Privacy Policy

Last updated: April 2026

At TradeTracker we take our users' privacy seriously. This policy explains what data we collect, how we use it, and what your rights are.

1. Data controller

TradeTracker is currently operated by a natural person established in the European Union (France), in the process of business structuring.

The data controller will be updated once the corresponding legal entity has been formally incorporated.

For any privacy or data protection questions, you can reach us at: contact@usetradetracker.com

2. Data we collect

We collect the following data when you use TradeTracker:

Account data: email address and name (provided when you register or sign in with Google).
Trading data: the trades you import into the platform, including PnL, tickers, entry/exit prices, number of trades, and notes you add to your trading days.
Usage data: subscription plan, import counters, and application preferences (such as the selected visual theme).

Broker Verification-specific data (optional):

When you choose to verify your trading account using our Broker Verification feature (section 10), we also process and store:

Your broker/platform username (e.g. your PropReports username).
The platform subdomain (e.g. zimtra.propreports.com).
Trading account IDs and names you choose to sync.
Execution history (fills) returned by the broker's API: timestamps, tickers, prices, quantities, commissions, fill IDs.
Verification dates and metadata: when you verified, which period you covered.

What we NEVER store:

Your broker password. It is transmitted directly to the broker's API at the time of verification and discarded immediately after. It is not stored on our servers, nor in logs, nor in any cache.
Banking or card data. Managed exclusively by Stripe.

We do not collect any information beyond the above, nor any financial data other than what you import or verify voluntarily.

3. How we use your data

We use your data exclusively to:

Provide the trading analytics service (calendar, statistics, charts).
Sync your data across devices via the cloud.
Manage your account and subscription plan.
Fetch market data (sector, price, gap%) from Yahoo Finance to enrich your analytics.
Run the Broker Verification feature when you voluntarily activate it.
Generate performance certificates from your verified data when you request them.
Display your data on public leaderboards if you explicitly opt in.

We do not sell, rent, or share your personal or trading data with third parties for commercial purposes.

4. Legal basis for data processing

We process your personal data under the following legal bases, in accordance with the General Data Protection Regulation (GDPR):

Performance of a contract: to provide the TradeTracker service, including account management, storage of trading data, and access to platform features.
Consent: for optional features such as broker verification, participation in public leaderboards, generation of public certificates, or use of artificial intelligence features.
Legitimate interest: to improve platform security, prevent abuse, detect fraudulent activity, and improve service performance.
Compliance with legal obligations: when required to comply with applicable regulations.

5. Third-party services

TradeTracker uses the following third-party services to operate:

Supabase (database and authentication): stores your account and trading data. EU-based. Supabase Privacy Policy.
Google OAuth (sign-in): if you use "Sign in with Google", Google provides us your name and email. Google Privacy Policy.
Stripe (payments): handles Pro and Founder subscriptions. TradeTracker does not store your credit card data — Stripe manages it directly. Stripe Privacy Policy.
Yahoo Finance (market data): we query public market data (prices, sectors) to enrich your analytics. No personal data is sent to Yahoo.
Vercel (hosting): serves the web application. Vercel Privacy Policy.
PropReports (optional broker verification): when you activate the Verification feature, your request is transmitted directly to PropReports servers. PropReports Website.
Anthropic (optional AI features): when you use the Risk Assistant or AI Trade Coach, we send aggregated data (without PII) to Anthropic. Anthropic Privacy Policy.

6. Storage and security

Your data is stored on Supabase servers with the following security measures:

In-transit encryption (HTTPS/TLS) for all communications.
Row Level Security (RLS) in the database: each user can only access their own data.
Authentication via secure JWT tokens.
Passwords are stored with secure hash (bcrypt) — never in plain text.

Broker Verification-specific security:

Your broker password is transmitted exclusively over HTTPS/TLS to the broker's official API.
The password is never written to logs, never persisted in the database, and removed from memory immediately after obtaining the broker's session token.
The broker's session token (with an expiry of approximately 2 hours) only exists during active verification and is discarded upon completion.
We limit verifications to 10 attempts per hour per user to prevent abuse.

In addition, your trading data is temporarily cached in your browser's local storage (localStorage) to allow smooth use of the application. This data is cleared on sign-out.

7. Data retention

We retain your data while you maintain an active TradeTracker account. If you delete your account, we will delete all your personal and trading data within a maximum of 30 days.

Broker Verification data:

If you disconnect your broker account but keep your TradeTracker account: we retain historically verified trades, but we delete your username/subdomain/broker metadata within 7 days.
If you delete your TradeTracker account: all broker verification-related data is also deleted.

Generated certificates: certificates you have generated with verified data remain archived in your account until you request their deletion. The public verification URL (/verify/[hash]) is deactivated if you delete the certificate or your account.

8. Your rights (GDPR)

As a user, you have the following rights over your data:

Access: you can request a copy of all your data.
Export: you can export your trading data in JSON format from the application at any time.
Rectification: you can request correction of inaccurate data.
Erasure: you can request the full deletion of your account and all associated data.
Objection: you can object to the processing of your data at any time.
Portability: you can request your data in a structured, machine-readable format.
Consent withdrawal: you can withdraw your consent for optional features (broker verification, leaderboards) at any time from your account settings.

To exercise any of these rights, email us at contact@usetradetracker.com. We will respond within a maximum of 30 days.

9. Cookies and similar technologies

TradeTracker uses the browser's local storage (localStorage) to improve the user experience, including user preferences and temporary session data.

Additionally, we use analytics tools such as Google Analytics, which may collect information about your use of the platform (for example, pages visited, session duration, or interactions) in order to improve the service.

These tools may use cookies or other similar technologies. Where applicable, user consent will be requested when legally required.

Cookies necessary for third-party services such as Google OAuth or Stripe may also be set to allow sign-in and payments to function correctly.

We do not use cookies for advertising purposes.

10. Broker Verification (optional feature)

The Broker Verification feature allows you to confirm the authenticity of your trading data by connecting punctually to your broker's platform. This feature is completely optional and is activated only when you decide.

How it works:

You enter your broker credentials in a single verification session.
TradeTracker connects punctually to the broker's API, retrieves your executions for the selected period, and normalizes them into trade format.
Your password is discarded immediately upon completion of the verification. It is not persisted.
Verified trades are marked with the verification date. Trades after that date remain as "self-reported" until you verify again.

What you authorize by using this feature:

By activating Broker Verification, you expressly authorize TradeTracker to:

Use your credentials a single time per session to access the broker's API on your behalf.
Store the retrieved trades in your TradeTracker account with a "verified" flag.
Retain non-sensitive metadata (username, subdomain) to facilitate future verifications.

What you do NOT authorize:

TradeTracker will never use your credentials outside of the verification sessions you initiate.
TradeTracker will never execute trades in your account under any circumstance.
TradeTracker will never modify any data in your broker account.

Your responsibility:

You must ensure that your broker/prop firm's Terms of Service allow the use of this feature. Some platforms have restrictions on the use of credentials with third-party applications. TradeTracker is not responsible for potential consequences (including account suspension) arising from non-compliance with your broker's Terms of Service.

The user acknowledges and accepts that they enter their broker credentials under their sole responsibility. TradeTracker acts only as a technical tool for punctual connection with third-party APIs, with no relationship with said brokers or platforms. TradeTracker does not guarantee that the use of this feature is compatible with the Terms of Service of each broker or prop firm. The user is solely responsible for verifying such compatibility and for any consequences arising from its use, including potential restrictions, suspensions, or account closures by the broker.

11. Leaderboards and public content (optional feature)

If you choose to participate in public leaderboards, you authorize us to publish (only with your explicit opt-in):

Your username or alias (selectable in settings).
Your aggregated trading metrics: PnL, win rate, number of trades, profit factor.
Your verification status (verified / self-reported).
The date of your last verification.

You can configure the granularity (share % but not $, rank only, etc.) and withdraw from the leaderboard at any time. When you withdraw, your entry stops being published, but closed leaderboards that were already crystallized at the time of your participation may retain your entry as a historical archive.

12. Certificates with public verification

If you generate a performance certificate with verified data, it may include a QR code linking to a public landing page (usetradetracker.com/verify/[hash]) where anyone can confirm the authenticity of the certificate. The landing page shows only:

Trader's name (or alias).
Certificate period.
Certificate metrics.
Verification date.
Status: "Verified" or "Self-reported".

No additional information is shown and individual trades are not exposed.

You can delete a certificate at any time, which deactivates its public URL.

13. Minors

TradeTracker is not directed at persons under 18 years old. We do not knowingly collect data from minors. If we detect that a minor has registered, we will delete their account and data.

14. International data transfers

Although our main providers (Supabase, Vercel) have EU-based servers, some optional services (PropReports, Stripe, Anthropic) may process data in the USA or other jurisdictions. These providers comply with applicable legal frameworks (EU-US Data Privacy Framework, Standard Contractual Clauses).

15. Service status

TradeTracker is in an initial phase of development and continuous improvement. Some features may evolve, change, or be discontinued over time.

Likewise, the legal structure of the service may be updated as part of the process of growth and formalization of the activity.

16. Changes to this policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you through the application or by email with at least 15 days' notice for material changes. The last updated date appears at the top of this document.

If you have questions about this policy, contact us at contact@usetradetracker.com.