Legal document

Privacy Policy

Effective March 20, 2026Last updated March 20, 2026Version 1.0

Your privacy matters to us. This policy explains what data TraderStack collects, why we collect it, how it's used, and the controls you have over it. We do not sell your personal data to third parties.

Overview

TraderStack ("we," "our," "us") is committed to protecting your privacy. This Privacy Policy applies to all data collected through our website, web application, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

Our commitmentWe do not sell your personal data. We do not use your trade data for advertising. Your trading records are yours - we only process them to provide the Service to you.

What We Collect

Information you provide directly:

Data type	Description	When collected
Account info	Email address and password (hashed). Optional display name.	Registration
Trade data	Symbol, direction, entry/exit price, size, dates, P&L, and custom tags.	When you log trades
Journal entries	Free-form notes, reflections, and screenshots you attach to trades.	When you write
Rule stack	Trading rules, strategies, and criteria you define.	When you build rules
Billing info	Handled by Stripe directly. We only receive a payment token and subscription status.	When you subscribe
Support messages	Messages you send when contacting support.	When you contact us

Information collected automatically:

Data type	Description
Usage data	Pages visited, features used, time spent, and interaction patterns within the app.
Device info	Browser type, operating system, device type, and screen resolution.
Log data	IP address, access timestamps, error logs, and referring URL.
Cookies / tokens	Authentication session tokens and preference cookies. See the Cookies section.

How We Use Your Data

We use the data we collect for the following purposes:

To provide, operate, and maintain the Service, including processing your trade logs, journal entries, and analytics.
To manage your account, authenticate your identity, and process payments.
To send essential transactional communications such as account confirmations, password resets, and billing receipts.
To provide customer support and respond to your inquiries.
To detect, investigate, and prevent fraudulent activity, abuse, and security incidents.
To improve the Service, fix bugs, and develop new features based on aggregate usage patterns.
To comply with legal obligations and enforce our Terms & Conditions.

What we don't doWe do not use your trade data or journal entries to train machine learning models. We do not serve targeted advertising based on your trading activity.

Third-Party Services

TraderStack integrates with a small number of carefully selected third-party services. Each processes your data only as necessary to fulfil their function:

Supabase

Authentication provider and database host. Stores your account credentials and application data securely with row-level security.

Auth & DB

Stripe

Payment processing. Handles subscription billing and payment card data. We never store full card details on our servers.

Payments

Vercel

Cloud infrastructure and hosting. Serves the application and processes requests. Logs may include IP addresses for a limited retention period.

Infrastructure

Cookies & Tracking

TraderStack uses a minimal set of cookies and browser storage to operate the Service. We do not use cookies for advertising or cross-site tracking.

Cookie / storage	Purpose	Duration
Session token	Keeps you logged in securely. Required for the Service to function.	Session / 7 days
Preference storage	Remembers UI preferences such as sidebar state and theme settings.	Persistent
CSRF token	Security token to prevent cross-site request forgery attacks.	Session

You can control cookie preferences through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly.

Data Security

We implement industry-standard security measures to protect your data:

All data is transmitted over encrypted HTTPS connections.
Passwords are hashed and never stored in plaintext.
Database access is restricted using row-level security policies (Supabase RLS).
Payment data is handled exclusively by Stripe's PCI-DSS compliant systems.
We conduct periodic security reviews and address identified vulnerabilities promptly.

NoteNo method of transmission over the internet is 100% secure. If you believe your account has been compromised, contact us immediately at traderstack.contact@gmail.com.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service:

Account data is retained for the lifetime of your account, plus up to 30 days following deletion to allow for recovery.
Trade data and journals are retained while your account is active. You can export or delete your data from account settings at any time.
Billing records are retained for a minimum of 7 years as required by applicable tax regulations.
Server logs are retained for up to 90 days for security and debugging purposes, then automatically purged.
Support communications are retained for up to 3 years.

When you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete personal data.

Deletion

Request deletion of your personal data, subject to legal retention obligations.

Portability

Receive your data in a structured, machine-readable format via CSV export.

Objection

Object to our processing of your data in certain circumstances.

Restriction

Request that we restrict processing of your data in certain situations.

Withdraw consent

Withdraw consent for optional processing at any time without affecting prior processing.

Complaint

Lodge a complaint with the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, contact us at traderstack.contact@gmail.com. We will respond within 30 days.

Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child under 18 has provided us with personal information, we will take immediate steps to delete it.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us at traderstack.contact@gmail.com.

International Data Transfers

TraderStack operates primarily from the United States. If you are located outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate.

We take appropriate steps to ensure international transfers are protected in accordance with applicable data protection laws. Where required, we rely on standard contractual clauses approved by relevant data protection authorities.

Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify you by email where appropriate.

Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out:

TraderStack

Support: traderstack.contact@gmail.com

We aim to respond to all privacy-related inquiries within 5 business days, and to rights requests within 30 calendar days.