Privacy Policy

1. What We Collect

• Account data: email address, name, OAuth provider info.
• Trading data: trades, journal entries, notes, playbooks you create.
• Usage data: pages visited, features used (via PostHog and Google Analytics, anonymised where possible).
• Payment data: processed entirely by Stripe. We store only a Stripe Customer ID.

2. How We Use Your Data

• To provide and improve the Service.
• To send transactional emails (trial expiry, payment receipts, invite emails).
• To generate anonymised aggregate statistics (community benchmarks) — never tied to your identity.

3. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe — payment processing.
• Resend — transactional email delivery.
• PostHog / Google Analytics — product and website analytics.
• Sentry — error monitoring (anonymised stack traces).
• Team workspace members — if you join a team, your trades and journal key metrics are visible to other members per the visibility settings.

4. Team Visibility

Inside a Team workspace, members can see each other's trades, win rate, P&L, and journal activity. Dollar amounts can be hidden if "Hide $ amounts" is enabled. New members can have a privacy grace period (0–30 days) during which their data is hidden from others.

5. Data Retention

Your data is retained as long as your account is active. You can export or delete your data at any time. Deleted accounts are purged within 30 days.

6. Security

We use industry-standard encryption (TLS in transit, encrypted at rest on PostgreSQL). Passwords are hashed with bcrypt. We never log raw passwords.

7. Cookies

We use session cookies for authentication (NextAuth.js). No third-party advertising cookies.

8. Your Rights (GDPR / CCPA)

• Access, correct, or delete your personal data.
• Export your data (CSV export in Settings).
• Opt out of analytics by contacting us.

9. Contact

Privacy questions: [email protected].