How we collect, use, and protect your data
Tradavity ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading journal application at app.tradavity.com and related services.
By using Tradavity, you agree to the collection and use of information in accordance with this policy. We comply with the EU General Data Protection Regulation (GDPR) and German data protection laws.
Tradavity
Philip Koch
c/o flexdienst – #20630
Kurt-Schumacher-Straße 76
67663 Kaiserslautern, Germany
Email: support@tradavity.com
When you connect a broker account for automatic trade synchronization, we store the following depending on the broker:
All stored credentials are encrypted at rest. You may disconnect your broker at any time through your account settings, which immediately and permanently deletes all stored tokens and credentials.
On each page load while you are logged in, we collect:
When you use the in-app search feature, we log your search query, the type and number of results returned, and a timestamp. If AI-powered search is used, the query and AI response are also logged for service improvement and caching.
When you submit a support request via our contact form, we collect your name, email address, and message content. Your IP address is also recorded for anti-abuse purposes.
If you sign up for our waitlist before creating an account, we collect your email address along with your IP address, browser information, and referrer URL for anti-abuse and analytics purposes.
If you generate an API key for the Tradavity browser extension, the key is stored in your account. Only one key can be active at a time.
Payment processing is handled by Stripe. We store only:
We do not store credit card numbers or full payment details.
| Purpose | Legal Basis |
|---|---|
| Provide and maintain our service | Contract performance |
| Process payments and subscriptions | Contract performance |
| Send transactional emails (verification, password reset) | Contract performance |
| Send marketing communications | Consent (opt-out available) |
| Improve our services and user experience | Legitimate interest |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
Tradavity offers optional AI-powered features including text correction, smart formatting, note generation, in-app search, and AI Chat (Tradavity AI). When enabled:
We use two AI providers:
Your username, email, password, account settings, and personal identifiers are never sent to any AI provider.
You may optionally provide your own API keys for OpenAI and/or Anthropic in Settings. When using your own key:
We use Stripe to process payments. When you subscribe, your payment information is sent directly to Stripe. See Stripe's privacy policy: stripe.com/privacy
If you sign in with Google, we receive your email address, name, and profile picture from Google. See Google's privacy policy: policies.google.com/privacy
We use Google Fonts to display web fonts. When you load a page, your browser connects to Google's servers (fonts.googleapis.com, fonts.gstatic.com) to retrieve font files. This transmits your IP address and browser information to Google. See Google's privacy policy: policies.google.com/privacy
When you log in, we use ipwho.is to determine the approximate location (country and city) associated with your IP address over an encrypted HTTPS connection. This information is displayed in your active sessions overview so you can detect unauthorized access. Only your IP address is sent to this service; no other personal data is transmitted.
Tradavity connects to third-party trading platforms (Tradovate, NinjaTrader, TopstepX) to automatically import your trade history. These connections use each platform's official API and are limited to read-only access to your trade and account data. Tradavity does not place orders, execute trades, transfer funds, or modify your broker account in any way.
For Tradovate and NinjaTrader, authentication is handled via OAuth on the broker's secure website. For TopstepX, your API key and username are stored encrypted using AES-256-CBC encryption. All credentials are deleted immediately when you disconnect a broker. See Section 3.4 for details on stored data.
Tradavity is not affiliated with, endorsed by, or sponsored by any of these platforms. Use of broker integrations is subject to each platform's own Terms of Service. NinjaTrader® is a registered trademark of NinjaTrader Group, LLC.
Our servers are hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. Hetzner processes data on our behalf as a data processor under a Data Processing Agreement (DPA). All servers are located in Germany. See Hetzner's privacy policy: hetzner.com/legal/privacy-policy
We use Strato AG as our email service provider for sending transactional and informational emails (e.g., account verification, password reset, subscription notifications). Strato processes email delivery on our behalf. Strato AG is based in Germany. See Strato's privacy policy: strato.de/datenschutz
We use the following cookies:
| Cookie | Purpose | Duration |
|---|---|---|
| auth_session | Maintains your login session | Session / 30 days (remember me) |
| browser_timezone | Detects timezone during registration | 1 hour (auto-deleted) |
| PHPSESSID | Technical session (CSRF protection, flash messages) | Browser session |
You can manage cookie preferences in your Privacy Settings.
We retain your data for as long as your account is active. Specific retention periods:
After account deletion, your personal data is permanently removed within 14 days (grace period for recovery). Billing records required for tax compliance are retained in anonymized form for the legally mandated period.
Under the GDPR, you have the right to:
We will respond to your request within one month of receipt (extendable by two months for complex requests, with notification). To exercise these rights, contact us at support@tradavity.com or use the account deletion feature in Settings.
Automated decision-making: We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you (Art. 22).
We implement security measures including:
Our servers and primary data processors (Hetzner, Strato) are located in Germany. However, some third-party services process data in the United States:
These providers participate in the EU-U.S. Data Privacy Framework (DPF), which has been recognized by the European Commission as providing an adequate level of data protection (Adequacy Decision of 10 July 2023). Where the DPF does not apply, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as appropriate safeguards.
Tradavity is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or through the application. Your continued use of Tradavity after changes constitutes acceptance of the updated policy.
For privacy-related inquiries or to exercise your rights:
Email: support@tradavity.com
You also have the right to lodge a complaint with a data protection supervisory authority.
The competent authority for our business is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Postfach 30 40, 55020 Mainz, Germany
Website: www.datenschutz.rlp.de
Last updated: March 2026