Legal

Privacy Policy.

What data we collect, why, and what we don't do with it. Written in plain English.

Last updated April 22, 2026

1. TL;DR

We collect the minimum data needed to run your trading journal, AI coach, and broker connections. We do not sell your data. We do not train anyone’s AI model on your trades, journal entries, or personal information. You can export or delete everything you’ve ever given us, on demand.

2. Who we are

TradeDNA is operated by TradeDNA LLC (“TradeDNA,” “we,” “us”). Our product is a trading journal, AI coaching tool, and market intelligence platform for self-directed retail and prop-firm traders.

3. What we collect

Account data (you give us)

  • Email address
  • Password (hashed, never stored in clear text)
  • Username (your public handle)
  • Display name (optional)
  • Trading experience + attribution (onboarding)

Trading data (you give us or your broker gives us via your connection)

  • Trades, fills, orders, and account balances
  • Broker account credentials, encrypted at rest with a key we manage
  • Journal entries (sleep, stress, focus, pre/post-session notes, mood tags)
  • Trading plan rules and risk limits

Product usage data (we measure)

  • Pageviews, feature clicks, session duration
  • Device, browser, and coarse geographic location (country + region only)
  • Error reports when the app crashes

What we do NOT collect

  • Your broker password in plain text; we use read-only or token-based connections wherever the broker supports it
  • Credit card numbers; all payments run through our payment processor, which handles PCI compliance
  • Full-session replays or screen recordings by default
  • Microphone, camera, or location beyond country/region

4. How we use your data

  • To run the product. Display your trades, compute P&L, score your rule compliance, overlay your data on market replays.
  • To power the AI coach. Your trades and journal are sent to our AI provider at inference time so the coach can give grounded feedback. Our agreement with them does not allow training models on this data. Your data is not used to improve any foundation model.
  • To improve the product. Aggregate, de-identified usage data tells us what features work. Individual data is never shared externally in this process.
  • To communicate with you. Transactional emails (confirmations, password resets), product announcements (you can opt out), and coaching summaries you’ve opted into.
  • To comply with law. If we get a valid subpoena, we’ll comply and notify you unless legally prohibited.

5. Who we share data with

We share data only with the third-party processors we need to run the service. These cover cloud hosting and database storage, payment processing, AI inference, transactional email, product analytics, error monitoring, and licensed market-data providers. Each is contractually bound to protect your data and to use it only to provide their service to us.

We do not sell your data. We do not share it with advertisers, data brokers, or ad-networks. Each processor is chosen because it meets our security bar.

6. Data retention

  • Active account data: retained while your account is active.
  • After deletion: we wipe your trades, journal, plan, and account within 30 days of your deletion request. Backups roll off within 60 days.
  • Aggregate analytics: retained indefinitely in de-identified form.
  • Legal holds: if we’re under subpoena, retention may extend as required.

7. Your rights

Regardless of where you live, you can:

  • Access everything we have on you — request an export anytime from Settings → Data & Privacy.
  • Delete your account — one-click from Settings. Takes effect within 30 days.
  • Correct inaccurate data — edit in-app or email us.
  • Port your data — CSV + JSON export of every trade, journal entry, and plan rule.
  • Opt out of non-essential emails — every marketing email has an unsubscribe link.

If you’re in the EEA, UK, or California, you additionally have the rights granted by GDPR, UK-GDPR, and CCPA. Our US entity acts as the controller of your data.

8. Security

Broker credentials are encrypted at rest with a key held separately from the database. Passwords are hashed. Data in transit is encrypted with TLS. Our production environment enforces least-privilege access and short-lived credentials, and we monitor for errors so we can see and respond to incidents fast.

We’ll tell you about a breach affecting your account data within 72 hours of confirming it, as required by GDPR, and sooner where we can.

9. Cookies & tracking

We use first-party cookies (your session and CSRF tokens) to run the product. Our analytics sets a first-party cookie to recognize your anonymous device across pageviews. We do not use third-party advertising trackers.

10. Kids

TradeDNA is not intended for users under 18. If we learn we’ve collected data from a minor, we’ll delete it.

11. Changes to this policy

If we make material changes, we’ll email all active users at least 14 days before the changes take effect. Minor wording fixes will be rolled out silently, but the “last updated” date at the top will always be current.

Questions? Email [email protected]. This document is written in plain English; where a strict legal term applies, we’ll say so.
Privacy Policy — TradeDNA