T
TradeStack
/ Legal

Privacy Policy

Last updated: February 1, 2026

This Privacy Policy explains how TradeStack ("we", "us") collects, uses, shares, and protects information when you use our Service. We respect your privacy and have built TradeStack to keep your trading data private and secure.

1. Information We Collect

Information you provide

  • Account data — name, email, profile picture (when signing in via Google), and any optional profile information.
  • Trading content — trade journal entries, P&L numbers, screenshots, emotion tags, notes, and community posts you create.
  • Communications — messages you send to support and to the AI Coach.
  • Payment data — billing details processed by Stripe. We never store full card numbers on our servers.

Information collected automatically

  • Usage data — pages viewed, actions taken, timestamps, device, browser, IP address.
  • Cookies and similar technologies — used to keep you signed in, remember preferences, and measure usage (see Cookies section).

2. How We Use Your Information

  • To operate the Service and personalize your experience.
  • To compute analytics on your trades and surface insights to you.
  • To send the AI Coach the minimal context it needs to provide useful feedback (your trade journal summary, mood logs). We never send your data to AI providers for the purpose of training their models.
  • To process payments and provide customer support.
  • To detect and prevent fraud, abuse, and security incidents.
  • To send service updates and, with your consent, marketing emails (you can opt out anytime).
  • To comply with legal obligations.

3. How We Store Your Data

Your data is stored in encrypted-at-rest databases (MongoDB) hosted by reputable cloud providers. Uploaded screenshots are stored in encrypted object storage and served only through authenticated backend endpoints. Communications between your browser and our servers are encrypted using TLS (HTTPS).

4. Cookies & Analytics

We use a minimal set of cookies and technologies:

  • Strictly necessary — session cookies that keep you signed in (HttpOnly, Secure, SameSite=None).
  • Preferences — remember your UI choices.
  • Analytics — aggregated usage measurement to improve the product. No third-party advertising trackers.

5. Third-Party Services We Use

  • Google — for sign-in (we receive email, name, and profile picture).
  • Stripe — for payments. Card details go directly to Stripe and are not stored by us.
  • OpenAI — to generate AI Coach responses. We send only the chat message plus a brief summary of your stats; we do not send personally identifying data beyond what is needed.
  • Finnhub — for live market data and news. No personal data is sent to Finnhub.
  • Emergent Object Storage — for trade screenshot uploads.

6. Sharing Your Information

We do not sell your personal information. We share it only with the third-party service providers above (under contractual safeguards), when required by law, or in connection with a corporate transaction (e.g., merger) with prior notice and continued protection of your rights.

7. Data Retention

We retain account and trading data for as long as your account is active. After account deletion, we delete or anonymize your personal data within 30 days, except where we are legally required to retain it (e.g., billing records for tax purposes).

8. Your Privacy Rights

Depending on your location, you may have the following rights:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data.
  • Deletion — request deletion of your data.
  • Portability — receive your data in a portable format.
  • Objection & restriction — object to or restrict processing.
  • Withdraw consent — for any processing based on consent.

To exercise these rights, contact privacy@tradestack.app. We will respond within 30 days.

9. Children's Privacy

TradeStack is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe we have, please contact us so we can delete it.

10. International Transfers

We may process your data in the United States and other countries. Where required, we use standard contractual clauses or equivalent safeguards for cross-border transfers.

11. Security

We implement reasonable administrative, technical, and physical safeguards (encryption in transit and at rest, principle-of-least-privilege access controls, audit logging, secure development practices). No system is 100% secure; please use a strong, unique password and enable multi-factor authentication where available with your sign-in provider.

12. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced via email or in-app notice. The "Last updated" date above reflects the latest revision.

13. Contact

Privacy questions or requests: privacy@tradestack.app.

Made with Emergent