Privacy Policy
This privacy policy describes how Caskey Coding (“we”, “us”, “the platform”), operated by Eric Caskey as a sole proprietor, collects, uses, and protects information about you when you use our applications hosted at caskeycoding.com and ericcaskey.com.
1. Who We Are
Caskey Coding is a personal software platform operated by Eric Caskey, a single individual. There are no other employees, contractors, or processors.
Contact: e@ericcaskey.com
2. What We Collect
We collect the following categories of information, only when you provide them or explicitly authorize us to access them.
Account information
- Email address (required for authentication)
- Display name (optional)
- Authentication credentials managed by AWS Cognito (we never see your password)
Information from third-party integrations you authorize
When you choose to connect a third-party account, we collect data from that account on your behalf:
- Fidelity (via Plaid): Investment account holdings, security identifiers, quantities, prices, cost basis, and (if you opt in) historical transactions. We use OAuth — we never see your Fidelity password.
- Garmin Connect: Activity data (workouts, distance, pace, heart rate), and optionally health metrics (sleep, body battery, stress). Connected via OAuth.
- CSV uploads: If you upload a portfolio CSV from your broker, we collect the position data in that file.
Automatically collected
- IP address and user agent (for security and to detect suspicious activity)
- Application usage logs (which pages and features you used, error events)
What we do NOT collect
- Browsing history outside this platform
- Location beyond approximate IP-derived region
- Contacts, calendar, or messages
- Biometric data
- Payment card numbers (we don't accept payments in the current version)
3. How We Use Your Information
We use your information solely to provide the analysis features you have requested:
- Render your portfolio dashboard
- Generate investment analysis and recommendations using AI models
- Generate marathon training recommendations from your activity data
- Detect and prevent security incidents
- Comply with legal obligations
We do not:
- Sell your data to anyone
- Share your data with advertisers
- Use your data to train AI models
- Use your data for any purpose other than the analysis you have requested
4. Who We Share Your Information With
We share data only with the third-party processors necessary to operate the platform:
| Processor | Data shared | Purpose |
|---|---|---|
| Amazon Web Services (AWS) | All platform data (hosted on AWS) | Hosting, compute, storage, authentication |
| Plaid Inc. | Your authorization (OAuth) to access your financial accounts | Connecting your financial accounts |
| Garmin International | Your authorization (OAuth) to access your activity data | Connecting your Garmin account |
| Anthropic | Analysis context (financial summaries, training data) used as input to LLM | Generating analysis and recommendations |
| Financial Modeling Prep | Stock ticker symbols only (no personal data) | Fetching market data |
Each processor operates under their own privacy policy and has been selected for their security posture and compliance with applicable privacy laws.
5. International Transfers
The platform is operated from the United States and hosted on AWS infrastructure in U.S. regions. If you access the platform from outside the U.S., your data will be transferred to and processed in the U.S.
6. How Long We Keep Your Information
Retention periods vary by data category. In summary:
- Account data: until you delete your account
- Financial holdings: rolling 90-day snapshot history; transactions for 2 years
- Activity data (Garmin): indefinite (your training history is the product)
- Generated analysis: 1 year
- Operational logs: 90 days
- Audit trail (pseudonymized): 7 years for security forensics
7. Your Rights
You have the following rights regarding your data. To exercise any of them, email e@ericcaskey.com. We respond within 30 days.
- Access — Receive a JSON export of all your data
- Correction — Update or correct your data
- Deletion — Delete your account and all associated data (subject to a small audit-trail exception)
- Withdrawal of consent — Disconnect any integration at any time
- Portability — Receive your data in a machine-readable format
If you are in California, you have additional rights under the CCPA. If you are in the EU/UK, you have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.
8. How We Protect Your Information
- All data is encrypted in transit (TLS 1.2+) and at rest (AWS KMS).
- Third-party access tokens are stored in AWS Secrets Manager and are never logged or exposed.
- Access to the production environment is restricted to the operator, who uses multi-factor authentication.
9. Children
The platform is not directed at children under 13 (or under 16 in the EU/UK) and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to This Policy
We may update this policy as the platform evolves. Material changes will be announced in-app and via email to active users at least 30 days before taking effect. The “Last updated” date at the top of this page always reflects the most recent revision.
11. Contact
Questions, requests, or complaints:
Eric Caskeye@ericcaskey.com
For data subject requests, please use the subject line “Data Subject Request” so we can prioritize the response within the 30-day window.