Privacy Policy

Last updated: June 12, 2026

The short version

Your trading data exists to make your assistant better — nothing else. We don't sell it, we don't use it to train AI models, and the database itself enforces that no other user can ever read it.

1. What we collect

  • Account: your email address, and your password handled by our authentication provider (we never see it in plain text).
  • What you put in: trade imports (executions, P&L), journal notes, playbooks, setups, watchlists/favorites, knowledge-base entries, settings (including your preferred name and timezone if you set them), and your conversations with the assistant — including any chart images you attach.
  • Usage: AI message counts, token usage and computed cost per day (for limits and billing), and standard server logs (IP address, timestamps) kept briefly for security and debugging.
  • Integrations you connect: if you link Telegram for alerts, we store the chat ID needed to message you — nothing else about your Telegram account.

We don't use third-party advertising trackers or analytics pixels.

2. How we use it

To run the Service: generating your AI responses, replaying your trades against market data, firing your alerts, showing your own dashboards, enforcing usage limits, and fixing problems you report. That's the list.

We do not sell your data. We do not use your content to train AI models.

3. AI processing — what leaves our servers

When you chat with the assistant, the relevant context (your message, conversation history, and the data the assistant pulls for the answer — indicators, your journal/playbook excerpts, headlines) is sent to our AI model providers to generate the response. Our providers (currently xAI, and Anthropic/OpenAI for specific features) process this under API terms that do not permit training on your data. Attached images are processed the same way to answer your question.

4. Where your data lives

Data is stored with Supabase (on AWS, in the US), encrypted at rest and in transit (HTTPS everywhere). The application servers run on Railway; the websites are served by Cloudflare. Market data comes from licensed providers (e.g. Tiingo, Databento, Hyperliquid, Finnhub) — your personal data is not shared with them.

Isolation is enforced by the database, not just the application: every personal table carries row-level security, so queries physically cannot return another user's rows.

5. Who can see your data

  • You.
  • Other users: never (enforced at the database layer).
  • Our admin tools can see usage counts and costs per account — never your conversations, trades, or notes.
  • The founder/operator technically holds database administrator credentials, like the operator of nearly every hosted product you use. That access is treated as break-glass only — debugging an issue you've reported, or a legal requirement — and is never used to browse user content.
  • Authorities, only if legally compelled, and we'd push back on overbroad requests.

6. Retention & deletion

Your data stays as long as your account does. You can delete individual conversations from History anytime. To delete your account and everything in it, email support@traderpal.ai — row-level isolation means removing your user removes your rows everywhere, and we'll confirm when it's done. Server logs age out automatically.

7. Security

HTTPS everywhere, encryption at rest, database-enforced row-level security, optional two-factor authentication (Settings → Account & Security), rate limiting, and least-privilege internal access. No system is perfect; if we ever discover a breach affecting your data we'll notify you promptly.

8. Children

The Service is for adults (18+). We don't knowingly collect data from minors.

9. Changes

If this policy changes materially we'll notify you in-app or by email before the change takes effect. The "last updated" date above always reflects the current version.

10. Contact

Privacy questions or deletion requests: support@traderpal.ai.