Privacy Policy
Last updated: [DATE TO BE SET AT PUBLICATION]
This Privacy Policy describes how TrackyTrade LLC ("TrackyTrade," "we," "us," or "our") collects, uses, and protects information in connection with the trackytrade.com website (the "Website") and the TrackyTrade software application (the "Application," and together with the Website, the "Service"). This policy applies to all users of the Service, regardless of location.
TrackyTrade LLC is the data controller responsible for the information described in this policy. Our contact details are provided at the end of this policy.
TrackyTrade is designed to be a local-first application. Your trade data, P&L history, notes, and journal entries are stored only on your own device and never transmitted to TrackyTrade's servers. The information we do receive is limited to what is necessary to operate the subscription service: your email address, payment data (handled by Paddle), basic support communications, and standard website analytics.
1. Information We Collect
1.1 Information You Provide Directly
- Email address — when you join our waitlist, subscribe to the Service, or contact us for support;
- Payment information — when you subscribe, you provide payment details to Paddle (our Merchant of Record). Paddle handles all payment processing and we receive only limited transaction data (e.g., that you have an active subscription tied to your email address);
- Support communications — when you contact us at [email protected] or other support channels, we receive the content of your messages, your email address, and any information you choose to provide.
1.2 Information Collected Automatically
- Website analytics — when you visit trackytrade.com, our hosting provider (Cloudflare) automatically records standard server log information, including your IP address, browser type, referring page, and pages viewed. This information is used for security, performance monitoring, and basic visitor analytics;
- License validation pings — when you launch the Application, it checks whether your subscription is currently valid. To minimize unnecessary network activity, the Application caches the validation result locally for 24 hours; a new validation ping is only sent on launch if the cached result has expired or is missing. The validation ping transmits your email address only and receives a yes/no subscription status in response. No trade data, usage data, or behavioral data is ever included. Validation pings are sent to our subscription validation infrastructure (a Cloudflare Worker operated by TrackyTrade LLC).
1.3 Information We Do NOT Collect
Because the Application operates locally on your device, we do not receive or have access to:
- Your trade data, trade history, or P&L records;
- Your journal entries, notes, tags, or custom configurations;
- Any data imported from NinjaTrader 8 or, in the future, from Tradovate;
- The contents of any AI-assisted analysis you perform (see Section 3);
- Any other content created or stored locally on your device by the Application.
The only circumstances in which trade-related data leaves your device are: (a) when you affirmatively send it to us (for example, attaching a file to a support email), or (b) when you use AI-assisted features, in which case data flows directly to Anthropic using your own API key without passing through our servers (see Section 3).
2. How We Use Your Information
We use the limited information we collect for the following purposes:
| Purpose | Information Used | Legal Basis (GDPR) |
|---|---|---|
| Providing the Service (license validation, subscription management) | Email address, subscription status | Performance of contract |
| Responding to support requests | Email address, message content | Performance of contract |
| Sending essential service communications (e.g., subscription confirmations, security notices) | Email address | Performance of contract |
| Sending optional product updates and launch communications | Email address | Consent (opt-in via waitlist or subscription preferences) |
| Website security, fraud prevention, and abuse detection | Server logs, IP address | Legitimate interest |
| Compliance with legal obligations | As required | Legal obligation |
We do not sell your personal information. We do not use your personal information for advertising. We do not share your personal information with third parties for their marketing purposes.
3. AI-Assisted Features and Your Anthropic API Key
The Application includes optional AI-assisted features that you may use to receive automated analysis of your trading activity. These features operate using an Anthropic API key that you provide.
When you use these features:
- You obtain your own API key from Anthropic, PBC ("Anthropic");
- You enter the API key into the Application, where it is stored locally on your device;
- Trade data and prompts are sent directly from your device to Anthropic's API using your key;
- This data does not pass through TrackyTrade's servers or systems;
- TrackyTrade LLC has no access to, control over, or knowledge of the contents of these AI requests or responses;
- Your relationship with Anthropic — including their handling of your data, retention policies, and applicable terms — is governed by Anthropic's own terms and privacy policy.
You should review Anthropic's privacy policy at anthropic.com/legal/privacy before using AI features. If you do not wish to share trade data with Anthropic, you can simply not use the AI-assisted features; all other Application functionality remains available.
4. Third-Party Service Providers
We use a small number of trusted third-party service providers to operate the Service. The providers that may receive or process the limited information described in this policy are:
| Provider | Purpose | Data Shared |
|---|---|---|
| Paddle.com Inc. / Paddle.com Market Limited | Merchant of Record for subscription payments, tax calculation, and refund administration | Email address, payment information you provide at checkout, subscription details |
| Cloudflare, Inc. | Website hosting, CDN, bot protection (Cloudflare Turnstile), and license validation infrastructure | IP address, browser metadata, email address (for license validation pings) |
| Google LLC (Google Fonts) | Font rendering on trackytrade.com | IP address (incidental to font file delivery) |
The following are not our service providers in the traditional sense, but are relevant because the Application may interact with them on your device:
- NinjaTrader, LLC — the Application reads trade data from your local NinjaTrader 8 installation. This interaction is entirely local to your device; TrackyTrade does not communicate with NinjaTrader's servers in this process;
- Tradovate (a NinjaTrader, LLC subsidiary) — when our Tradovate integration is released (Phase 2), you will be able to authorize the Application to read trade data from your Tradovate account via OAuth. OAuth tokens will be stored locally on your device; TrackyTrade does not store these tokens on our servers;
- Anthropic, PBC — only if you choose to use AI-assisted features with your own API key, as described in Section 3.
5. Cookies and Similar Technologies
Our use of cookies is limited and is described in detail in our Cookie Policy. In summary, cookies are used only for:
- Paddle's secure checkout process when you subscribe;
- Cloudflare Turnstile bot protection on our forms.
We do not use advertising cookies, third-party analytics cookies (such as Google Analytics), social media tracking pixels, or any cookies that track you across other websites. The Application itself does not use cookies; it operates as a local Windows application.
6. Data Retention
We retain the limited information we collect only for as long as necessary to provide the Service and to meet our legal obligations:
- Email addresses on the waitlist: retained until you unsubscribe or until 24 months of inactivity, whichever comes first;
- Subscription account information: retained for the duration of your active subscription plus 30 days after cancellation, after which the email-to-subscription association is deleted. Note: Paddle may retain transaction records longer for tax and accounting purposes per applicable law;
- Support communications: retained for up to 24 months after the last communication, then deleted;
- Server logs: retained for up to 90 days for security and performance purposes, then automatically purged;
- Locally-stored data on your device: retained on your device under your control. We have no ability to delete this data. You may delete it yourself at any time by uninstalling the Application or removing its data folder.
7. International Data Transfers
TrackyTrade LLC is based in the United States. Some of our service providers also operate in the United States or in other jurisdictions. If you access the Service from outside the United States, your information may be transferred to and processed in the United States or other countries.
For users in the European Economic Area (EEA), United Kingdom, or Switzerland: where personal data is transferred outside these regions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms. Our key service providers (Paddle, Cloudflare) maintain GDPR-compliant data processing arrangements.
8. Your Rights
8.1 Rights Available to All Users
Regardless of your location, you may at any time:
- Request access to the information we hold about you;
- Request correction of inaccurate information;
- Request deletion of your information;
- Unsubscribe from non-essential communications;
- Cancel your subscription (through Paddle's customer portal).
To exercise any of these rights, contact us at [email protected]. We will respond within the timeframes required by applicable law (typically within 30 days).
8.2 Additional Rights for EEA, UK, and Swiss Users (GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) and equivalent UK and Swiss laws:
- Right to data portability — to receive your personal data in a structured, commonly used, machine-readable format;
- Right to restrict processing — to require us to limit the processing of your personal data in certain circumstances;
- Right to object — to object to processing based on legitimate interests, and to object to direct marketing at any time;
- Right to withdraw consent — where processing is based on consent, you may withdraw consent at any time;
- Right to lodge a complaint — with your local supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu.
We have not appointed a Data Protection Officer (DPO) as we are not required to do so under GDPR Article 37, but you may direct any privacy-related questions to [email protected].
8.3 Additional Rights for California Residents (CCPA / CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA):
- Right to know the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we share it;
- Right to delete the personal information we have collected from you (subject to certain exceptions);
- Right to correct inaccurate personal information;
- Right to opt out of "sale" or "sharing" of personal information. TrackyTrade does not sell or share personal information for cross-context behavioral advertising within the meaning of the CCPA;
- Right to limit use of sensitive personal information — we do not collect sensitive personal information beyond what is described in this policy;
- Right to non-discrimination for exercising these rights.
8.4 Additional Rights for Connecticut Residents (CTDPA)
If you are a Connecticut resident, you have rights under the Connecticut Data Privacy Act (CTDPA), which substantially parallel the GDPR rights described above. You may exercise these rights by contacting [email protected]. You also have the right to appeal a denial of any of these rights; appeals may be directed to the same address.
8.5 Other U.S. State Privacy Laws
Residents of other U.S. states with comprehensive privacy laws (including but not limited to Virginia, Colorado, Utah, Texas, Oregon, and Montana) have rights similar to those described above. We honor these rights consistently across all jurisdictions where they apply.
9. Security
We implement reasonable technical and organizational measures to protect the limited information we collect from unauthorized access, disclosure, alteration, and destruction. These measures include:
- Encryption of data in transit (TLS/HTTPS for all web communications);
- Access controls limiting which TrackyTrade personnel can access user information;
- Use of reputable infrastructure providers with strong security practices (Cloudflare, Paddle);
- Regular review of our data handling practices.
However, no system is 100% secure. We cannot guarantee the absolute security of information. The local-first architecture of the Application is itself a significant security advantage: because most of your data never leaves your device, it is not exposed to risks that affect cloud-based services.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from individuals under 18. If you become aware that a child has provided us with personal information without parental consent, please contact us at [email protected] and we will take steps to delete that information.
11. Do Not Track Signals
Our Website does not currently respond to Do Not Track (DNT) browser signals, because there is no industry consensus on how to interpret them and because we do not engage in cross-context tracking that DNT was designed to address.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice via email (to the address associated with your subscription or waitlist) or through the Service or Website at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Service after the effective date of revised policy terms constitutes your acceptance of the revised policy.
13. Contact Us
For privacy-related questions, requests, or to exercise any of the rights described in Section 8:
TrackyTrade LLC
Attn: Privacy
2389 Main St. STE 100
Glastonbury, CT 06033, USA
Email: [email protected]
For general inquiries:
Email: [email protected]