What we collect,
and why.

Alphadek collects the minimum data needed to run a verified track-record platform. This page explains what that means in practice: what we collect, where it lives, who else sees it, and how long we keep it.

Working draft · April 2026

I · Who we are

Alphadek, in plain terms.

Alphadek is a track-record platform where researchers commit predictions on tradeable assets and have them graded mechanically against the market. The platform is operated from the United Arab Emirates. This policy applies to everything at alphadek.xyz and any subdomain.

For privacy questions, data-export requests, or deletion requests, contact privacy@alphadek.xyz.

II · What we collect

Four categories, nothing else.

Account data

If you sign up, we collect your email address and the password you choose (stored as a one-way hash, never in plaintext). If you sign up using Google, we receive your email address, your name as Google knows it, and your Google account ID — no more. We do not receive your contacts, calendar, or any other Google-side data.

Researcher profile data

When you claim a handle, we store that handle and whatever display name, bio, specialty, and methodology you set. This is public by design — the whole point of Alphadek is that track records are visible. If you later change any of this, the previous values are not retained.

Prediction data

Every prediction you commit — asset, direction, magnitude, horizon, confidence, reasoning, any attached sources — is stored permanently and publicly. Once committed, nothing about a prediction can be edited or deleted. This is a structural feature of the platform, not a privacy accident. The methodology page covers why.

Subscription data

If you sign up for the Alphadek mailing list, we store your email address and the surface of the site where you signed up. We use this only to send the messages you subscribed to. You can unsubscribe at any time.

What we don't collect

We don't run any third-party analytics, advertising pixels, or behavioural-tracking scripts. No Google Analytics, no Meta pixel, no heatmap software. We keep server logs for debugging (IP address, browser user-agent, requested URL) and those logs are retained for no more than 30 days.

III · Cookies

One cookie. Strictly necessary.

Alphadek sets a single session cookie when you sign in. It exists so the server can recognize you on your next request and keep you signed in until you sign out. It contains no personal data beyond an opaque session identifier. Under GDPR, this is a "strictly necessary" cookie and doesn't require a banner. We don't set any other cookies.

If you sign in via Google, Google may set its own cookies as part of the sign-in flow. Those are governed by Google's own privacy policy, not ours.

IV · Where data lives

A single database in Frankfurt.

All Alphadek data — accounts, profiles, predictions, settlements — is stored in a single PostgreSQL database hosted by DigitalOcean in their Frankfurt (FRA1) region. We do not maintain backups outside that region at this time.

Requests to alphadek.xyz are served via Cloudflare's global network, which means Cloudflare processes the IP addresses and request headers of visitors as part of routing traffic. This is a standard CDN relationship and Cloudflare's own privacy policy covers what they do with that data.

V · Sub-processors

The short list.

A sub-processor is a third-party service that handles your data on Alphadek's behalf. The current list:

DigitalOcean

Hosts the database and application server in their Frankfurt data center. Sees all data that passes through the platform in the course of hosting it.

Cloudflare

Sits in front of the platform as a CDN and firewall. Processes IP addresses and HTTP headers from every visit.

Google

Only for users who sign in via Google. Receives the fact that you signed into Alphadek; in exchange we receive your email, name, and Google account ID.

We do not sell data. We do not share data with advertisers. We do not use data brokers. If this list changes, we will update this page and note the change in the version history.

VI · Your rights

What you can ask us to do.

You can ask us to:

Export your data. We'll send you a machine-readable copy of everything linked to your account, including predictions and settlements.
Correct inaccurate data. Mostly relevant for display name, bio, methodology — the editable parts of your profile.
Delete your account. Your account, profile, and sessions will be removed. Your committed predictions remain on the record but are anonymized — the handle is redacted, the reasoning text is removed, and the researcher badge shows as "Deleted researcher." This preserves the integrity of the record while honoring your wish to disassociate. Settlement history is retained in aggregate for audit purposes.
Object to processing. If you have a specific concern about how we handle your data, tell us and we'll address it.

All of these requests go to privacy@alphadek.xyz. We aim to respond within thirty days.

Why predictions persist after deletion

The methodology page explains that immutable, unedited predictions are a core feature. If deletion wiped out predictions, a researcher could avoid a losing streak by deleting and recreating. Anonymizing rather than erasing preserves the integrity of the track record without preserving any link to you.

VII · Age

Alphadek is not for minors.

Alphadek is not intended for users under 18 years of age. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, contact us and we will remove it.

VIII · Changes

How this changes.

We update this page when we add sub-processors, change how data is handled, or correct something. The "Last updated" line at the top of this page is the first place to look. Material changes will also be sent to the mailing list.

Past versions of this page are retained in our source control so you can see exactly what changed and when.