Privacy Policy - Tradavity

1. Introduction

Tradavity ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading journal application at app.tradavity.com and related services.

By using Tradavity, you agree to the collection and use of information in accordance with this policy. We comply with the EU General Data Protection Regulation (GDPR) and German data protection laws.

2. Data Controller

Tradavity
Philip Koch
Trier, Germany
Email: support@tradavity.com

3. Data We Collect

3.1 Account Information

Email address
Username
Password (stored encrypted using bcrypt)
Google account ID (if using Google Sign-In)

3.2 Profile Information

Trading strategy description
Years of trading experience
Biography
Profile picture
Social media links (optional)

3.3 Trading Data

Trade entries (date, symbol, direction, quantity, P&L)
Journal entries and notes
Screenshots and images you upload
Trading account information (names, balances)
Strategy and setup configurations

3.4 Usage Data

IP address
Browser type and version (user agent)
Pages visited and features used
Last login time and online status
Device information

3.5 Payment Information

Payment processing is handled by Stripe. We store only:

Stripe customer ID
Subscription status and plan type
Invoice history (amounts, dates)

We do not store credit card numbers or full payment details.

4. How We Use Your Data

Purpose	Legal Basis
Provide and maintain our service	Contract performance
Process payments and subscriptions	Contract performance
Send transactional emails (verification, password reset)	Contract performance
Send marketing communications	Consent (opt-out available)
Improve our services and user experience	Legitimate interest
Prevent fraud and ensure security	Legitimate interest
Comply with legal obligations	Legal obligation

5. AI Features and OpenAI

Tradavity offers optional AI-powered text correction features for your trade journal entries. When enabled:

Your journal text is sent to OpenAI's API for processing
Only the text you submit is sent (no personal identifiers)
AI features require your explicit consent in Settings
You can enable/disable specific AI features (spelling correction, smart formatting)
You can revoke AI consent at any time

OpenAI's privacy policy applies to data processed by their service: openai.com/privacy

6. Third-Party Services

6.1 Stripe (Payment Processing)

We use Stripe to process payments. When you subscribe, your payment information is sent directly to Stripe. See Stripe's privacy policy: stripe.com/privacy

6.2 Google OAuth

If you sign in with Google, we receive your email address, name, and profile picture from Google. See Google's privacy policy: policies.google.com/privacy

7. Cookies

We use the following cookies:

Cookie	Purpose	Duration
auth_session	Maintains your login session	Session / 30 days (remember me)
browser_timezone	Detects timezone during registration	1 hour (auto-deleted)

You can manage cookie preferences in your Privacy Settings.

8. Data Retention

We retain your data for as long as your account is active. You can configure retention periods in Settings:

Login history: Default 365 days
Active sessions: Default 90 days
Activity logs: Default 180 days

After account deletion, your data is permanently removed within 14 days (grace period for recovery).

9. Your Rights (GDPR)

Under the GDPR, you have the right to:

Access - Request a copy of your personal data
Rectification - Correct inaccurate personal data
Erasure - Request deletion of your data ("right to be forgotten")
Restriction - Limit how we process your data
Portability - Receive your data in a portable format
Objection - Object to certain processing activities
Withdraw consent - Revoke consent at any time

To exercise these rights, contact us at support@tradavity.com or use the account deletion feature in Settings.

10. Data Security

We implement security measures including:

Password encryption using bcrypt hashing
HTTPS encryption for all data transmission
Secure session tokens with HttpOnly and Secure flags
Two-factor authentication (2FA) option
Rate limiting on login attempts
Regular security updates

11. International Transfers

Your data may be transferred to and processed in countries outside the EU (e.g., for cloud services). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

12. Children's Privacy

Tradavity is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the application. Your continued use of Tradavity after changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries or to exercise your rights:
Email: support@tradavity.com

You also have the right to lodge a complaint with a data protection supervisory authority, such as the Landesbeauftragte für Datenschutz (State Data Protection Authority) in your region.