Privacy Policy
Contents
1. What we collect
We collect only what we need to run the Service:
- Account data: email, hashed password, display name, signup timestamp, email-verification + password-reset tokens.
- Subscription data: Stripe customer ID, subscription status, billing period end. We do not store your card number — Stripe handles that.
- Activity data: trading drills you complete, journal entries you write, paper trades you place, lessons you read, and your responses to the onboarding assessment.
- Technical data: approximate IP address (last successful login only, for security), browser type, and operational logs (errors, request timings) needed to keep the Service running.
2. How we use it
We use the data to provide the Service, personalize your experience (level placement, spaced repetition scheduling, recommended drills), process billing, send transactional emails (verification, password reset, billing receipts), respond to support requests, and improve the curriculum. We do not sell your personal data and we don't use your trading history to target ads.
3. Sub-processors
We use the following third parties to run the Service. Each receives only the data necessary for its function:
| Vendor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, name, billing address, card details |
| Anthropic (Claude) | AI coaching, drill grading | Drill answers, paper-trade context, journal text (transient — not stored by Anthropic per their data-retention policy) |
| Twelve Data / Yahoo / Coinbase | Live market prices & charts | Ticker symbols you look up. No account data is sent. |
| Render (or equivalent hosting) | Application hosting | All operational data (encrypted at rest) |
4. Sharing
We share data only with the sub-processors listed above, with our professional advisers under confidentiality, or where required by law (e.g., a valid subpoena). If we're ever acquired or merge, your data may transfer to the successor entity; you'll be notified by email at least 30 days in advance and given the option to delete your account first.
5. Retention
We keep your account data while your account is active and for up to 12 months after deletion for backup, accounting, and legal compliance. You can request earlier deletion under "Your rights" below.
6. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, email hello@tradorian.com from the email address on your account. We'll respond within 30 days. EU/UK residents may also lodge a complaint with their local data-protection authority.
7. Security
We use HTTPS for all traffic, hash passwords with Werkzeug's PBKDF2 implementation, store secrets in environment variables rather than source code, and rate-limit sensitive endpoints. No system is perfect — if you discover a vulnerability, email hello@tradorian.com and we'll respond as soon as we can.
8. Cookies
We use a single first-party session cookie (signed, HttpOnly, Secure in production) to keep you logged in. We do not use third-party advertising or tracking cookies.
9. Children
The Service is not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a child has signed up, email us and we'll delete the account.
10. Contact
For data-access, deletion, or any other privacy question: hello@tradorian.com. Postal: Hervis Holdings LLC, 1165 W 49th St Suite 204, Hialeah, FL 33012, USA.
← Back to home