Legal

Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Myron (“Myron,” “we,” or “us”) collects, uses, and shares information when you use the Service at heymyron.com. It applies to all users of the Service. Defined terms not defined here have the meanings given in our Terms of Service.

1. Information We Collect

a. Account information

When you create an account, we collect a unique account identifier from Firebase Authentication, your email address, and (optionally) your display name. If you sign in via a third-party identity provider such as Google, we receive your name and email from that provider. We collect a mobile phone number only if you actively opt in to SMS notifications.

b. Portfolio inputs

You may provide information about your equity positions — ticker symbols, share quantities, cost basis, and contract counts — and your filter preferences (target delta, days-to-expiry window, minimum premium, notification schedule, timezone). This data is processed by the screener to surface options contracts that match the filters you have set.

c. Brokerage data via SnapTrade

If you connect a brokerage account through SnapTrade, we receive: (i) account metadata (broker name, internal account identifier, masked account number), (ii) your equity holdings (symbol, quantity, average cost), and (iii) your existing options positions (option symbol, strike, expiration, contracts, average price). We also store an encrypted SnapTrade user secret used to authenticate subsequent requests.

What we do not receive: your brokerage username or password, your full account number, your bank or funding details, your transaction history beyond covered-call positions, or any non-options trading activity. Authentication happens directly between you and your broker through SnapTrade's flow; we never see your credentials.

d. Trading activity

We log screener results we have surfaced to you, orders you have routed to your broker through the Service, outcomes you record (or that we infer from brokerage sync), and SMS trade-confirmation records (phone number, message ID, confirmation code, status).

e. Payment information

Payments are processed by Stripe, Inc.. We store only your Stripe customer identifier and your subscription state. We never see or store credit card numbers, bank account numbers, CVVs, or full billing details.

f. Usage and technical data

We log basic technical information including IP address (used for rate limiting and abuse prevention), error logs, and high-level usage events (e.g., feature use). We do not run third-party advertising, analytics, or behavioral tracking SDKs. We do not place advertising pixels or fingerprinting scripts.

g. Cookies

We use only an essential authentication-session cookie. It is required for the Service to recognize you between requests and cannot be disabled while you are signed in. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

2. How We Use Your Data

We use the data we collect to:

  • Operate the Service. Authenticate you, store your inputs, and run the screener against options data using the filter parameters you have set.
  • Route orders on your instruction. Transmit individual orders, only when you have explicitly confirmed each one, to your broker through SnapTrade.
  • Send notifications. Deliver email or SMS messages you have opted in to receive (screener summaries, trade-confirmation prompts, outcome notices).
  • Process payments. Manage your subscription, billing, and tier through Stripe.
  • Maintain security. Detect and prevent fraud, abuse, and unauthorized access.
  • Comply with law. Respond to lawful requests, enforce our Terms, and meet regulatory and tax-record obligations.

3. No Automated Decision-Making About You

The Service does not profile users, infer your risk tolerance, classify you by behavior, or make automated decisions that produce legal or similarly significant effects about you. The screener applies the filter parameters you set — it does not adapt itself to you, score you, or decide anything about you.

We do not use your data, screener inputs, or trading activity to train machine-learning models.

4. How We Share Your Data

We share data only as described below and only with parties that are contractually obligated to use it for the limited purposes we specify.

Service providers

We engage the following service providers to operate the Service. Each is bound by a contract limiting their use of your data to providing services to us:

  • Firebase (Google)user authentication and account identifiers.
  • Stripebilling, subscription management, payment processing.
  • SnapTradebrokerage connectivity and order routing.
  • Polygon.iomarket data; we send only ticker symbols, no personal data.
  • Resendtransactional and notification email delivery.
  • TwilioSMS delivery for users who have opted in.
  • DigitalOceanapplication hosting and database infrastructure.

For legal reasons

We may disclose data when we believe in good faith that disclosure is required by law, by a valid subpoena or court order, or to protect the rights, property, or safety of Myron, our users, or the public.

In a business transaction

If we are involved in a merger, acquisition, financing, reorganization, or sale of assets, user data may be transferred as part of that transaction. We will notify users of any such transfer that materially changes how their data is handled.

We do not sell or “share” your personal information for cross-context behavioral advertising, monetary or other valuable consideration, as those terms are defined under the California Consumer Privacy Act / California Privacy Rights Act.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data, including:

  • AES-256-GCM authenticated encryption at rest for SnapTrade user secrets
  • TLS 1.2+ encryption in transit for all client and server-to-server communication
  • Firebase-managed credentials and signed session tokens for authentication
  • Per-route rate limiting to throttle abuse
  • Cryptographically signed webhook payloads from Stripe and Twilio
  • A segregated cron secret for scheduled job authentication
  • Least-privilege database access and isolated production infrastructure

No system is perfectly secure. We cannot guarantee absolute security and you use the Service at your own risk. You are responsible for keeping your account credentials and SMS-receiving device secure.

6. Data Breach Notification

If we learn of a breach affecting personal data, we will notify affected users without undue delay and in any case within the timelines required by applicable law — including 72 hours for users covered by the EU/UK General Data Protection Regulation, and the timelines required by California Civil Code § 1798.82 and other state breach-notification statutes.

7. Data Retention & Deletion

We retain your account data for as long as your account is active. When you delete your account, we remove your personal data from active systems within 30 days. Encrypted database backups are retained on a rolling 60-day cycle and then purged.

Aggregated or de-identified data that cannot reasonably be used to identify you may be retained indefinitely. Tax and payment records are retained for the period required by law (typically seven years).

Your performance and trading history is treated as part of your account and is deleted with it. You may export your data before deletion by emailing [email protected].

8. Your Rights

Subject to applicable law, you have the right to:

  • Accessthe personal data we hold about you.
  • Correctinaccurate or incomplete data.
  • Deleteyour data and close your account.
  • Exporta portable copy of the data you provided.
  • Objectto processing for purposes other than providing the Service.
  • Withdraw consentfor any optional processing (such as SMS notifications) at any time.

You can exercise most of these rights directly in your account settings. For anything you cannot do yourself, email [email protected]. We will respond within the timelines required by applicable law (generally 45 days under the CCPA, with one 45-day extension if necessary; 30 days under the GDPR, extendable by two months for complex requests).

9. California Residents (CCPA / CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA”).

Categories of personal information we collect

In the 12 months preceding the date of this policy, we have collected the following categories of personal information (as defined in CCPA § 1798.140): identifiers (account identifier, email, phone if SMS opted in), commercial information (subscription tier, billing history), internet activity (basic usage events, error logs), geolocation (approximate, derived from IP for security purposes only), professional/financial information you voluntarily provide (positions, cost basis, brokerage holdings via SnapTrade), and inferences are not drawn (see Section 3).

Sources, purposes, and recipients

Sources: directly from you, from your authentication provider, and from SnapTrade and Stripe in connection with services you have authorized. Purposes: as described in Section 2. Categories of recipients: the service providers listed in Section 4.

Your CCPA rights

  • Right to know what personal information we collect, use, disclose, and (where applicable) sell
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information for cross-context behavioral advertising — we do not engage in either
  • Right to limit use and disclosure of sensitive personal information — we do not use sensitive personal information beyond what is necessary to provide the Service
  • Right to non-discrimination for exercising any of these rights

To exercise these rights, email [email protected]. You may use an authorized agent to make a request on your behalf; the agent must provide written authorization and we may require you to verify your identity directly. We will not retaliate against you for exercising any CCPA right.

10. EU/UK Residents (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, the EU/UK General Data Protection Regulation applies to our processing of your personal data. The data controller is Myron, contactable at [email protected].

Lawful bases

  • Performance of a contract — to provide the Service you have signed up for (Article 6(1)(b))
  • Consent — for SMS notifications and any other optional communications (Article 6(1)(a))
  • Legitimate interests — for security, fraud prevention, and improving the Service in ways that do not override your rights (Article 6(1)(f))
  • Legal obligation — for tax, accounting, and lawful-request response (Article 6(1)(c))

International transfers

The Service is operated from the United States. Where we transfer EU/UK personal data to us or to U.S.-based service providers, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum) as the transfer mechanism, together with supplementary measures where appropriate.

Your rights

In addition to the rights listed in Section 8, you have the right to lodge a complaint with the data-protection supervisory authority in your country of residence. We respond to data-subject requests within 30 days, extendable by two months for complex cases as permitted by GDPR Article 12(3).

11. SMS Program & Carrier Disclosures

SMS is optional. You opt in by enabling SMS notifications in account settings and providing a U.S. mobile number. Your consent to receive SMS is not a condition of any purchase and not required to use the Service.

Message types: trade-confirmation prompts (containing a one-time confirmation code), order-execution confirmations, trade-outcome notices (expiration, assignment, etc.), and periodic screener summaries (no more than once per day, only on the schedule you select).

Frequency: message frequency varies by your activity and chosen schedule. Transactional confirmation messages are sent only in response to your actions; promotional summaries are capped at the cadence you selected.

Opt-out: reply STOP to any message, or change your notification method in settings. Reply HELP for help. Carriers are not liable for delayed or undelivered messages. Message and data rates may apply.

What we share with Twilio: your mobile number and message body, only for the purpose of message delivery. Twilio is contractually prohibited from using your number for any other purpose. We never sell or share your phone number with third parties for their own marketing.

Security note: trade-confirmation SMS contain trade details. Anyone with access to your phone may be able to view or respond. You are responsible for the security of your device and SIM, and you should opt out of SMS confirmations if your device may be accessible to others.

12. Cookies & Tracking

We use only an essential authentication-session cookie. We do not use advertising cookies, third-party analytics SDKs, fingerprinting, or behavioral tracking. We do not embed pixels or trackers from advertising networks.

Because we do not track you across sites or services, the “Do Not Track” and Global Privacy Control browser signals do not change our practices.

13. Children

The Service is for users 18 years of age and older. We do not knowingly collect personal information from children under 13 (or under 16 in the EU/UK). If you believe a child has provided personal information to us, please contact [email protected] and we will delete it.

14. International Users

The Service is hosted in the United States. By using the Service from outside the U.S., you understand that your data will be transferred to and processed in the U.S., which may have different data-protection laws than your country of residence. See Section 10 for our EU/UK transfer mechanism.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. For material changes we will provide notice by email and an in-app notice. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact

For privacy questions and data-subject requests: [email protected]. For EU/UK data-subject requests, you may also use [email protected]. For general support: [email protected].