Onus

Privacy Policy

Last updated: 2026-06-12

Onus is a private, invite-only trading dashboard for personal use. Access is limited to approved members. This policy explains what data Onus collects, how it is stored and protected, and the third parties involved.

What we collect

  • Discord identity — your Discord username and user ID, received when you sign in with Discord (OAuth). Onus does not receive or store your Discord password.
  • Your trading data — the information you create in the app: trade journal entries, settings, risk configuration, and watchlists.
  • Connected-broker credentials — when you connect a broker (e.g. Tradovate, Alpaca, Kraken), Onus stores the OAuth tokens or API credentials needed to act on your behalf with that broker.

How it is stored

Your data is stored in a Neon Postgres database, keyed to your Discord ID, so each member only ever sees their own data. Broker OAuth tokens and API credentials are encrypted at rest with AES. Those credentials stay on the server — they are never sent to your browser and never transmitted to any third party other than the broker they belong to.

Data in transit

All communication between Onus and external services — Discord, your brokers, and market-data providers — travels over encrypted transport (TLS).

Third parties we use

  • Discord — for sign-in (authentication) and membership verification.
  • Brokers you connect — such as Tradovate, Alpaca, and Kraken. Onus sends orders and reads account data only for the brokers you explicitly connect.
  • Market-data providers — for quotes, options, and other market information shown in the app.

What we do not do

Onus does not sell or share your personal or financial data. Your information is used only to operate the dashboard for you. There is no advertising and no third-party analytics on your trading data.

Access control

Onus is invite-only. Sign-in requires both membership of the approved Discord server and inclusion on an explicit allowlist. Members who are removed lose access.

Deleting your data

You can disconnect any connected broker at any time from Settings, which removes its stored credentials. To request deletion of the rest of your data (identity, journal, settings, watchlists), contact the operator and it will be removed.

Changes to this policy

This policy may be updated as Onus evolves. Material changes will be reflected by updating the “Last updated” date above.