SID Technologies ("we", "us", "our") operates Torch, Statio, Denarius, JanusLedger, Pilum, and Scuta (collectively, "our products"). This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
The data we collect depends on which products you use and how you interact with them.
Account information• Email address (provided during signup or waitlist registration)
• Name and organization details (when you create an account)
• Authentication data managed through WorkOS
• Product usage analytics (feature usage, page views, session duration)
• Error logs and performance metrics
• Payment information processed securely through Stripe (we do not store card numbers)
• Subscription and invoice history
• OAuth tokens for connected third-party applications (Gmail, Slack, Notion, etc.)
• Search index data derived from your connected apps
• Content you create within Torch (documents, notes, tasks, wiki pages)
• Vaulted API credentials for your MCP servers (encrypted at rest)
• Audit logs of API calls made through the gateway
• MCP server configuration and access policies
• Portfolio data and holdings you configure
• Watchlists and screening criteria
• Analytics preferences and saved views
• Ledger entries and transaction data
• Account structures and chart of accounts
• Reconciliation records and audit trails
• Provide, maintain, and improve our products
• Process payments and manage subscriptions
• Send product updates and security notices
• Send marketing communications (only if you opt in)
• Monitor and improve product performance and reliability
• Comply with legal obligations
• We do not sell your personal data to anyone
• We do not share your data with third parties for their marketing purposes
• We do not use your product data to train AI models
• We do not provide your data to advertisers
We only share data with service providers who are necessary to operate our products (see Third-Party Services below), and only to the extent required for them to perform their services.
• All data is encrypted at rest and in transit
• Infrastructure hosted on Google Cloud Platform (GCP Cloud Run), US-based regions
• Credentials and secrets are stored using industry-standard encryption
• Access to production systems is restricted and audited
We use the following third-party services to operate our products:
• WorkOS — Authentication and identity management
• Stripe — Payment processing and subscription management
• Cloudflare — DNS, CDN, and website hosting
• Google Cloud Platform — Application hosting and data storage
Each of these providers has their own privacy policies and data handling practices. We encourage you to review them.
We retain your data for as long as your account is active or as needed to provide you with our services. You may request deletion of your account and associated data at any time by contacting us. Upon deletion:
• Account information is permanently deleted within 30 days
• Product data (documents, ledger entries, portfolio data, etc.) is permanently deleted within 30 days
• Backup copies are purged within 90 days
• Billing records may be retained as required by law
You have the right to:
• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of marketing communications at any time
For privacy-related questions or requests, contact us at [email protected].
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the effective date. Continued use of our products after changes constitutes acceptance of the updated policy.