Privacy Policy

Last updated: 2026-05-26

This policy explains what the hosted IBKR Gateway service at ibkr-gateway.bogdanripa.com collects, why, how long it is kept, and your choices. If you self-host the open-source code on your own infrastructure, this policy does not apply — you control the data.

1. What we collect

Your Google account email, via Firebase Authentication, when you sign in. Used as your account identifier.
Your IBKR credentials, when you add a connection: username, password, and (for live accounts) the Authenticator App activation code (the base32 TOTP secret).
Connection metadata: your connection label, IBKR account ID, paper-vs-live mode.
OAuth client registrations and token records for AI hosts you authorize against the gateway.
Audit log entries for failed tool calls and authentication errors — including timestamp, source (oauth or apikey), scope, connection identifier, and IP address. Used to investigate breakage and abuse.

We do not collect personally-identifying information beyond your email and IBKR username, and we do not run any third-party analytics, advertising, or tracking pixels.

2. Where it is stored

IBKR credentials (username, password, Authenticator App activation code) are stored in Google Cloud Secret Manager, encrypted at rest under Google-managed keys. They never appear in our database, our logs, or any API response.
OAuth access tokens are stored as sha-256 hashes — never as the raw token. The raw token leaves the server exactly once, in the response body of the /oauth/token call that issued it.
Account, connection, OAuth client, and audit-log records are stored in Google Cloud Firestore inside a Google Cloud project we operate.

3. Retention

Audit log entries have a 14-day Firestore TTL — they are deleted automatically after that window.
Account, connection, and OAuth records persist until you delete them yourself from the console.
Deleting a connection also deletes its IBKR credentials from Secret Manager. Revoking an authorized app deletes the corresponding OAuth tokens from Firestore.

4. Sharing

We do not sell, rent, or otherwise share your data with third parties for their own purposes.
Google Cloud (Firestore, Secret Manager, Firebase Auth) acts as a sub-processor under Google's terms.
Interactive Brokers receives your IBKR credentials when the gateway signs in on your behalf — same as if you signed in yourself. The gateway uses IBKR's official Client Portal Web API and does not bypass any IBKR security control.
AI hosts you authorize (Claude, ChatGPT, Cursor, etc.) receive a scoped OAuth access token. They do not receive your IBKR credentials. They see only the data returned by tool calls they make — quotes, positions, orders, etc.

5. Cookies and local storage

Firebase Authentication sets cookies and local-storage entries in your browser to keep you signed in across reloads. These are necessary for the Service to function. We do not set any other cookies, and we do not use third-party tracking, analytics, or advertising cookies.

6. Your choices

Sign out at any time from the console.
Delete a connection at any time — its IBKR credentials are removed from Secret Manager as part of the deletion.
Revoke any authorized AI host from the Connected apps panel in the console.
Request full account deletion via the contact form. We will remove your account record, all your connections, all your OAuth records, and all Secret Manager entries tied to them.

7. Children

The Service is not directed to children under 16, and we do not knowingly collect data from anyone under 16. Do not use the Service if you are under 16.

8. Self-hosting

The Service is fully open-source. If you would rather not share IBKR credentials with us, run your own instance — same code, same MCP surface, same OAuth flow. See github.com/bogdanripa/ibkr-gateway for the deploy guide.

9. Changes to this policy

We may update this policy as the Service changes. The "Last updated" date above reflects the most recent revision. Material changes will be highlighted on this page.

10. Contact

Questions or deletion requests: use the contact form.