Back to Home
Legal

Privacy Policy

Last Updated: December 1, 2024

1. Introduction

Trader Diary ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading journal service (the "Service"). Please read this policy carefully to understand our practices regarding your personal data.

By using Trader Diary, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Important: This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws. We are committed to transparency and giving you control over your personal data.

2. Data Controller

Trader Diary is the data controller responsible for your personal data. If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Contact Information

Email: privacy@traderdiary.com

Support: support@traderdiary.com

We aim to respond to all privacy-related inquiries within 30 days.

3. Information We Collect

3.1. Information You Provide

We collect information that you voluntarily provide when using our Service:

Account Information

  • • Email address (required for account creation and authentication)
  • • Name or display name (optional)
  • • Password (encrypted and hashed, never stored in plain text)

Trading Data

  • • Trade entries and exits (symbol, price, quantity, timestamps)
  • • Trade legs (multiple executions per trade)
  • • Profit and loss (P&L) information
  • • Stop loss and take profit levels
  • • Fees and commissions
  • • Market type (Forex, Stocks, Crypto, Futures)
  • • Trade direction (Long/Short)

Journal Entries

  • • Trading setup tags and strategy classifications
  • • Emotional state indicators
  • • Mistake categorizations
  • • Free-form notes and observations
  • • Post-trade reflections and lessons learned

Configuration Data

  • • Playbook definitions and trading strategies
  • • Account settings and preferences
  • • Notification preferences
  • • Theme and display preferences

3.2. Automatically Collected Information

When you use our Service, we automatically collect certain information:

Usage Data

  • • IP address and approximate location (country/region level)
  • • Browser type and version
  • • Device information (type, operating system)
  • • Pages visited and time spent on pages
  • • Date and time of access
  • • Referring website addresses

Technical Data

  • • Session identifiers and authentication tokens
  • • Error logs and performance metrics (for service improvement)
  • • Security audit logs (for fraud prevention and account security)

3.3. Information from Third Parties

We may receive information from third-party services:

Entry and close prices for trades are entered by you; we do not use third-party real-time market data providers.

4. How We Use Your Information

We use the information we collect for the following purposes:

Service Provision

  • • To create and manage your account
  • • To process and store your trade data
  • • To calculate performance metrics (win rate, R-multiple, expectancy, etc.)
  • • To generate reports, charts, and analytics
  • • To provide real-time market data integration
  • • To enable journaling and note-taking features

Communication

  • • To send you service-related notifications (account updates, security alerts)
  • • To respond to your support requests and inquiries
  • • To send you important updates about the Service (with your consent)
  • • To provide customer support

Security & Fraud Prevention

  • • To authenticate your identity and prevent unauthorized access
  • • To detect and prevent fraud, abuse, and security threats
  • • To maintain security audit logs
  • • To enforce our Terms of Service

Service Improvement

  • • To analyze usage patterns and improve our Service
  • • To fix bugs and technical issues
  • • To develop new features and functionality
  • • To optimize performance and user experience

Legal Compliance

  • • To comply with applicable laws and regulations
  • • To respond to legal requests and court orders
  • • To protect our rights and the rights of our users

We do NOT: Sell your personal data to third parties. Use your trading data for advertising. Share your journal entries with other users. Use your data for purposes other than those described in this policy.

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal bases:

Contract Performance

We process your data to provide the Service you requested and to fulfill our contractual obligations (e.g., storing your trades, calculating metrics).

Legitimate Interests

We process data for our legitimate business interests, such as improving the Service, preventing fraud, and ensuring security. We always balance these interests against your privacy rights.

Consent

For optional features (like marketing emails or analytics sharing), we obtain your explicit consent. You can withdraw consent at any time.

Legal Obligations

We may process data to comply with legal obligations, such as responding to court orders or regulatory requirements.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We only share your information in the following limited circumstances:

Service Providers

We share data with trusted third-party service providers who help us operate the Service:

  • Hosting Providers: Our database and application servers (we use PostgreSQL and cloud hosting services)
  • Currency conversion: Static exchange rates are used for displaying amounts in your preferred currency (no third-party market data)
  • Email Services: For sending service notifications and support communications

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to protect our rights, property, or safety, or that of our users.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

Important: We do not share your trading data, journal entries, or personal information with other users, advertisers, or data brokers. Your data remains private and confidential.

7. Data Storage and Security

7.1. Data Location

Your data is stored on secure servers. Depending on your location and our hosting infrastructure, data may be stored in the United States, European Union, or other jurisdictions. We ensure that appropriate safeguards are in place regardless of storage location.

7.2. Security Measures

We implement industry-standard security measures to protect your data:

Encryption

  • • All data transmitted between your device and our servers is encrypted using TLS/SSL
  • • Sensitive data (like passwords) is hashed using bcrypt before storage
  • • Database connections are encrypted

Access Controls

  • • Role-based access control ensures only authorized personnel can access user data
  • • Multi-factor authentication for administrative accounts
  • • Regular security audits and penetration testing

Infrastructure Security

  • • Secure database hosting with regular backups
  • • Firewall protection and intrusion detection
  • • Regular security updates and patches
  • • Monitoring for suspicious activity

Security Notice: While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your data to the best of our ability.

8. Data Retention

We retain your personal data for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

Active Accounts

We retain your data while your account is active. This includes all trades, journal entries, and configuration data.

Deleted Accounts

If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, regulatory, or security purposes (e.g., audit logs may be retained for up to 1 year).

Backup Data

Data in backups may be retained for up to 90 days after account deletion to ensure data recovery capabilities. After this period, backups are permanently deleted.

9. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal data. We are committed to helping you exercise these rights:

Right to Access

You can request a copy of all personal data we hold about you. You can also view most of your data directly in your account settings.

Right to Rectification

You can update or correct inaccurate data at any time through your account settings, or by contacting us.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. You can delete your account at any time, which will trigger deletion of your data (subject to legal retention requirements).

Right to Data Portability

You can export your data in a machine-readable format (CSV, JSON) at any time through your account settings or by contacting us.

Right to Object

You can object to processing of your data for certain purposes (e.g., marketing). You can manage these preferences in your account settings.

Right to Restrict Processing

You can request that we limit how we process your data in certain circumstances (e.g., while you contest data accuracy).

Right to Withdraw Consent

Where processing is based on consent, you can withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights: To exercise any of these rights, contact us at privacy@traderdiary.com. We will respond within 30 days. For account-related requests, you may also use the self-service options in your account settings.

9.1. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about what personal information we collect, use, disclose, and sell (we do not sell your data).
  • Right to Delete: You can request deletion of your personal information (subject to certain exceptions).
  • Right to Opt-Out: You can opt out of the sale of personal information (we do not sell your data, so this does not apply).
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve our Service:

Essential Cookies

These cookies are necessary for the Service to function:

  • Authentication: To keep you logged in and maintain your session
  • Security: To prevent fraud and protect against unauthorized access
  • Preferences: To remember your settings (theme, language, etc.)

These cookies cannot be disabled as they are essential for the Service to work.

Analytics Cookies (Optional)

If you opt in, we may use analytics cookies to understand how you use the Service and improve it. You can control these through your account settings. We do not use third-party advertising cookies or tracking pixels.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect Service functionality. For more details, see our Cookie Policy.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place:

  • • We use Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA
  • • We ensure that service providers in other countries maintain adequate data protection standards
  • • We comply with applicable data protection laws regardless of where data is processed

12. Children's Privacy

Trader Diary is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@traderdiary.com, and we will delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • • Posting the updated policy on this page with a new "Last Updated" date
  • • Sending you an email notification (if you have an account)
  • • Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For data protection inquiries from EU residents, you also have the right to lodge a complaint with your local data protection authority (DPA).