Privacy Policy

1. Information We Collect

We collect information you provide directly to us, such as when you create an account, use our services, or contact us for support.

• Account information (email, name, password)
• Trading data you input into the journal
• Usage information and analytics
• Payment information (processed by Stripe)

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process transactions and send related information
• Send technical notices and security alerts
• Respond to comments, questions, and customer service requests
• Analyze usage patterns to improve user experience

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

• With your consent
• To comply with legal obligations
• To protect our rights and safety
• With service providers who assist in our operations (under strict confidentiality)

4. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. This includes:

• Encryption of data in transit and at rest
• Regular security assessments
• Limited access to personal information
• Secure hosting infrastructure

5. Data Retention

We retain your information for as long as your account is active or as needed to provide services. We may retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

6. Your Rights

Under GDPR and Austrian data protection law, you have the following rights regarding your personal information:

• Right of Access (Art. 15 GDPR): Request a copy of all personal data we hold about you
• Right to Rectification (Art. 16 GDPR): Correct any inaccurate or incomplete data
• Right to Erasure (Art. 17 GDPR): Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing (Art. 18 GDPR): Limit how we use your data
• Right to Data Portability (Art. 20 GDPR): Receive your data in a machine-readable format
• Right to Object (Art. 21 GDPR): Object to processing of your personal data
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with the Austrian Data Protection Authority

6a. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract Performance (Art. 6(1)(b) GDPR): To provide our trading journal services
• Legitimate Interest (Art. 6(1)(f) GDPR): For service improvement and security
• Consent (Art. 6(1)(a) GDPR): For marketing communications (where applicable)
• Legal Obligation (Art. 6(1)(c) GDPR): For tax and accounting requirements

6b. Data Transfers

Your data is primarily processed within the European Economic Area (EEA). When we use third-party services that may transfer data outside the EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

7. Data Protection Officer & Contact

For any questions regarding data protection, GDPR compliance, or to exercise your rights, please contact us:

8. Cookies and Tracking

We use essential cookies and similar technologies to provide our service. Under GDPR, we distinguish between:

• Essential Cookies: Required for service functionality (no consent needed)
• Analytics Cookies: Help us improve the service (consent-based)
• Preference Cookies: Remember your settings (consent-based)

You can control cookie settings through your browser preferences and withdraw consent at any time.

9. Third-Party Services

We use the following GDPR-compliant third-party services:

• Supabase: Database and authentication (EU-based infrastructure)
• Stripe: Payment processing (GDPR compliant, adequate safeguards)
• SendGrid: Email delivery (Standard Contractual Clauses)

All third-party processors have appropriate data protection agreements in place.

10. Children's Privacy

Our service is not intended for children under 16 years of age (GDPR minimum age). We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the data immediately.

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.