Privacy Policy
TL;DR
- We collect what's needed to run the app: your email, the trades you log, screenshots you upload, and profile settings.
- We don't sell your data. Ever.
- We don't run advertising or third-party tracking.
- We use Supabase as our backend to store everything.
- You can delete your account and all your data anytime.
What we collect
Account info
- Email address
- Hashed password (we never see your actual password)
- Display name and username
- Avatar settings (color finish, optional uploaded photo, initials)
Trading data
- Symbols, sides (long/short), entry/exit prices, quantities, P&L, dates
- R-multiples, notes, tags, session info — whatever you log
- Screenshots you upload to trades
Community activity (only if you join a community)
- Posts you share to a group
- Replies and likes
- Communities you've joined
Discord (if you link Discord for Trading Ark)
- Your Discord user ID and current Trading Ark role membership
- Encrypted OAuth tokens used to re-check your role daily
- We do not read your messages, see your other servers, or post on your behalf
Billing data (only if you subscribe)
- Your Stripe customer ID and subscription ID
- We never see or store your card number — Stripe handles all of that
Technical info
- Basic browser user-agent string
- IP address (used for authentication only, not tracked or stored long-term)
What we DON'T collect
- We do NOT connect to your real brokerage account or hold any funds.
- We do NOT track you across other websites.
- We do NOT run third-party analytics or fingerprinting.
- We do NOT sell, rent, or share your data with advertisers.
Where it's stored
All data is stored using Supabase (supabase.com), a backend platform that hosts our database and file storage. Supabase encrypts data in transit and at rest. We do not move your data to any other third party for marketing or processing.
Who can see what
- Default: your trades, notes, and screenshots are private to you.
- Communities: if you share a trade to a community group, members of that community can see it. You control what gets shared.
- Public profile fields: your display name, username, and avatar are readable by other authenticated users of the service so community features can identify you. Your email and trade data are NOT public.
Cookies and storage
We use:
- One auth session token (so you stay signed in across visits)
- LocalStorage for some UI preferences (sidebar collapsed state, etc.)
We do NOT use:
- Tracking cookies
- Advertising pixels
- Cross-site identifiers
Your rights
- Delete your account: Settings → Danger Zone → Delete. This removes your account and all associated data.
- Export your data: email cjvaleo@gmail.com to request a copy of your data. We'll send it within 30 days.
- Correct your data: edit your profile, trades, and notes directly in the app.
- Stop using the service: just stop. We don't lock you in.
Children
TradeRewind is not intended for anyone under 18. If you are under 18, do not use the service. If we learn we've collected data from someone under 18, we'll delete it.
Security
We follow reasonable security practices but no online service is 100% secure. If we discover a breach affecting your data, we'll notify you promptly.
Third-party services we use
- Supabase — backend database and file storage (their privacy policy at supabase.com/privacy)
- Vercel — hosting (their privacy policy at vercel.com/legal/privacy-policy)
- Stripe — payment processing (their privacy policy at stripe.com/privacy)
- Discord — OAuth + role check (only if you link your Discord; see discord.com/privacy)
- Resend — transactional email delivery
That's it. We don't use other third parties to process your data.
Changes to this policy
We may update this policy. If we change anything significant, we'll notify you by email or in-app banner. Continued use after changes means you accept the updated policy.
Contact
Privacy questions? Data requests? Email cjvaleo@gmail.com.
TradeRewind is operated by Christian Valeo as an individual, based in New Jersey, USA.