Privacy Policy
Last updated: April 30, 2026 · Version 1.0
Plain-English summary, then the formal text below.
TL;DR
- Your broker password never reaches us. The local agent reads files MT5 wrote. We don't ask for credentials, ever.
- We store your trade data (positions, equity, history) so the dashboard can show it back to you. Encrypted at rest. Per-user isolated.
- AI features send your trade context to Google's Gemini API or Anthropic's Claude API. You can use your own key (BYOK) instead.
- We don't sell your data. Ever. To anyone.
- You can export everything and delete your account anytime from your settings.
1. Who we are
TradingJournals AI is operated by [YOUR LEGAL ENTITY NAME], registered at [YOUR ADDRESS]. You can contact us at hello@tradingjournalsai.com for any privacy-related question.
2. What we collect
2.1 You give us directly
- Email address (required for account)
- Display name (optional)
- Profile photo (only if you sign in with Google)
- BYOK API keys (encrypted at rest using Google Cloud KMS — only you can decrypt them via the dashboard)
- Payment information (handled by Stripe; we never see your card number)
2.2 Your local agent uploads on your behalf
- Trading account metadata: broker server name, account login, account currency, account type
- Live state: balance, equity, margin, open positions, pending orders
- Trade history: closed trades with prices, sizes, P&L, SL/TP, comments, swap, commission
- Market data: indicator values, RSI, ATR, support/resistance levels (computed by the agent locally and forwarded)
What the agent does NOT collect: your broker password, your MT5 login credentials, files unrelated to trading, your screen contents, your keystrokes, or any data outside the MT5 Common\Files directory.
2.3 Automatic technical data
- IP address (for security and rate limiting; not stored long-term)
- Browser user-agent (for compatibility debugging)
- Authentication timestamps (for session security)
We do not use third-party trackers, advertising pixels, or behavioural analytics on the marketing site or dashboard.
3. How we use it
- Provide the service: show your data back to you on the dashboard, run AI features over it, generate reports.
- Improve the service: aggregate, anonymous statistics about which features are used. We never look at individual user trade data for product decisions.
- Communicate: account-related transactional emails (sign-in links, billing receipts, important notices). No marketing emails unless you opt in.
- Comply with the law: respond to lawful requests from authorities. We will notify you of any request unless legally prohibited.
4. Third parties we share data with
- Google Cloud / Firebase — hosts our infrastructure (database, compute, auth). Bound by Google's data processing agreement.
- Google Gemini API — receives the prompt + context for AI features (positions, history snapshots) when AI is generating a response. Google does NOT train on this data per their enterprise terms.
- Anthropic Claude API — same role as Gemini, used as a fallback / alternative.
- Stripe — handles all payments. We pass them your email + subscription status; they handle card data directly.
- Resend / Postmark — sends transactional email (sign-in links, receipts).
We do not share your trade data with brokers, prop firms, advertisers, or any other third party.
5. Where data is stored + how long
Your data is stored on Google Cloud servers in [YOUR FIRESTORE REGION]. We retain it as long as your account is active. If you cancel, we keep your data for 30 days in case you reactivate, then permanently delete it.
6. Security
- All connections use TLS 1.2+
- BYOK API keys are encrypted at rest with Google Cloud KMS
- Per-user data isolation enforced at the database layer (Firestore security rules)
- Local agent uses a hashed device token; raw token shown only once on pairing
- Two-factor authentication available via Google sign-in
7. Your rights (GDPR, CCPA, and equivalents)
Regardless of where you live, you can:
- Export all your data as JSON/CSV from your account settings
- Delete your account and all associated data permanently from your account settings
- Correct any data we hold by editing it directly in your settings
- Withdraw consent for AI processing by switching your plan to Free + BYOK or by not using the AI features
- Object to any specific processing by emailing us
For questions or to exercise any right, email privacy@tradingjournalsai.com. We respond within 30 days.
8. Children
The service is not intended for users under 18. We do not knowingly collect data from minors. If you believe we have, contact us immediately.
9. Cookies
We use only essential cookies needed for authentication (the Firebase session cookie). No analytics, advertising, or tracking cookies. No banner needed.
10. Changes to this policy
If we materially change this policy, we'll email all active users at least 14 days before the change takes effect. Old versions are archived in this page's git history.
11. Contact
Privacy questions: privacy@tradingjournalsai.com
General contact: hello@tradingjournalsai.com
This is a starting template. Replace bracketed placeholders ([YOUR LEGAL ENTITY NAME], [YOUR ADDRESS], [YOUR FIRESTORE REGION]) with your actual details. For a production launch, have a lawyer review this — it's a starting point, not legal advice.