🔒 Privacy Policy

Last Updated: January 27, 2025

1. INFORMATION WE COLLECT

1.1 Information You Provide Directly

We collect information when you:

• Create an Account: Email address, password, name, and subscription preferences
• Use Our Service: Trading strategy data, performance metrics, TradingView webhook configurations
• Contact Support: Messages, support tickets, feedback, and correspondence
• Make Payments: Billing information processed securely through Stripe (we do not store payment details)

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Usage Data: Feature usage, session duration, click patterns, and user interactions
• Technical Data: IP address, browser type, device information, operating system
• Log Data: Access logs, error reports, performance metrics, and security events
• Cookies: Session management, preferences, and analytics (see Cookie Policy below)

1.3 Information from Third Parties

• TradingView Integration: Webhook alerts, strategy signals, and trading data you choose to send
• Authentication Providers: Google OAuth profile information (if you sign in with Google)
• Payment Processors: Transaction confirmation and billing status from Stripe

2. HOW WE USE YOUR INFORMATION

2.1 Primary Service Functions

We use your information to:

• Provide trading strategy performance tracking and analytics
• Process and analyze your trading data for performance metrics
• Generate reports, charts, and portfolio analytics
• Manage your account, subscription, and billing
• Provide customer support and respond to inquiries

2.2 Service Improvement and Development

• Analyze usage patterns to improve features and user experience
• Develop new features and functionality
• Conduct research and analytics on service performance
• Test and optimize our platform

2.3 Legal and Security Purposes

• Comply with legal obligations and regulatory requirements
• Protect against fraud, abuse, and security threats
• Enforce our Terms of Service and other policies
• Resolve disputes and legal claims

2.4 Communications

• Send service-related notifications and updates
• Provide technical support and customer service
• Send billing notifications and payment reminders
• Share important security or privacy updates

3. LEGAL BASIS FOR PROCESSING (GDPR)

For users in the European Union, we process your personal data based on:

• Contract Performance: To provide our Service as outlined in our Terms
• Legitimate Interests: Service improvement, security, and analytics
• Legal Compliance: To meet regulatory and legal obligations
• Consent: For marketing communications and optional features

4. INFORMATION SHARING AND DISCLOSURE

4.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Limited Sharing Circumstances

We may share your information only in these specific circumstances:

• Service Providers: Trusted third parties who help operate our Service (hosting, analytics, payment processing) under strict confidentiality agreements
• Legal Requirements: When required by law, court order, or legal process
• Safety and Security: To protect our rights, property, or safety, or that of our users
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification)
• Consent: With your explicit consent for specific purposes

4.3 Third-Party Service Providers

We work with these categories of service providers:

• Hosting: Vercel (infrastructure and deployment)
• Database: Supabase (data storage and management)
• Payments: Stripe (payment processing)
• Analytics: Usage analytics for service improvement
• Email: Resend (transactional email delivery)

5. DATA SECURITY AND PROTECTION

5.1 Security Measures

We implement comprehensive security measures including:

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access, multi-factor authentication, and principle of least privilege
• Infrastructure Security: Enterprise-grade hosting with SOC 2 compliance
• Database Security: Row Level Security (RLS), regular backups, and access monitoring
• Application Security: Regular security audits, vulnerability scanning, and code reviews
• Monitoring: Real-time threat detection and incident response procedures

5.2 Data Breach Response

In the event of a data breach, we will:

• Assess and contain the breach within 72 hours
• Notify relevant authorities as required by law
• Inform affected users if their data may have been compromised
• Provide guidance on protective measures users can take

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 Types of Cookies We Use

• Essential Cookies: Required for basic functionality, authentication, and security
• Performance Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and preferences

6.2 Cookie Management

You can control cookies through your browser settings. However, disabling essential cookies may affect Service functionality.

7. YOUR PRIVACY RIGHTS

7.1 Universal Rights

Regardless of your location, you have the right to:

• Access: Request a copy of your personal data we hold
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data ("right to be forgotten")
• Data Portability: Export your data in a structured, machine-readable format
• Account Closure: Delete your account and associated data

7.2 Additional GDPR Rights (EU Users)

• Processing Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Consent Withdrawal: Withdraw consent for specific processing activities
• Supervisory Authority: Lodge complaints with data protection authorities

7.3 Additional CCPA Rights (California Users)

• Know: Detailed information about data collection and sharing
• Delete: Request deletion of personal information
• Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

7.4 Exercising Your Rights

To exercise your privacy rights:

• Email us at: support@trackmystrategy.com
• Use the privacy controls in your account settings
• Contact our support team through the application

We will respond to valid requests within 30 days (or as required by applicable law).

8. DATA RETENTION

8.1 Retention Periods

• Account Data: Retained while your account is active and for up to 2 years after closure
• Trading Data: Retained for the duration of your subscription plus 7 years for legal compliance
• Support Data: Retained for 3 years to maintain service quality
• Log Data: Retained for 1 year for security and troubleshooting
• Billing Data: Retained for 7 years to comply with financial regulations

8.2 Deletion Procedures

When retention periods expire or upon your request, we securely delete data using industry-standard methods to ensure it cannot be recovered.

9. INTERNATIONAL DATA TRANSFERS

Your data may be processed in countries other than your residence. We ensure adequate protection through:

• Standard Contractual Clauses (SCCs) for EU data transfers
• Adequacy decisions by relevant data protection authorities
• Certification schemes and codes of conduct
• Service provider compliance with international privacy frameworks

10. CHILDREN'S PRIVACY

Our Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover we have collected information from a child under 18, we will delete it immediately.

11. CALIFORNIA CONSUMER PRIVACY ACT (CCPA)

11.1 Information Categories

In the past 12 months, we have collected these categories of personal information:

• Identifiers (email, name)
• Commercial information (subscription data)
• Internet activity (usage analytics)
• Professional information (trading strategies)

11.2 Business Purposes

We use personal information for these business purposes:

• Providing and improving our Service
• Customer support and communication
• Security and fraud prevention
• Legal compliance

11.3 No Sale of Personal Information

We do not sell personal information and have not sold personal information in the past 12 months.

12. PRIVACY POLICY UPDATES

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy on our website with a new "Last Updated" date
• Notify users of material changes via email or in-app notification
• Maintain previous versions for reference
• Allow reasonable time for review before changes take effect

13. CONTACT INFORMATION

13.1 Privacy Questions

For privacy-related questions or requests:

• Email: support@trackmystrategy.com
• Response Time: Within 30 days
• Data Protection Officer: support@trackmystrategy.com (EU users)

13.2 Supervisory Authorities

EU users may contact their local data protection authority:

• Find your authority: EDPB Member List