Privacy Policy

PRIVACY POLICY KormaDesk — Summitstone Enterprises LLC Version: 2026-04-06 | Effective: April 6, 2026

1. INTRODUCTION

Summitstone Enterprises LLC (“Company,” “we,” “us,” “our”) operates KormaDesk at kormadesk.com (“Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service. By using KormaDesk, you agree to the collection and use of information in accordance with this policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide

  • Name and email address (at registration)
  • Billing information (processed by Stripe — we do not store card numbers)
  • Trade journal entries you create in My Edge
  • Notes, thesis, and annotations you attach to trades

2.2 Information Collected Automatically

  • IP address and browser user agent (logged at account creation and Terms of Service acceptance)
  • Pages visited and features used within the terminal
  • Login timestamps and session data

2.3 Information From Third Parties

  • If you register or log in using Google, we receive your name and email address from Google. We do not receive your Google password.

3. HOW WE USE YOUR INFORMATION

We use your information to:

  • Create and manage your account
  • Provide access to the KormaDesk terminal
  • Process payments through Stripe
  • Send transactional emails (membership confirmations, receipts, cancellations)
  • Analyze aggregate usage patterns to improve the Service
  • Comply with legal obligations
  • Enforce our Terms of Service

We do not sell your personal information to third parties. We do not use your information for advertising purposes.

4. MY EDGE — YOUR TRADE DATA

Your personal trade journal data (tickers, strategies, notes, P&L entries) stored in My Edge is:

  • Private to your account only
  • Never shared with other users
  • Never used to train AI models
  • Never sold or disclosed to third parties
  • Deletable upon account deletion request

Public share cards (if you choose to share a trade) are accessible via a unique URL. You control whether to share.

5. MARKET DATA AND THIRD-PARTY SOURCES

KormaDesk displays market data from third-party providers including Polygon, Unusual Whales, Finnhub, and Benzinga. These providers have their own privacy policies. We do not share your personal information with these data providers.

6. PAYMENT PROCESSING

All payments are processed by Stripe. We do not store your credit card number, CVV, or full billing details on our servers. Stripe’s privacy policy is available at stripe.com/privacy.

7. COOKIES AND LOCAL STORAGE

We use cookies and browser local storage to:

  • Maintain your login session
  • Store your terminal preferences
  • Authenticate API requests

We do not use tracking cookies or third-party advertising cookies.

8. DATA RETENTION

We retain your personal data for as long as your account is active. If you request account deletion:

  • Your WP user account is deleted
  • Your trade journal data is permanently deleted
  • Your billing records are retained for 7 years as required by law
  • Your ToS acceptance records are retained for 7 years

9. YOUR RIGHTS

Depending on your location, you may have the right to:

  • Access — request a copy of your personal data
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and personal data
  • Portability — request your trade journal data in a portable format
  • Opt-out — opt out of any non-essential communications

To exercise any of these rights, email us at support@kormadesk.com. We will respond within 30 days.

10. CALIFORNIA RESIDENTS (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information. To submit a request, contact support@kormadesk.com.

11. EUROPEAN USERS (GDPR)

If you are located in the European Economic Area, our legal basis for processing your data is:

  • Contract — processing necessary to provide the Service you subscribed to
  • Legitimate interest — security logging, fraud prevention
  • Consent — Google social login (you may withdraw consent by disconnecting Google)

Our data is stored on servers in the United States. By using the Service, you consent to transfer of your data to the US.

12. CHILDREN’S PRIVACY

KormaDesk is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us information, contact us at support@kormadesk.com.

13. SECURITY

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted passwords (WordPress bcrypt hashing)
  • Rate limiting and brute force protection (Wordfence, Loginizer)
  • API authentication via secure tokens
  • Redis session management

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

14. CHANGES TO THIS POLICY

We may update this Privacy Policy periodically. We will notify you of material changes by posting the new policy on this page with an updated effective date. Continued use of the Service after changes constitutes acceptance.

15. CONTACT

Summitstone Enterprises LLC Maryland, United States support@kormadesk.com kormadesk.com/privacy