Privacy Policy

Last updated: 2025-12-26

This policy explains how Rebalancer (the "Service"), operated by Hasher Technologies LLC ("Hasher", "we", "us"), collects, uses, and protects your information.

Information We Collect

  • Account data: email, username, password (bcrypt-hashed).
  • API credentials: Public.com API keys (encrypted with AES-256-GCM).
  • Portfolio data: Account balances, positions, and holdings retrieved from Public.com.
  • Analysis data: Portfolio snapshots and AI-generated analysis results.
  • Technical data: Authentication cookies and standard server logs.

How We Protect Your Data

  • Passwords: Hashed using bcrypt (never stored in plain text).
  • API Keys: Encrypted using AES-256-GCM before storage.
  • AI Processing: Runs on our self-hosted infrastructure - your data is never sent to third-party AI services.
  • Connections: All data transmitted over HTTPS.

Cookies and Similar Technologies

We use essential cookies for authentication and session management. These cookies are necessary for the service to function properly.

  • Session cookies: Maintain your logged-in state.
  • Security cookies: Protect against cross-site request forgery.

Legal Bases for Processing

  • Contract: To provide and maintain your account and portfolio analysis.
  • Legitimate interests: To keep the service secure and prevent abuse.
  • Legal obligation: To meet regulatory requirements.

How We Use Information

  • Provide and maintain your account.
  • Retrieve and analyze your portfolio data from Public.com.
  • Generate AI-powered portfolio insights and recommendations.
  • Authenticate sessions via secure httpOnly cookies.
  • Prevent abuse through rate limiting and security monitoring.

Sharing

We do not sell your personal information. We do not share your portfolio data with third parties. Your data stays on our servers and is only used to provide the service to you.

We connect to Public.com's API using credentials you provide - this is a direct connection and we do not share your data with Public.com beyond what is necessary for API authentication.

Data Retention

We keep account data and portfolio snapshots while your account is active. When you delete your account, we delete all associated data including:

  • Your account and profile information
  • Encrypted API keys
  • Portfolio accounts and positions
  • All portfolio snapshots and analysis history
  • Session data

Your Rights

  • Access: Request a copy of your data.
  • Correction: Fix inaccurate information.
  • Deletion: Delete your account and all associated data.
  • Portability: Receive your data in a portable format.
  • Object or restrict: Limit certain processing.

California Residents (CCPA/CPRA)

We do not sell or share personal information as defined by California law. California residents can request access, deletion, or correction by emailing us. We do not discriminate for exercising your rights.

International Transfers

We are based in the United States and process data in the United States. If you access the Service from outside the United States, your information may be transferred to and processed in the United States.

Children

The Service is not directed to children under 18. If you believe a child provided us personal information, contact us and we will remove it.

Security

We protect your data with industry-standard encryption and secure storage. No method is perfect - use a strong, unique password and keep your API keys confidential.

Changes to this Policy

We may update this policy. If we make material changes, we will post the updated version here and update the "last updated" date.

Contact & Controller

Hasher Technologies LLC is the data controller for the Service. Contact us at contact@rebalancer.money or by mail:

Hasher Technologies LLC
155 Cherokee Place #1109
Cartersville, GA 30121