Privacy policy.
FM Alerts is a personal market-monitoring iOS app. This explains what data it handles, how it's used, and which services operate the product.
What information FM Alerts handles
Account information. Email and role for authentication. Access codes are validated server-side. No passwords are stored.
Authentication tokens. Stored locally after sign-in to keep you signed in; cleared on sign-out.
Alert rules & event history. Rules you create and the events they generate are stored in the backend database with status and delivery metadata.
Device push token. With your permission, an APNs token is registered and used only to deliver push via AWS SNS.
App preferences. Sound settings are stored locally on your device, not transmitted.
Market data. Prices, moves, and news are fetched fresh each session from third parties — not stored against your account.
What FM Alerts does not do
Third-party services
Each is used solely for product functionality, not advertising.
| Service | Purpose | Data involved |
|---|---|---|
| AWS EC2 / RDS | Hosts the backend API and PostgreSQL database in us-west-2. | All server-side data: rules, events, device tokens, accounts. |
| AWS SES | Delivers email alerts when a rule fires with email enabled. | Alert content and recipient email. |
| AWS SNS → APNs | Delivers push notifications to your iPhone. | APNs device token and alert content. |
| Alpaca Markets | Real-time equities snapshots for the watchlist and rules. | No user data sent — market data only. |
| Databento | CME Globex live streaming (GLBX.MDP3) for futures. | No user data sent — market data only. |
| Benzinga | News titles/teasers for sentiment scoring. | Ticker symbols only — no user data. |
| AWS CloudWatch | Infrastructure monitoring and alarms. | Server metrics only — no user data. |
| AWS Route 53 | DNS routing for fm-alerts.com. | No user data — DNS only. |
Data retention
Events are retained until manually deleted; stale failed events (>6h) are dropped from retry.
Device tokens persist until you sign out/in (refresh) or request removal.
Local preferences & auth tokens persist on-device until you sign out or delete the app.
Security
All app↔backend communication uses HTTPS (TLS). Credentials are validated server-side on AWS with appropriate access controls.
No sensitive credentials (API keys, secrets) are stored in the iOS app binary or sent to the client.
FM Alerts