of optional push notifications to registered devices. - Cloudflare: web hosting/CDN/security for the web experience. Production account-backed data and consent-gated product analytics events use Postgres, and product/model analytics uses SQLite. Some file-based stores remain live, but they are not the whole data architecture. ## 7. Processors and Sharing We share personal information only as needed to operate Tropo, comply with law, or protect the service. Current processors and service providers include: - Clerk, for authentication, account sessions, and account emails. - Railway, for backend hosting and production database infrastructure. - Cloudflare, for web hosting, CDN, and security services. - Sentry, for scrubbed error diagnostics and reliability monitoring. - Stripe, for checkout, payment, subscription, and billing-portal processing when billing is configured. - Expo, for optional push-notification delivery. Tropo uses public and commercial market-data sources to generate market-intelligence views. Tropo does not send your account credentials or journal contents to Kalshi, and Tropo does not place orders with Kalshi or any other exchange. We may disclose information if required by law, subpoena, court order, or a valid governmental request, or if necessary to protect users, Tropo, or the public from harm, fraud, abuse, or security threats. ## 8. Cookies, Local Storage, and Tracking Tropo uses browser storage and cookies for: - Authentication sessions managed by Clerk. - Analytics consent state. - Local session identifiers used only after analytics consent. - Local UI preferences or app state. Tropo does not use Google Analytics, Meta Pixel, third-party ad trackers, or advertising cookies. Sentry error diagnostics are separate from analytics consent and are used only for reliability, debugging, and security. ## 9. Data Retention We retain personal information only as long as reasonably needed for the purposes described in this policy, unless a longer period is required by law, security, dispute resolution, fraud prevention, accounting, or backup integrity. Current retention practices are: - Account records, Clerk mapping, preferences, entitlements, billing linkage, journals, watchlists, alert configurations, and push-token registrations: retained while your account is active or until deletion is completed, unless a narrower feature-level deletion applies. - Push tokens: retained until you unregister the device token, delete your account, or the token is removed because it is no longer valid. - Consent-gated product analytics events stored in our database: retained as long as needed for the product analytics purpose, and deleted on account deletion or on request. - JSONL ingestion logs for analytics and beta signups: retained only as needed for operations, security, abuse prevention, launch-readiness review, and support workflows, then rotated or deleted according to operational need. - Audit and security logs: retained as needed for security, abuse prevention, compliance, and service integrity. - Sentry diagnostics: retained according to the Sentry project retention settings and used only for reliability, debugging, and security. - Stripe billing records: retained as needed for subscription management, payment disputes, accounting, tax, and legal obligations. - Product/model analytics and generated market artifacts: retained as product records because they are market/model data rather than user profile data. When you request account deletion, Tropo deletes or de-identifies account-backed records where technically and legally feasible. Some processor, audit, backup, billing, or security records may persist for the limited purposes described above. ## 10. Your Privacy Rights Depending on where you live, you may have the right to: - Access the personal information we hold about you. - Correct inaccurate personal information. - Delete personal information. - Receive a portable copy of personal information you provided. - Object to or restrict certain processing. - Withdraw consent where processing is based on consent. - Opt out of sale or sharing for cross-context behavioral advertising. - Limit use of sensitive personal information, where applicable. - Appeal a rights-request decision, where applicable. Tropo does not sell personal information and does not share personal information for cross-context behavioral advertising, so those opt-out rights are honored by default. To exercise rights, email support@tropoapp.com. We may need to verify your identity before fulfilling a request. We aim to respond within 30 days, or within the timeframe required by applicable law. ## 11. California Privacy Notice For California residents, the categories of personal information we may collect are: - Identifiers, such as email address, Clerk user identifier, IP address, device or session identifiers, and Stripe customer identifier where billing applies. - Internet or electronic network activity, such as pages viewed, features clicked after analytics consent, user-agent, timestamps, and service logs. - Commercial information, such as subscription status and Stripe billing linkage where billing applies. - Inferences or preferences you create inside Tropo, such as saved filters, alerts, watchlists, or journal entries. We use these categories for the business purposes described in this policy. We do not sell them. We do not share them for cross-context behavioral advertising. We do not knowingly collect or sell personal information of minors. ## 12. International Transfers Tropo is operated from the United States, and its providers may process information in the United States and other countries. If you access Tropo from outside the United States, your information may be transferred to, stored in, or processed in countries that may not provide the same level of data protection as your home jurisdiction. Where required, we rely on appropriate safeguards, such as contractual protections, processor commitments, and other lawful transfer mechanisms. ## 13. Security We use technical and organizational measures designed to protect information, including TLS in transit, authentication through Clerk, least-privilege operational practices, rate limiting, audit logging, Sentry scrubbing, and separation between public product artifacts and account-backed user data. No internet service can guarantee absolute security. If you believe your account or data has been compromised, contact support@tropoapp.com. ## 14. Children's Privacy Tropo is not directed to children under 13, and it is not intended for children under 16 in jurisdictions where a higher age threshold applies. We do not knowingly collect personal information from children. If you believe a child provided personal information to Tropo, contact support@tropoapp.com and we will take appropriate action. ## 15. Complaints If you are in the EEA, United Kingdom, Switzerland, or another jurisdiction with a data-protection authority, you may have the right to lodge a complaint with your local supervisory authority. We ask that you contact us first so we can try to resolve the issue directly. ## 16. Changes to This Policy We may update this policy as the product, infrastructure, law, or processors change. If we make a material change, we will update the effective date and provide notice where required by law or where the change materially affects how we process personal information.