Data Compliance

Last updated: 2025-12-26

How Rebalancer handles data, security, and deletion. Rebalancer is operated by Hasher Technologies LLC.

Data Handling

  • We store account data (email, username, hashed password) and profile settings.
  • API keys are encrypted using AES-256-GCM before storage - we cannot read your keys.
  • Portfolio data is retrieved from Public.com using your API credentials.
  • Portfolio snapshots are stored to track analysis history over time.
  • AI analysis is performed locally on our infrastructure - data never leaves our servers.

Security

  • Passwords are hashed using bcrypt with secure salt rounds.
  • API keys are encrypted at rest using AES-256-GCM encryption.
  • All connections use HTTPS/TLS encryption in transit.
  • Rate limiting protects against brute force and abuse.
  • Email verification is required to activate accounts.
  • Sessions are managed securely with httpOnly cookies.

Encryption Details

Your sensitive data is protected using industry-standard encryption:

  • Passwords: bcrypt hash with cost factor 12
  • API Keys: AES-256-GCM with unique IV per encryption
  • Sessions: Cryptographically signed JWT tokens

We cannot decrypt your API keys without the server's encryption key, which is stored separately from the database.

Data Deletion

You can delete your account at any time from your account settings. Account deletion permanently removes:

  • Your account and profile information
  • All encrypted API keys
  • All portfolio accounts and position data
  • All portfolio snapshots and analysis history
  • All session data

Some server logs may be retained briefly for security and anti-abuse purposes, but contain no personally identifiable financial data.

Contact

For data requests or questions about our data practices, contact us at contact@rebalancer.money or by mail:

Hasher Technologies LLC
155 Cherokee Place #1109
Cartersville, GA 30121

See also our Privacy Policy and Terms of Service for additional details.