Your portfolio. Encrypted in your browser. Period.

Most platforms collect your positions and store them in plaintext. Kresmion does not. Your watchlist, your alerts, and your full portfolio are AES-256-GCM encrypted in your browser before any request leaves the device. We store the ciphertext; we do not hold the key. If our database were dumped tomorrow, your positions would still be opaque to whoever read it — including us.

What we collect at signup

Your name, username, email address, and a hashed password. That is all. We do not ask for phone numbers, addresses, employer, or any identity verification document.

What we encrypt client-side

Portfolio positions, watchlist tickers, and alert configurations. Encryption is AES-256-GCM. The key is derived from your password (or PIN, if you have set one) via PBKDF2 and never transmitted.

What we store on our servers

The encrypted blob for each user. Server-side security logs (site_visits + login_audit) for abuse detection. Operational telemetry (LLM call counts, scheduler health). No third-party trackers, no session recording, no heatmap tools, no analytics SDKs, no marketing pixels.

What we do not do

We do not sell your data. We do not share your data with advertisers. We do not build profiles on behalf of brokerages or data brokers. We do not embed cross-site trackers. We do not transmit your portfolio plaintext to anywhere outside your browser.

Account deletion

Within 24 hours of you clicking Delete Account, all data tied to your account is removed from our primary database. Backups age out within 30 days. The only exception is anonymous summary product-usage metrics with no user identifiers, which we retain for capacity planning.

Contact

Privacy questions: privacy@kresmion.com.