For educational and research purposes only — not investment advice.
Trading Agents Lab
Download
legal · privacy

Privacy Policy

Last updated: 2026-05-16

The short version.

Trading Agents Lab does not collect, store, or transmit any personal data. We have no servers that you talk to. We have no accounts, no email collection, no analytics, no telemetry, and no install pings. When you use the desktop application, the only outbound network calls go directly from your machine to the providers you configure.

What this policy covers.

This Privacy Policy covers (a) the marketing website at tradingagentslab.com (and any aliases), and (b) the desktop application Trading Agents Lab distributed via our GitHub repository.

The marketing website.

This site is a static export served from Cloudflare Pages. It uses:

  • No analytics. No Google Analytics, no Plausible, no Fathom, no Cloudflare Web Analytics. (Cloudflare edge-level request logs may exist on Cloudflare's side per their standard infrastructure. We do not access them and we have not enabled any analytics product on top of them.)
  • No cookies. The site sets zero cookies.
  • No third-party scripts. The only external asset is Google Fonts, which Next.js serves via its self-hosted font pipeline so the request stays on this domain at build time.
  • No forms. There is nothing to fill in. There is no newsletter, no contact form, no signup.

The desktop application.

The application runs on your machine. Outbound network calls are limited to providers you explicitly configure:

  • Your LLM provider. OpenAI, Anthropic, OpenRouter, Google Gemini, or a local model via Ollama / LM Studio. The API key lives in your operating system's keychain (macOS Keychain, Windows DPAPI, Linux libsecret) via Electron's safeStorage API. The key never transits any server we control because we do not operate any servers.
  • Your data provider. Yahoo Finance (default, no key needed) and Alpaca (if you configure keys; locked to data and paper-trading endpoints only).
  • Webhook receivers you configured. When a Diligence completes, the application POSTs the result to the URLs you set in Settings → Webhooks. URLs are treated as secrets: never logged, never echoed into the persisted History.
  • OpenRouter courtesy headers. If you use OpenRouter as your LLM provider, our adapter sends two HTTP headers (HTTP-Referer and X-Title) so OpenRouter can attribute traffic. This is their telemetry, our courtesy. Disabling it is a one-line code change in your fork.

What we store on your machine.

  • secrets.json: encrypted via OS keychain primitives. Holds API keys, webhook URLs, and similar credentials.
  • sessions.db: SQLite database of your previous Diligence runs. Local-only.
  • Local preferences (window size, last-used provider, sort order) in standard localStorage.

You can delete any of these files at any time; the application recreates an empty version on next launch. Settings → About in the app shows the absolute path to each.

Children.

Trading Agents Lab is not directed to children under 13 and we do not knowingly collect personal information from anyone because we do not collect personal information from anyone at all.

Changes to this policy.

We will update the "Last updated" date above when this policy changes. The full revision history is available in our public GitHub repository. Every change is in the git log.

Contact.

Privacy questions, security disclosures, or anything you think we should know: open an issue on our GitHub repository.

See also: Disclaimer · Terms of Use · Security & Privacy posture