StockHub Privacy Policy

Effective date: May 21, 2026 · Last updated: June 11, 2026

StockHub — Options Intelligence

iOS app · Bundle ID: work.stockhub.asi-ios · Available on the Apple App Store

StockHub is operated by John DeGraft-Johnson, an individual sole proprietor doing business as "ASI" with principal place of business in Maryland ("StockHub", "ASI", "we", "us", "our"). This Privacy Policy explains what personal information we collect when you use the StockHub mobile application or visit stockhub.work, how we use that information, who we share it with, and the choices you have. By using StockHub you agree to this Policy.

StockHub is not a registered investment adviser. Information shown in the app is for general informational purposes only and is not a recommendation to buy or sell any security. Past performance is not indicative of future results.

1. Information we collect

1.1 Information you provide

Account information — your email address and, optionally, a display name when you create a StockHub account. Authentication is handled by Microsoft Entra External ID; we receive a verified email and identity claim from Microsoft and never see your password, PIN, or multi-factor credential.
Brokerage connection — if you choose to connect a brokerage account, that brokerage operates the sign-in flow. We never see your brokerage username, password, PIN, or any multi-factor credential. The brokerage issues us a per-user access token that we use only to retrieve the data you authorized.
SMS notifications — if you opt in to text-message notifications (for example, agent approvals), we collect the mobile number you provide. SMS delivery is operated by Microsoft Azure Communication Services. You can opt out at any time in the app or by replying STOP to any message.
Support communications — if you email us, the contents of the email and your email address.

1.2 Information collected automatically

Diagnostic and crash data — when the app crashes or encounters an error, we collect anonymized diagnostic information (device model, operating system, app version, stack trace).
Product analytics — we use PostHog to record which screens you view and which features you use, in order to improve the product. PostHog stores this information on our behalf under a data-processing agreement. We do not use this data for advertising and you can opt out in the app settings.
Approximate location — derived from your App Store country or IP address. We do not collect precise GPS location.

1.4 AI-generated content

StockHub uses language models (including a self-hosted instance of Google's Gemma 3 model) to produce explanations, summaries, and educational content from public data such as SEC filings. Content generated by an AI model is labeled as such in the app and may contain mistakes; it is not investment advice. We do not send your personal information to any third-party AI service, and AI inputs and outputs from your session are not used to train external models.

1.3 Information we do not collect

We do not collect your contacts, photos, microphone audio, browsing history, health data, precise location, or biometric data. We do not run advertising trackers. We do not sell personal information.

2. How we use information

To provide and operate the StockHub app and stockhub.work.
To authenticate your account.
To retrieve and display data from a brokerage account you have connected, on your behalf.
To diagnose and fix software defects.
To respond to your support requests.
To comply with legal obligations, including the record-retention requirements imposed on us by third-party data providers (see Section 6).

3. Third-party data providers

StockHub displays data drawn from a number of third-party sources. The most material relationships are with the following providers, who have their own terms governing how their data may be used and how long it must be retained:

Your connected brokerage. Where the app supports a per-user brokerage connection, the related market and account data is licensed to you by your brokerage; we act as a conduit to display it inside the app. Data we receive from your brokerage is not redistributed to other users.
Market-data redistributors. Where the app shows market data that is not tied to your own brokerage account (for example, delayed equity and options quotes), that data is licensed to us by a redistributor such as Polygon.io under that vendor's terms, with display restrictions (including the delay) honored in the app.
Hosting and infrastructure. Microsoft Azure (data storage, compute, security, and Entra External ID identity); Microsoft Azure Communication Services (SMS delivery); Cloudflare (content delivery and DNS).
Product analytics. PostHog (usage analytics on our behalf under a data-processing agreement; opt-out in app settings).
Public-domain sources. The US Securities and Exchange Commission (EDGAR), the US Patent and Trademark Office, the Federal Reserve, the Bureau of Labor Statistics, and similar government sources.

A current list of data providers is available on request at john@stockhub.work.

4. How we share information

We share personal information only as follows:

Service providers. Vendors who operate infrastructure on our behalf (Microsoft Azure for hosting, Cloudflare for DNS and CDN, email delivery providers). These vendors are bound to process information only as we direct.
Legal compliance. When required by law, regulation, court order, or to protect the rights, property, or safety of StockHub, our users, or the public.
Brokerage data retention. Records of API requests and responses with your connected brokerage may be retained in line with that brokerage's commercial-agreement requirements (see Section 6).

We do not sell personal information. We do not share personal information with advertisers or data brokers.

5. Security

Brokerage access tokens are encrypted at rest in Azure Key Vault and in transit using TLS 1.2 or higher. Account credentials for StockHub itself are stored hashed using industry-standard algorithms. We do not store brokerage passwords or PINs at any time.

No system is perfectly secure. If we become aware of a security incident affecting your information, we will notify you within seventy-two (72) hours of confirming the incident and will follow the breach-notification requirements that apply to us.

6. Retention

We retain personal information for as long as your account is active and for the period required to comply with our legal and contractual obligations. In particular:

Brokerage API logs. Records of requests we make to your connected brokerage on your behalf, and the responses, are retained for eighteen (18) months in active storage and an additional three (3) years in archive storage (total 4.5 years), to comply with our brokerage data-license agreements.
Account data. When you delete your account, we delete or pseudonymize your account data within thirty (30) days, except for the retention-bound records above and any records we are required by law to keep.
Support correspondence. Retained for up to two (2) years to handle related follow-ups.

7. Your choices and rights

Account deletion. Email john@stockhub.work to delete your account. We will confirm and process the request within thirty (30) days, subject to the retention requirements in Section 6.
Disconnect brokerage. You can revoke our access to your brokerage account at any time through that brokerage's account settings. Revocation immediately disables the data-dependent features of the app.
Access and correction. You can request a copy of the personal information we hold about you, or ask us to correct inaccuracies.
Marketing opt-out. We do not send marketing email; if that changes you will be opted out by default.

Depending on where you live you may have additional rights under the California Consumer Privacy Act (CCPA), the European Union General Data Protection Regulation (GDPR), or similar laws. We will honor verifiable requests to the extent those laws apply to us.

8. Children

StockHub is not directed to children under the age of 18 and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, contact john@stockhub.work and we will delete it.

9. International users

StockHub is operated from the United States. If you use the app from outside the United States, your information will be transferred to, stored in, and processed in the United States, where data-protection laws may differ from the laws of your home country. By using the app you consent to that transfer.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of the Policy and, if the change is material, we will notify you through the app or by email. Continued use of the app after a change becomes effective constitutes acceptance of the updated Policy.

11. Contact

Questions about this Privacy Policy or how we handle your information:

Email: john@stockhub.work
Operator: John DeGraft-Johnson, sole proprietor d/b/a ASI / StockHub
Jurisdiction: State of Maryland, United States