Autotrader/
Sign in

Privacy Policy

Last updated: April 27, 2026

MaxMar (“we,” “our,” or “us”) operates the automated copy-trading platform available at trade.maxmar.ai(the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights with respect to your personal data. By using the Service, you agree to the collection and use of information as described in this Policy.

This Policy applies to personal data collected through the Service. It does not apply to third-party websites or services that may be linked from the Service, which have their own privacy policies.

1. What We Collect

We collect the following categories of personal data:

  • Account information: Your email address and a hashed (never plaintext) password, collected when you register. Optionally, a display name if provided.
  • Brokerage data (via SnapTrade):Once you connect a brokerage account, we receive and store account identifiers, positions, balances, and trade history provided by SnapTrade’s API. We hold an OAuth token for your brokerage connection — we do not store your brokerage username, password, or account number directly.
  • Strategy subscription data: The strategies you subscribe to, subscription start/end dates, and the brokerage account linked to each subscription.
  • Usage logs: IP address, browser user-agent, request timestamps, and error logs generated when you interact with the Service. These are used for security monitoring, debugging, and abuse detection.
  • Communications: Any messages you send to our support email (quinn@maxmar.ai), including the content and metadata of those communications.

We do not intentionally collect sensitive personal information such as government ID numbers, payment card data, health data, or biometric data. If you believe we have inadvertently received such data, contact us immediately.

2. How We Use Your Information

We use the information we collect to:

  • Operate the Service: Authenticate your account, display your portfolio positions and strategy subscriptions, and issue rebalance orders to your connected brokerage when a subscribed strategy rebalances.
  • Provide performance display: Show strategy performance data sourced from our performance tracking infrastructure.
  • Communicate with you: Send transactional emails (e.g., account verification, security alerts, material changes to these policies). We do not currently send marketing emails; if we begin doing so, we will obtain your consent as required by applicable law.
  • Improve the Service: Analyze usage patterns to fix bugs and develop new features. We use aggregated and anonymized data where possible.
  • Comply with legal obligations: Respond to lawful requests from law enforcement and government authorities, and to fulfill our obligations under applicable law.
  • Enforce our Terms of Use: Detect, prevent, and address fraud, abuse, or other violations.

3. Third-Party Services

We share data with the following third-party service providers as necessary to operate the Service. Each provider has its own privacy practices:

  • SnapTrade — Brokerage connectivity provider. When you connect your brokerage account, SnapTrade processes your brokerage credentials and OAuth tokens on our behalf. We share your SnapTrade user ID and the trading instructions generated by your subscribed strategy with SnapTrade. See SnapTrade’s Privacy Policy.
  • Neon — Our PostgreSQL database host (Neon Serverless Postgres) and authentication infrastructure (Neon Auth). Your account data, brokerage tokens, and subscription records are stored in Neon-hosted databases. See Neon’s Privacy Policy.
  • Railway— Cloud hosting provider for our backend services. Our API servers run on Railway’s infrastructure. See Railway’s Privacy Policy.
  • Vercel — Hosting provider for the Next.js frontend (this web application). See Vercel’s Privacy Policy.
  • vj-portfolio-tracker.vercel.app — A publicly accessible performance tracking tool from which we scrape strategy performance data. We do not share any personally identifiable information with this service; only public strategy identifiers are used.

4. Data Sharing and Disclosure

We do not sell your personal data to third parties. We share your data only as described in this Policy:

  • Service providers: As listed in Section 3, solely to operate and improve the Service.
  • Legal requirements: If required by applicable law, court order, subpoena, or regulatory demand, we may disclose your information to law enforcement or government authorities. Where legally permissible, we will attempt to notify you of such a disclosure.
  • Business transfers:In the event of a merger, acquisition, reorganization, or sale of all or substantially all of MaxMar’s assets, your personal data may be transferred to the acquiring entity. We will notify you of such a transfer via email and/or a prominent notice on the Service.
  • With your consent: We may share your data for any other purpose with your explicit prior consent.

5. Storage and Security

We take the security of your personal data seriously and implement the following technical and organizational measures:

  • Encrypted at rest:Data stored in our Neon Postgres database benefits from Neon’s storage-level encryption at rest.
  • Sensitive field encryption: Sensitive at-rest fields (such as SnapTrade OAuth tokens) are encrypted with FERNET symmetric encryption in addition to database-level encryption.
  • Authentication: User sessions are managed via JWT tokens issued by Neon Auth / Better Auth. Passwords are hashed and never stored in plaintext.
  • Brokerage credentials: We do not store your brokerage username or password. Your brokerage connection credentials are stored solely by SnapTrade. MaxMar holds only a scoped OAuth token for executing trades in your account.
  • TLS in transit: All communications between your browser and our servers are encrypted using TLS.

Despite our best efforts, no security system is impenetrable. We cannot guarantee absolute security of your data. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data (email, hashed password) is retained until you delete your account.
  • Brokerage connection data and strategy subscription records are retained while your account is active and for up to 90 days following account closure to allow for audit and dispute resolution.
  • Usage logs and server logs may be retained for up to 12 months for security and debugging purposes.
  • Aggregated or anonymized data from which individual users cannot reasonably be identified may be retained indefinitely.

Following the applicable retention period, we will securely delete or anonymize your personal data.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to our retention obligations and legal requirements.
  • Export / portability: Request a machine-readable export of your data.
  • California residents (CCPA): California residents have the right to know what personal data we collect, to opt-out of the sale of personal data (we do not sell personal data), and to non-discrimination for exercising their rights.
  • EU / EEA / UK residents (GDPR / UK GDPR): If you are located in the EU, EEA, or UK, you have additional rights including the right to object to processing, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at quinn@maxmar.ai. We will respond within 30 days (or the timeframe required by applicable law). We may need to verify your identity before processing your request.

8. Cookies and Tracking

We currently use minimal cookie and tracking technology:

  • Session cookie: A single first-party session cookie (app_session) is set by our authentication system when you sign in. This cookie is essential for maintaining your authenticated session and expires when you sign out or after a defined session timeout.
  • No third-party analytics: We do not currently use third-party analytics cookies (e.g., Google Analytics).

You can control cookie behavior through your browser settings. Disabling cookies may prevent you from using certain features of the Service, including logging in.

9. Children’s Privacy

The Service is not intended for, and we do not knowingly collect personal data from, individuals under 18 years of age. If we learn that we have inadvertently collected personal data from a minor, we will take prompt steps to delete that information. If you believe a minor has provided personal data to us, contact us at quinn@maxmar.ai.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page with a new “Last updated” date and by sending an email to the address associated with your account at least 14 days before material changes take effect (where practicable). Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

MaxMar is operated by QPG Consulting LLC. This document was last updated on April 27, 2026.