Tradstry

Legal

Privacy Policy

What we collect, why we hold it, who else sees it, and how to get rid of it. Written in plain sentences, because a privacy policy nobody reads protects nobody.

Last updated 13 July 2026

01The short version

Your journal is yours. We collect what we need to run the service and nothing we don't.

  • We do not sell your data, to anyone, ever.
  • We do not train AI models on your content.
  • We ask brokers for read-only access. We cannot trade on your behalf.
  • Delete your account and your data goes with it.

The rest of this page is the detail behind those four lines.

02What we collect

Account details. Your name, email address, profile photo and sign-in method. These are held by Clerk, our authentication provider; we store only the identifier that links you to your data.

Trading data. When you connect a brokerage, we import your executions, positions and balances through SnapTrade — trade times, symbols, quantities, prices, fees and account values.

What you write. Journal entries, tags, playbooks, principles, notebook pages, and any images or files you attach.

Operational data. Logs needed to keep the service running and secure: IP address, browser and device type, timestamps, and error traces. Session and device information is held by Clerk so you can see and revoke your own sessions.

We don't ask for, and don't want, your brokerage password. SnapTrade handles that connection.

03Why we hold it

  • To show you your own trades, analytics and notes.
  • To sync your data between the web app and the desktop app.
  • To answer questions you ask an AI model about your journal, whether in the app or over MCP.
  • To take payment and manage your subscription.
  • To keep the service secure, debug failures, and prevent abuse.
  • To email you about your account when we need to.

04AI, and what it sees

When you use the in-app assistant, the relevant parts of your journal are sent to a model provider so it can answer. When you connect the MCP server to your own AI client — Claude, for instance — that client reads your data directly, under your own subscription with that provider.

Your content is not used to train any model, ours or a provider's. We send data to model providers only to serve the request you made.

Once you point a third-party AI client at your journal, that provider's own privacy policy governs what they do with what they read. That's a relationship between you and them; choose your client accordingly.

05Who else touches it

We use a small number of processors, each for one job, each bound to use your data only to do that job:

  • Clerk — authentication, sessions, profile photos.
  • SnapTrade — the brokerage connection.
  • Vercel — serving the web app itself.
  • Contabo — the servers our database runs on.
  • AI model providers — answering the questions you ask.
  • Market-data providers — historical prices used to reconstruct your equity curve. We send them ticker symbols, never anything about you.

Your journal itself lives in a database we run on our own servers, not in a third party's product. Tradstry is the data controller — the decisions about what is collected and why are ours, and the responsibility is ours. We do not share your journal with advertisers, data brokers, or anyone else. We will disclose data if the law compels us to — and where we're allowed to tell you, we will.

06How long we keep it

We keep your data for as long as your account exists. Delete something and it goes; delete your account and everything goes with it.

Two honest caveats. Encrypted backups roll off on their own schedule, so deleted data can persist there for a short window before it's overwritten. And where the law requires us to retain records — billing, for instance — we retain those and nothing more.

07Your rights

You can see, correct, export and delete your data. Most of it you can do yourself: the account dialog handles your profile, email addresses, devices and account deletion. For anything else, write to us and we'll do it.

Depending on where you live, you may also have the right to object to or restrict certain processing, and to complain to a data-protection authority. Exercising any of these rights costs you nothing and we won't treat you differently for it.

08Security

Data is encrypted in transit. Access to production systems is limited to the people who need it. Sessions can be revoked per device from your account settings. No system is perfectly secure, and we won't pretend otherwise — but if a breach ever affects your data, we'll tell you promptly and plainly.

09California residents

If you live in California, the CCPA gives you the right to know what personal information we collect and why, to get a copy of it, to correct it, to delete it, and not to be discriminated against for asking. The sections above describe all of that, and the account dialog lets you do most of it yourself.

We do not sell your personal information, and we do not share it for cross-context behavioural advertising. We never have. There is therefore nothing for you to opt out of — but if that ever changes, we will tell you before it does, and the opt-out will be here.

10Children

Tradstry isn't for anyone under 18. We don't knowingly collect data from children, and we'll delete it if we discover we have.

11Changes, and how to reach us

If we change this policy in a way that materially affects you, we'll tell you before it takes effect rather than quietly editing the page.

Questions, requests, or complaints: johnsonnifemi11@gmail.com. The data controller is Tradstry.