DumpMoneyRisesDumpMoneyRises
Sign up

Privacy Policy

Last updated: May 22, 2026

1. Data We Collect

Account Data

Email address, display name, hashed password (bcrypt). We never store plaintext passwords.

Usage Data

Pages viewed, features used, interaction timestamps, session duration. Collected to improve the Service.

Trading Data

Watchlists, simulated trades, portfolio positions, trade journal entries. This is user-generated content that you create within the platform.

Technical Data

IP address, browser type and version, device type, operating system, screen resolution. Collected for security, debugging, and service optimization.

Payment Data

Payment processing is handled by LemonSqueezy (Merchant of Record). We do NOT store your credit card number, CVV, or full card details. We receive: last 4 digits, card brand, expiration date, and billing country for receipt purposes.

AI Interaction Data

Prompts submitted to AI features and AI responses. Stored for service improvement and debugging. No personally identifiable information (PII) is sent to AI model providers — prompts are anonymized before forwarding.

2. How We Use Your Data

  • Provide the Service: Authentication, data storage, analysis delivery
  • Improve algorithms: Aggregate usage patterns to improve AI models and analysis accuracy
  • Personalization: Customize your experience (watchlists, preferences, scan settings)
  • Security: Detect and prevent unauthorized access, fraud, and abuse
  • Communication: Service-critical notifications (security alerts, billing). Marketing emails only if you opt in.

3. Data Sharing

We do NOT sell your personal data. Ever.

We share data only with:

  • LemonSqueezy: Payment processing (name, email, payment method)
  • AI providers: Anonymized prompts only — no PII, no email, no account data is sent to AI model providers
  • Analytics: Self-hosted analytics only. We do not use third-party analytics services (no Google Analytics).
  • Legal requirements: We may disclose data if required by law, court order, or to protect our legal rights

4. Data Retention

Data TypeRetention Period
Account dataUntil account deletion + 30 days
Usage analytics90 days
AI interaction logs90 days
Security/audit logs1 year
BackupsPer backup retention policy (max 90 days)
Payment recordsAs required by tax law (typically 7 years)

5. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following rights under GDPR:

  • AccessRequest a copy of all personal data we hold about you. Available via account settings > Export Data.
  • RectificationUpdate or correct your personal data at any time through account settings.
  • ErasureRequest deletion of your account and all associated data. Processing takes up to 30 days.
  • PortabilityExport your data in a standard machine-readable format (JSON).
  • ObjectOpt out of non-essential data processing (analytics). Available in privacy settings.
  • RestrictRequest restriction of processing while disputes are resolved.

To exercise any of these rights, contact us at privacy@smarttrader.app or use the in-app privacy settings. We respond to all requests within 30 days.

6. Cookies

We use the following categories of cookies:

  • Essential: Authentication tokens (httpOnly, secure), session management, consent preference. Cannot be disabled.
  • Functional: Theme preference, UI settings. Essential for user experience.
  • Analytics (optional): Usage patterns, feature popularity. Requires consent.
  • Advertising (optional): Targeted ads on free tier only. Requires consent. Not used for Premium subscribers.

For full details, see our Cookie Policy.

7. International Transfers

Your data is stored on servers located in Azure US East (Virginia, USA). If you are located outside the United States, your data will be transferred to and processed in the United States. We ensure appropriate safeguards are in place (Standard Contractual Clauses for EU data subjects).

8. Security Measures

  • Passwords hashed with bcrypt (cost factor 12)
  • All data encrypted in transit (TLS 1.3)
  • Database encrypted at rest (Azure encryption)
  • Access controls and principle of least privilege
  • Regular automated backups
  • Security audit logging
  • Rate limiting and brute-force protection
  • JWT tokens with short expiry (15 minutes) and secure refresh flow

While we implement industry-standard security measures, no system is 100% secure. We cannot guarantee absolute security of your data.

9. Children's Privacy

SmartTrader is not intended for users under 18 years of age. We do not knowingly collect personal data from children. If we discover that a user is under 18, we will terminate the account and delete associated data promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email notification at least 14 days before taking effect. The "Last updated" date at the top indicates the most recent revision.

11. Contact & Data Protection Officer

For privacy-related questions or to exercise your rights:

Email: privacy@smarttrader.app

DPO: dpo@smarttrader.app

If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

↑ Back to top

Not financial advice. AI may err. Verify independently.