Privacy Policy

TradeRefereeis a pre-trade discipline tool for traders (the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and the rights you have over it. The data controller is [the operator of TradeReferee — to become “TradeReferee LLC, a Wyoming limited liability company” once formed]. If you have any questions, contact us at [privacy@your-domain.com].

We collect only what the Service needs to function:

• Account data — your email address and authentication credentials, so you can sign in and we can secure your account.
• Trade and journal data you enter or import — the trades, notes, rules, and lessons you choose to record. You own this content; you can request a copy or its deletion at any time (see Your privacy rights).
• Rule and settings configuration — the thresholds and preferences you set for the pre-trade gate and your account.
• Payment data — handled by our payment processor (see below). We store a customer reference and subscription status; we never see or store your full card number.
• Technical and usage data — to deliver and secure the Service, our hosting and infrastructure providers (see below) process limited technical data such as IP address and browser type, and we keep minimal application logs of errors and key operations (which include your user ID). We do not use this for advertising or cross-site tracking.

We do not collect special-category data, and we do not ask for more financial information than you choose to enter yourself.

• To provide, operate, and secure the Service.
• To run the features you use — the pre-trade gate, journal, lessons library, and analytics on your own data.
• To process your subscription and free trial.
• To send essential service communications (for example, sign-in, security, and billing notices).
• To diagnose problems, prevent abuse, and meet our legal obligations.

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases: performance of a contract (to provide the Service you sign up for), legitimate interests (to keep the Service secure and reliable, balanced against your rights), consent (where required, which you may withdraw at any time), and legal obligation (for example, tax and accounting records).

We use a small number of trusted providers to run the Service. Each processes data only on our instructions and under its own privacy and security commitments:

• Supabase — database, authentication, and file storage (your account and journal data). Privacy policy.
• Stripe — payment processing and subscription billing. Stripe handles your card details directly; we do not store them. Privacy policy.
• Vercel — application hosting and content delivery. Privacy policy.
• Finnhub — market-data provider used to show quotes and indicators in the pre-trade gate. It receives only the ticker symbol being looked up — never your identity or any personal data. Privacy policy.

We do not sell or rent your personal data, and we do not share it with third parties for their own marketing. We will update this list whenever we add or change a sub-processor.

Our providers may process data in the United States and other countries. Where personal data is transferred out of the EEA or UK, that transfer is covered by appropriate safeguards — principally the European Commission’s Standard Contractual Clauses — so your data keeps an equivalent level of protection wherever it is processed.

We keep your personal data for as long as your account is active. When you ask us to delete your account, we delete or irreversibly anonymize your personal data within 30 days, except where we must retain limited records longer to meet legal, tax, or fraud-prevention obligations.

Depending on where you live, you have some or all of these rights over your personal data:

• Access — get a copy of the data we hold about you.
• Correction — fix data that is wrong or incomplete.
• Deletion— ask us to erase your data (“right to be forgotten”).
• Portability — receive your data in a portable format.
• Objection and restriction — object to or limit certain processing.

California residents (CCPA/CPRA): you have the right to know, delete, and correct your personal information, and to be free from discrimination for exercising these rights. We do not sell or shareyour personal information as those terms are defined under California law, so no “Do Not Sell or Share My Personal Information” action is required — but you may still contact us with any request.

To exercise any right, email [privacy@your-domain.com]. We will acknowledge your request and respond within the timeframe required by applicable law — and within 30 days for deletion. We may first need to verify your identity to protect your account.

Data is encrypted in transit (HTTPS) and at rest by our infrastructure providers. Access to your records is enforced at the database level so that you can only ever read or modify your own data. We apply the principle of least privilege internally and review our controls regularly. No system is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a qualifying data breach as required by law.

We use only essential, functional cookies — to sign you in, keep your session secure, and remember in-app choices such as your selected trading account. We do not use advertising or cross-site tracking cookies. Because these cookies are strictly necessary to provide the Service, they do not require consent under applicable law.

The Service is intended for adults and is not directed at anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us at [privacy@your-domain.com] and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes we will update the “Last updated” date above and, where appropriate, notify you in the Service. Continued use after an update means you accept the revised policy.

Questions or requests about this policy or your data? Email us at [privacy@your-domain.com]. See also our Terms of Service.