Is Turning Tide a broker-dealer?

No. Turning Tide is an independent research terminal – we don't hold funds or execute trades. You use Turning Tide to decide what to trade, then place orders with your existing broker (Fidelity, IBKR, Schwab, Robinhood, etc.).

Where does the data come from?

Authoritative regulatory and market sources – SEC EDGAR for filings and ownership, the Federal Reserve and U.S. Treasury for macro and rates, FINRA for short interest and tape data, and the listed exchanges for prices, options flow, and off-exchange prints. Every chart cites its source on hover.

How is Turning Tide different from a $25k/year terminal?

Institutional terminals assume you already know what you're looking at – they hand you eight panels and wish you luck. Turning Tide pairs the same primary-source depth with a built-in education layer, so the learning curve is hours instead of months. You get the same data without the five-figure price tag.

How real is the backtester? Can I stress-test a strategy?

Yes. The Pro and Elite backtester supports in-sample / out-of-sample splits, rolling Sharpe, 1,000-path Monte Carlo, and walk-forward validation. No lookahead bias, no survivorship distortion – delisted tickers stay in the universe.

How is AI used in the product?

Our AI research engine powers per-ticker briefs, qualitative moat narratives, and pattern matches against historical setups. Elite gets a priority queue with higher rate limits than Pro. We never send your watchlists or portfolio to train models.

Can I cancel anytime?

Yes. Cancel from your account settings in one click. You keep access through the end of the billing period and owe nothing further. No phone calls, no retention offers.

How fresh is the data?

Paid tiers replace the Free tier's 15-minute delay with near-real-time quotes; full tick-level streaming is on the roadmap. SEC filings surface within ~90 seconds of EDGAR publication. Options data refreshes intraday today, with live streaming coming to Pro and Elite.

Is my payment information secure?

All billing runs through Stripe – we never see or store card numbers. Turning Tide is served over HTTPS with strict CSP headers, and auth is handled by Clerk with optional 2FA. No passwords ever hit our servers.

Privacy Policy

Effective June 3, 2026 · Turning Tide

This Privacy Policy describes how Turning Tide ("we," "us," "our") collects, uses, and shares information when you use Turning Tide at turningtide.io(the "Service"). It also describes your rights under applicable privacy law.

If you are in the European Economic Area (EEA) or United Kingdom, additional disclosures under the GDPR apply — see Section 10. If you are a California resident, additional disclosures under the CCPA/CPRA apply — see Section 11.

1. Information We Collect

1a. Information you provide directly

Account information — name, email address, and authentication credentials collected via Clerk when you create an account or sign in with a third-party provider (Google, etc.).
Billing information — payment card details and billing address collected by Stripe at checkout. We never see or store your raw card number — Stripe handles tokenization and PCI-DSS compliance on our behalf.
User-generated content — trade journal entries, notes, custom watchlists, alert configurations, and any other content you create within the Service.
Communications — emails or messages you send to our support address.

1b. Information collected automatically

Usage data — pages viewed, features accessed, search queries, click events, and session duration, collected via PostHog and Vercel Analytics.
Session recordings — PostHog session replay captures mouse movements, clicks, and scrolling behavior to help us identify usability problems. Sensitive inputs (passwords, card fields) are masked. You can opt out — see Section 8.
Device and browser data — IP address, browser type and version, operating system, referring URL, and screen resolution.
Error and performance data — crash reports, stack traces, and request timing collected via Sentry. Sentry captures the URL, user ID, and browser environment at the time of an error.
Cookies and local storage — see Section 7.

1c. Data processed by AI features

When you use AI-generated features (such as the pre-market brief or AI-assisted analysis), the relevant market context and, where applicable, your watchlist or preferences are sent to Anthropic's API to generate a response. We do not send your name, email, payment information, or raw journal entries to Anthropic. Anthropic's API usage is governed by Anthropic's privacy policy at anthropic.com/legal/privacy.

2. How We Use Your Information

We use the information we collect to:

Create and maintain your account, authenticate your identity, and deliver the Service.
Process subscription payments and manage billing through Stripe.
Personalize your experience — save watchlists, alerts, preferences, and journal entries.
Generate AI-assisted content (pre-market briefs, analytical summaries) using Anthropic's API.
Diagnose and fix errors using Sentry crash and performance reports.
Understand how the Service is used and improve features using PostHog and Vercel Analytics.
Send transactional emails — account confirmation, password reset, billing receipts, and service notices.
Enforce our Terms of Service and prevent fraud or abuse.
Comply with legal obligations.

We do not use your personal information to train third-party AI models, sell your data to advertisers, or share it for cross-context behavioral advertising.

3. Data Shared with Third Parties

We share data only with the vendors needed to operate the Service. The table below identifies each sub-processor, what data they receive, and why.

Vendor	Purpose	Data received	Policy
Clerk	Authentication and user identity	Email address, name, OAuth tokens, session metadata	Privacy policy
Supabase	Database and backend (US region)	All user-generated content: watchlists, alerts, journal entries, preferences, and account metadata	Privacy policy
Stripe	Payment processing	Email, billing address, payment card (tokenized — we never receive raw card data)	Privacy policy
PostHog	Product analytics and session replay	IP address, browser/device info, page views, click events, session recordings (sensitive inputs masked)	Privacy policy
Sentry	Error monitoring	IP address, browser info, URL at time of error, user ID, stack trace	Privacy policy
Vercel	Hosting and edge analytics	IP address, request logs, page view counts (aggregated)	Privacy policy
Anthropic	AI-generated content (pre-market brief, analytical summaries)	Market context and watchlist data sent per-request — no PII, no raw journal content	Privacy policy

We do not sell or rent your personal data to third parties for their own marketing purposes.

We may disclose your information if required by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights or the safety of others. In the event of a merger, acquisition, or sale of all or substantially all of our assets, user data may be transferred to the acquiring entity, subject to the same privacy commitments in this policy.

4. Data Storage and Security

User-generated content and account data are stored in Supabase in the United States (AWS us-east-2, Ohio). We do not currently offer EU data residency; transfers from the EEA/UK are addressed in Section 10.

We implement the following technical safeguards:

Encrypted connections — all traffic between your browser and our servers uses TLS (HTTPS). Plaintext HTTP connections are rejected.
Encrypted at rest — data stored in Supabase is encrypted at rest using AES-256.
Row-level security — database access policies ensure each user can read and write only their own records.
No plaintext passwords — authentication is handled entirely by Clerk. Your password is hashed and salted by Clerk and never transmitted to or stored by Turning Tide.
Access controls — production data access is limited to authorized personnel only.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security, but we will notify affected users without undue delay in the event of a data breach that poses material risk, and will comply with applicable breach notification laws.

5. Data Retention

Account data — retained for the duration of your account plus 90 days after deletion to allow reactivation and resolve disputes.
User-generated content — retained until you delete it or your account is deleted.
Billing records — retained for 7 years as required by accounting and tax law.
Analytics data (PostHog) — retained for up to 12 months, after which it is aggregated or deleted.
Error logs (Sentry) — retained for 90 days by default.
AI request data (Anthropic) — per-request context is not stored by us after the response is returned. Anthropic's own data retention policies apply to API logs on their infrastructure.

To request deletion of your data before the standard retention period expires, email hello@turningtide.io with the subject line "Data Deletion Request."

6. Children's Privacy

The Service is intended for users 18 years of age and older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has created an account or provided us with personal data, contact us at hello@turningtide.io and we will delete it promptly.

7. Cookies and Tracking

We use the following categories of cookies and local storage. We do not use third-party advertising cookies.

Strictly necessary — session authentication tokens set by Clerk (typically named __session and related Clerk cookies). Without these, you cannot stay logged in. These cannot be disabled without breaking the Service.
Functional — preferences such as theme settings, watchlist state, and UI layout stored in browser localStorage by the Service itself. No expiry date — cleared when you clear site data.
Analytics — PostHog sets a first-party cookie (ph_*) to persist a pseudonymous user ID across sessions and enable session replay. Vercel Analytics is cookieless and processes only aggregated data.

Managing cookies. You can control or delete cookies through your browser settings. Disabling analytics cookies (PostHog) does not affect your ability to use the Service — the strictly necessary Clerk cookies must remain enabled for authentication to work. To decline analytics and session recording, choose "Reject non-essential" or "Customize" in the cookie consent banner — reopen it anytime via the "Cookie preferences" link in the site footer. Your choice applies immediately.

8. Your Rights and Choices

Regardless of where you live, you can:

Access and export — export a copy of your saved data (watchlists, journal, alerts, and settings) at any time from your Account page using "Export All." For a complete copy of all personal data we hold, email us at hello@turningtide.io and we will respond within 30 days.
Delete your data — clear your locally-saved data at any time from your Account page. To permanently delete your account and all associated cloud data, email us at hello@turningtide.io and we will complete deletion within 30 days. Billing records are retained as required by law.
Correct inaccurate data — update your name and email in account settings or contact us.
Opt out of analytics — decline usage analytics at any time using the cookie consent banner, or by clicking "Cookie preferences" in the site footer to reopen it. Opting out takes effect immediately — no account or email required.
Withdraw consent — where we rely on consent as a lawful basis, you may withdraw it at any time without affecting the lawfulness of prior processing.

We do not charge a fee for exercising these rights and will not discriminate against you for doing so.

9. External Links

The Service may link to third-party websites (financial data sources, news outlets, regulatory filings). We are not responsible for the privacy practices of those sites. Review their privacy policies before sharing personal information with them.

10. GDPR — EEA and UK Residents

If you are in the European Economic Area or United Kingdom, the following additional disclosures apply under the General Data Protection Regulation (GDPR) and UK GDPR.

Controller. Turning Tide is the data controller for personal data processed through the Service. We are established in the United States and do not actively target the EEA or UK market. Should our processing activities come to require an EU or UK representative under GDPR Article 27, we will appoint one and update this policy.

Lawful bases. We process your personal data under the following lawful bases:

Contract — processing necessary to provide the Service you signed up for (authentication, content storage, billing).
Legitimate interests — error monitoring, fraud prevention, and product analytics, where our interests do not override your rights.
Legal obligation — retention of billing records.

International transfers. Your data is processed in the United States. Transfers from the EEA/UK to the US rely on Standard Contractual Clauses (SCCs) incorporated into our agreements with sub-processors (Supabase, Clerk, Stripe, PostHog, Sentry, Vercel, and Anthropic) where applicable.

Your GDPR rights. You have the right to: access your personal data; rectify inaccurate data; request erasure ("right to be forgotten"); restrict processing; receive your data in a portable format; and object to processing based on legitimate interests. To exercise any of these rights, contact us at hello@turningtide.io. You also have the right to lodge a complaint with your national data protection authority (e.g., the ICO in the UK, your national DPA in the EEA).

We will respond to GDPR rights requests within 30 days, extendable by a further 60 days for complex requests (we will notify you of any extension).

11. CCPA/CPRA — California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) give you the following rights in addition to those described above:

Right to Know — you may request that we disclose the categories of personal information we have collected about you, the purposes for which we collected it, and the categories of third parties with whom we share it.
Right to Delete — you may request deletion of your personal information, subject to certain exceptions.
Right to Correct — you may request correction of inaccurate personal information.
Right to Opt Out of Sale/Sharing — we do not sell your personal information, and we do not share it for cross-context behavioral advertising. Our analytics provider (PostHog) processes data solely as our service provider under contract, not for its own purposes. You can disable analytics at any time through the cookie consent banner.
Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information beyond what is necessary to provide the Service.
Right to Non-Discrimination — we will not discriminate against you for exercising any of these rights.

To submit a CCPA/CPRA request, email hello@turningtide.io with the subject line "California Privacy Request." We will respond within 45 days, with one 45-day extension where reasonably necessary.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the effective date at the top of this page and, where reasonably practicable, notify you by email or in-app notice at least 14 days before changes take effect. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

13. Contact and Data Deletion Requests

For privacy questions, data access requests, or data deletion requests:

Email: hello@turningtide.io

Mail: Turning Tide — postal address available on request by email.

We aim to acknowledge all requests within 5 business days and resolve them within 30 days (or the applicable legal deadline if shorter).

© 2026 Turning Tide · turningtide.io · Effective June 3, 2026