Blotta Privacy Policy


Blotta ("we," "our," or "us") operates the Blotta mobile application (the "App"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our App. By using Blotta, you agree to the collection and use of information in accordance with this policy.

Last Updated: February 10, 2026

Data Sources

We collect data from the following sources:

  • Information you provide directly: Your name, email address, username, and profile photo, collected when you create an account through our authentication provider, Clerk.

  • Financial data via Plaid: When you choose to link an investment account, we use Plaid Inc. ("Plaid") to securely connect to your brokerage or financial institution. Plaid acts as an intermediary between your financial institution and our App. Your use of Plaid is subject to Plaid's own privacy policy, available at https://plaid.com/legal/#end-user-privacy-policy.

  • Usage data: We collect basic usage information to improve the App experience, such as which screens you visit and feature interactions.

What Data Is Accessed

When you connect an investment account through Plaid, we access the following data from your financial institution:

  • Investment transactions: Buy and sell orders, including ticker symbol, quantity, price, date, and transaction type.

  • Account metadata: Account identifiers, institution name, and account type (e.g., brokerage, retirement).

  • Securities information: Ticker symbols, security types (equity, ETF, etc.), and security identifiers associated with your transactions.

We do NOT access:

  • Your bank login credentials (username or password). These are handled entirely by Plaid and are never transmitted to or stored by Blotta.

  • Full account numbers. We only receive masked or partial account identifiers.

  • Non-investment accounts such as checking, savings, or credit card accounts.

What Is Stored vs. Not Stored

Stored:

  • Your user profile information (name, username, email, profile image URL)

  • Investment transaction history (ticker, amount, price, quantity, date, transaction type)

  • Derived analytics (position lots, performance calculations, leaderboard rankings)

  • Social data (followers, following relationships, kudos, comments, notifications)

  • Your privacy and visibility preferences

  • A secure access token provided by Plaid to retrieve your financial data (encrypted, stored server-side only)

NOT Stored:

  • Your bank or brokerage login credentials

  • Full account numbers

  • Social Security numbers or government-issued identification

  • Your Plaid public token (this is exchanged for a secure server-side token and immediately discarded)

How Your Data Is Used

We use your data for the following purposes:

  • Displaying your trades: Showing your approved investment transactions on your profile and in the social feed.

  • Performance analytics: Calculating portfolio returns and leaderboard rankings using a time-weighted return methodology.

  • Social and comparison features: Enabling you to follow other users, view a friends leaderboard, give kudos, and comment on trades. You control the visibility of your transactions (public, followers-only, or private) through your privacy settings.

  • Market insights: Aggregating anonymized, de-identified trading activity across all users to display trending tickers and market interest on the Explore page. Individual users are never identified in aggregate data.

We do NOT:

  • Sell your personal financial data to third parties.

  • Share your individual transaction data with advertisers.

  • Use your data for automated trading or financial advice. Blotta is an informational and social platform, not a financial advisor.

Data Retention and Deletion

  • Active accounts: Your data is retained for as long as your account is active and you maintain a linked investment account.

  • Disconnected accounts: When you unlink an investment account, we revoke the Plaid access token and mark the account as inactive. Historical transaction data is retained for your personal records but is excluded from the social leaderboard and public-facing features. No new data is fetched from disconnected accounts.

  • Account deletion: You may delete your account at any time from the Settings screen within the App. When you delete your account, we permanently remove all associated data from our systems, including:

    • All transaction records

    • Position and performance data

    • Social data (followers, following, kudos, comments, notifications)

    • Privacy settings

    • Your Plaid connection and access tokens

    • Your user profile from our authentication provider

    • Account deletion is immediate and irreversible.

Requesting deletion: You may also request account deletion by contacting us at the email address listed below. We will process deletion requests within 30 days

Third-Party Services

We use the following third-party services to operate the App:

Service, Purpose, Privacy Policy:

Plaid Inc: Secure connection to your financial institution for importing investment transactions (plaid.com/legal)

Clerk: User authentication, account management, and session security (clerk.com/legal/privacy)

Amazon Web Services (AWS): Cloud infrastructure hosting for our application servers and database (aws.amazon.com/privacy)

We do not share your personal financial data with any third parties beyond what is necessary to operate the services described above. We do not use third-party advertising or behavioral tracking tools.

Data Security

We take reasonable measures to protect your data, including:

  • All data is transmitted over encrypted connections (HTTPS/TLS).

  • Plaid access tokens are stored server-side only and are never exposed to client devices.

  • Authentication is handled via secure JSON Web Tokens (JWT) with session management provided by Clerk.

  • Database access is restricted to authenticated and authorized requests only.

  • No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights

You have the following rights regarding your data:

  • Access: You may view your transaction history, profile information, and privacy settings at any time within the App.

  • Deletion: You may delete your entire account and all associated data from the Settings screen, or by contacting us directly.

  • Correction: You may update your profile information (name, username, profile photo) through the App at any time.

  • Disconnect: You may unlink your investment account at any time from Settings > Manage Linked Accounts. This immediately stops all data collection from that account.

  • Privacy controls: You may adjust the visibility of your profile and individual transactions (public, followers-only, or private) at any time from your privacy settings.

Children's Privacy

Blotta is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete that information.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy within the App and updating the "Last Updated" date above. Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at:

Email: privacy@blotta.app