Privacy Policy

There are two places in the Harpy world where personal data could possibly exist: this marketing website, and the desktop application you install. They have very different data handling, so we treat them separately below.

The one-sentence version: the website collects your email if (and only if) you submit the apply form, and the desktop application doesn’t collect anything at all that we ever see. No analytics. No telemetry. No beacons. No fingerprints. No ad scripts. No third-party tags.

• Local-first. Every scanner, every piece of scanner output, every trade journal lives on your machine. We don’t have a server-side copy.
• Never a hidden tracker. If we add telemetry later, it will be opt-in, toggled off by default, named clearly in settings, and documented in this policy.
• One field, one purpose. The only field we store is the email you submit to the apply form, and its only purpose is to send you one invitation.
• Deletion on request, no interrogation. Ask us to remove your email, and we do. No retention ladder, no “please confirm via link,” no marketing-survival upsell.
• No sale, no sharing, no third-party enrichment. We never sell data. We never share it. We never run it through a third-party enrichment tool to learn more about you.

If you submit the “apply for invite” form, we store the email address you type. Nothing else is stored from that interaction — no name, no IP address, no country, no referrer, no browser fingerprint, no session ID. The submission is stamped with a UTC timestamp and the user-agent string your browser sent with the request, so we can spot obvious automation. That’s the full record:

{
  "email": "you@domain.com",
  "submitted_at": "2026-04-17T14:32:11.415Z",
  "user_agent": "Mozilla/5.0 (..)"
}

We use your email exactly once: to send you an invitation when a batch opens. We do not send newsletters, product updates, affiliate pitches, marketing mail, re-engagement campaigns, or anniversary emails.

There is a short-lived rate limiter for the apply form keyed by the client IP address. The IP is never written to disk; it lives only in memory and resets whenever the server restarts. Its sole purpose is to prevent one address from hammering the form.

Harpy runs entirely on your machine. Your credentials — broker API keys, wallet private keys, exchange tokens, Claude subscription session, Anthropic API key, Betfair username/password, and so on — are written to a plaintext .env file inside your per-user AppData directory:

%APPDATA%\Harpy-<Module>\.env

Those credentials never leave your machine through us. The Harpy scanner reads them, the Python code reads them, the Claude Code CLI reads them — all on your machine. No outbound request to our servers ever carries them. We couldn’t read them if we wanted to, because there is no Harpy server they flow through.

The desktop application writes additional files inside AppData — the operator journal, the trade log, the targets JSON, the per-market budget counter, and the lease license file. All of those are yours, editable by you, deletable by you, and invisible to us.

Each installer writes a cryptographically-signed, offline-validatable license file at:

%APPDATA%\Harpy-<Module>\license-<module>.json

On every launch the app verifies the signature and the expiry date. The verification is entirely local — no network request is made to our servers to check your lease. That’s why Harpy works offline, on planes, and behind locked-down corporate firewalls. The happy consequence from a privacy standpoint: we never learn when you open the app, how often you run it, what hours you keep, or which modules you actually use.

Harpy transmits data to third parties every time it calls an exchange or data API: Alpaca for stocks, Kraken for crypto, Polymarket, Kalshi, Betfair, The Racing API, Anthropic, and the Claude Code CLI, among others. Those requests go directly from your machine to those services using your credentials. We do not see, log, relay, or proxy any of that traffic.

Each of those services has its own privacy policy. We have no visibility into what they retain or share. Review their policies before you register an account and paste a key.

This site uses no cookies beyond what is strictly necessary to serve the page (effectively: none; the Next.js build output ships static HTML, CSS, and JavaScript).

We do not use Google Analytics, Plausible, Fathom, Simple Analytics, Matomo, or any other analytics service. We do not use Hotjar, FullStory, PostHog, or any other session-replay product. We do not embed Facebook pixels, Twitter pixels, LinkedIn pixels, or any other ad-network beacons. We do not fingerprint browsers.

If we ever add analytics, they will be opt-in, off by default, local to our own infrastructure, and clearly labelled. That is not the situation today, and we have no plan to change it.

Emails submitted to the apply form are kept in a simple append-only file on disk (applications.jsonl). If you decline an invitation or never respond, we age the address out at six months at the latest and delete it.

If you want your email deleted sooner, send a one-line request to the address shared with you at application. We will remove it, no further questions asked, and respond only to confirm deletion.

The marketing website is hosted on commodity infrastructure with TLS enforced, no admin panel exposed to the public internet, and no database — the applications file is not reachable over HTTP.

The desktop application itself runs in your user context and has the same filesystem reach you do. We recommend (and the installer will set up) a Windows Defender exclusion for the install directory to avoid false-positive quarantining of the PowerShell-launched scanner scripts. You can review those scripts at any time in the install directory.

Harpy is not intended for, marketed to, or usable by anyone under eighteen years of age. We do not knowingly collect information from minors. If you are under eighteen, do not submit an email, do not install the software, and please close this page.

Depending on where you live, you may have specific statutory rights over the personal data we hold about you — to know what we hold, to correct it, to have it deleted, to object to its processing, to restrict its processing, to receive a portable copy, or to lodge a complaint with a supervisory authority.

Because the only personal data we hold about you is an email address you voluntarily submitted, the practical form of those rights is simple: write to us and we delete it. We don’t operate a formal subject-access-request workflow, a data-portability export service, or a cross-border transfer mechanism. If your jurisdiction requires those instruments and your request reaches us, we’ll do the right thing by your statute’s intent.

We will disclose personal data we hold about you in response to a valid, legally-enforceable request from a law-enforcement or judicial authority with jurisdiction over us, and only to the extent required by that request. Because we hold at most one email address per applicant, the disclosure landscape is narrow.

We will not voluntarily disclose personal data to any third party, including any private investigator, credit bureau, marketing firm, data broker, employer, insurer, or ex-partner.

We may update this policy. The “last revised” date at the top is authoritative. We will never quietly introduce analytics, tracking, or expanded data collection; if anything changes materially, we will flag it here in plain English and — where appropriate — email the change to everyone on the applications list.

Questions, deletion requests, or data-rights requests go to the address shared with you at invitation. Requests marked DELETE in the subject line will be processed as a deletion request.