Privacy Policy
Contents
1. What we collect
We collect only what we need to run the Service:
- Account data: email, hashed password, display name, signup timestamp, email-verification + password-reset tokens.
- Subscription data: Stripe customer ID, subscription status, billing period end. We do not store your card number — Stripe handles that.
- Activity data: trading drills you complete, journal entries you write, paper trades you place, lessons you read, and your responses to the onboarding assessment.
- Technical data: approximate IP address (last successful login only, for security), browser type, and operational logs (errors, request timings) needed to keep the Service running.
2. How we use it
We use the data to provide the Service, personalize your experience (level placement, spaced repetition scheduling, recommended drills), process billing, send transactional emails (verification, password reset, billing receipts), respond to support requests, and improve the curriculum. We do not sell your personal data and we don't use your trading history to target ads.
3. Sub-processors
We use the following third parties to run the Service. Each receives only the data necessary for its function:
| Vendor | Purpose | Data shared |
|---|---|---|
| Stripe | Payment processing | Email, name, billing address, card details |
| Anthropic (Claude) | AI coaching, drill grading | Drill answers, paper-trade context, journal text (transient — not stored by Anthropic per their data-retention policy) |
| Twelve Data / Yahoo / Coinbase | Live market prices & charts | Ticker symbols you look up. No account data is sent. |
| Render (or equivalent hosting) | Application hosting | All operational data (encrypted at rest) |
| PostHog (US Cloud) | Product analytics & conversion funnels | Pseudonymous device ID, page views, UTM source, signup & activation events. Linked to your user ID after signup so we can measure funnel performance. No financial data. |
| Sentry | Server-side error monitoring | Error traces and request metadata (no request bodies). Helps us fix crashes faster. |
| Postmark | Transactional email delivery | Recipient email + the text of verification, password-reset, and billing emails. No marketing email is sent without separate opt-in. |
4. Sharing
We share data only with the sub-processors listed above, with our professional advisers under confidentiality, or where required by law (e.g., a valid subpoena). If we're ever acquired or merge, your data may transfer to the successor entity; you'll be notified by email at least 30 days in advance and given the option to delete your account first.
5. Retention
We keep your account data while your account is active and for up to 12 months after deletion for backup, accounting, and legal compliance. You can request earlier deletion under "Your rights" below.
6. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data. Account deletion is self-serve: in the app, open Profile → Delete account, confirm with your password, and your account and personal data are deleted immediately (any active subscription is canceled at the same time so you are never billed again; Stripe retains payment records we are legally required to keep). For data access, correction, or export, email hello@tradorian.com from the email address on your account. We'll respond within 30 days. We will not discriminate against you for exercising any of these rights.
Coaching conversations. Messages you exchange with the AI coach may be reviewed by Tradorian staff for quality, safety, and abuse prevention. They are never sold, never used for advertising, and are deleted with your account.
7. California residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you these rights:
- Right to know what personal information we collect, use, disclose, and (if applicable) sell or share.
- Right to correct inaccurate personal information.
- Right to delete personal information we have collected from you, subject to certain exceptions.
- Right to opt out of the "sale" or "sharing" of personal information for cross-context behavioral advertising. We do not sell or share personal information in the CCPA/CPRA sense, and we do not engage in cross-context behavioral advertising.
- Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.
- Right to non-discrimination for exercising any of the above rights.
To exercise these rights, email hello@tradorian.com from the email on your account. We may need to verify your identity before fulfilling a request. You may also authorize an agent to act on your behalf; we will ask the agent to provide proof of authorization.
8. EU/UK/EEA residents (GDPR)
If you are in the European Economic Area, United Kingdom, or Switzerland, the General Data Protection Regulation (or its UK/Swiss equivalent) gives you the right to access, rectify, erase, restrict processing of, port, or object to processing of your personal data, and to lodge a complaint with your local data-protection authority. Our legal bases for processing are: (a) performance of a contract with you (account management, billing, delivering the Service); (b) our legitimate interests in improving the Service and preventing abuse; and (c) your consent (where required, e.g., optional analytics events). You can withdraw consent at any time.
9. "Do Not Sell or Share My Personal Information"
We do not sell personal information, and we do not share it for cross-context behavioral advertising. We do not need to honor a Global Privacy Control signal for "sale/share" opt-out because no such activity occurs. If our practices ever change, we will update this section and provide an opt-out mechanism at least 30 days in advance.
10. Security
We use HTTPS for all traffic, hash passwords with Werkzeug's PBKDF2 implementation, store secrets in environment variables rather than source code, and rate-limit sensitive endpoints. No system is perfect — if you discover a vulnerability, email hello@tradorian.com and we'll respond as soon as we can.
11. Cookies & similar storage
We use the minimum cookies + browser storage needed to run the Service:
- Session cookie (signed, HttpOnly, Secure in production) — keeps you logged in.
- PostHog analytics cookie — assigns your browser a pseudonymous device ID so we can measure conversion funnels. No advertising network, no cross-site tracking.
- localStorage — stores your UTM attribution from the URL you arrived on (so we can measure which channels work), your language preference, and a 30-day flag for the exit-intent popup so it doesn't pester you on every visit.
We do not use third-party advertising cookies, retargeting pixels, or any tracker that follows you to other sites.
12. Children
The Service is not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a child has signed up, email us and we'll delete the account.
13. Contact
For data-access, deletion, or any other privacy question: hello@tradorian.com. Postal: Hervis Holdings LLC, 1165 W 49th St Suite 204, Hialeah, FL 33012, USA.
← Back to home