Privacy Policy
Who We Are
TradingGrove ("we", "us", "our") operates the web application available at tradinggrove.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Platform.
For privacy-related queries, contact us at support@tradinggrove.com. We take all privacy concerns seriously and aim to respond within 2 business days.
Data We Collect
We collect only what is necessary to provide and improve the Platform. Here is a full breakdown:
| Data Type | What It Includes | How Collected |
|---|---|---|
| Account Data | Email address, display name, hashed password | Provided by you at registration |
| Journal Data | Trade logs, entry/exit prices, P&L, notes, tags, images, mood/confidence ratings | Entered by you in the journal |
| Subscription Data | Plan type, billing cycle, subscription status, expiry date | Generated when you subscribe |
| Referral Data | Your referral code, who signed up via your link, reward status | Generated automatically |
| Usage Data | Pages visited, feature interactions, session timestamps | Collected automatically (anonymised) |
| Device Data | Browser type, operating system, approximate region | Collected automatically |
| Payment Data | Payment method details, billing history | Handled exclusively by Stripe β we never see your card number |
| Calculator Data | Inputs and default values for calculators | Stored in your browser only (localStorage) β never sent to our servers |
How We Use Your Data
We use the data we collect for the following purposes:
- To provide the Platform β authenticating your account, storing your journal entries, displaying your analytics, and delivering Pro features you have subscribed to.
- To process payments β managing your subscription, renewals, and billing via Stripe.
- To manage referrals β tracking referral signups and crediting Pro reward days.
- To communicate with you β sending transactional emails such as password resets, subscription confirmations, and material policy updates.
- To improve the Platform β understanding how features are used (using anonymised, aggregated data only) to make TradingGrove better.
- To ensure security β detecting abuse, fraud, and unauthorised access.
We process your data on the legal bases of contract performance (to deliver the service you signed up for), legitimate interests (to operate and improve the Platform securely), and consent where explicitly provided.
What We Never Do
- We never sell your personal data β to anyone, ever, under any circumstances.
- We never share your trade data with third parties for marketing, analytics resale, or any commercial purpose.
- We never use your journal data to train AI or machine learning models.
- We never show targeted ads based on your trading activity or journal content.
- We never access your calculator inputs β they live in your browser and never reach our servers.
- We never contact you with unsolicited marketing without your explicit consent.
Free-tier users do see advertisements. These ads are not behaviorally targeted using your personal trading data or journal content. Ads are served contextually based on the page being viewed only.
Data Storage & Security
Your account data and journal content are stored securely in Supabase, our cloud database provider. Supabase implements Row Level Security (RLS) β a database-level policy that ensures your data is only accessible by you. Even at the database level, one user cannot query another user's records.
- Encryption at rest β All data is encrypted in storage
- Encryption in transit β All connections use HTTPS/TLS
- Row Level Security β You can only access your own data
- Authenticated access only β All journal endpoints require a valid session token
- Password hashing β Passwords are hashed using industry-standard algorithms and never stored in plain text
Third-Party Services
To operate TradingGrove, we rely on a small number of carefully selected third-party services. We share only the minimum data necessary with each:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | Account data, journal content, images |
| Stripe | Payment processing & billing portal | Email, subscription status. Card details handled by Stripe directly β we never receive them. |
| Google Fonts | Typography | IP address (standard web font request, no personal data) |
| Font Awesome (CDN) | Icons | IP address (standard CDN request, no personal data) |
All third-party services are bound by their own privacy policies and relevant data protection agreements. We do not use analytics platforms such as Google Analytics, Facebook Pixel, or similar tracking services.
Browser Local Storage
The free Crypto Calculator and Forex Calculator save your default input values (account size, risk %, etc.) to your browser's localStorage. This data:
- Never leaves your device
- Is never transmitted to our servers
- Is never associated with your account or identity
- Can be cleared at any time through your browser settings
localStorage is also used to remember which referral reward modals you have already seen, so they don't repeat on every login.
Cookies
TradingGrove uses a minimal number of cookies, strictly necessary for the Platform to function:
- Authentication session cookie β Set by Supabase to keep you logged in securely across page loads. This is essential for using the journal.
- Stripe cookies β Set during the checkout process by Stripe to facilitate secure payment. These are under Stripe's cookie policy.
We do not use tracking cookies, advertising cookies, or third-party analytics cookies. You may disable cookies in your browser settings, but doing so will prevent you from logging in to your account.
Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users regardless of jurisdiction:
To exercise any right, email us at support@tradinggrove.com. We will respond within 30 days. Most actions (name changes, data export, account deletion) can be performed directly from your Profile page without contacting us.
Data Retention
We retain your data only for as long as necessary:
- Active accounts β Data is retained for as long as your account exists.
- Deleted accounts β All journals, trades, images, and notes are permanently erased immediately upon account deletion. Email addresses may be retained for a brief period for fraud prevention only, then purged.
- Billing records β Stripe retains payment records as required by financial regulations. We retain subscription status records for the period required by applicable law.
- Anonymised usage data β May be retained indefinitely as it contains no personal identifiers.
Children's Privacy
TradingGrove is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete that data promptly.
If you believe a minor has created an account, please contact us at support@tradinggrove.com.
International Data Transfers
TradingGrove serves a global audience. Your data may be stored and processed in data centres outside your country of residence, including in the United States where our infrastructure providers (Supabase, Stripe) operate.
Where such transfers occur, we ensure appropriate safeguards are in place in accordance with applicable data protection law, including reliance on Standard Contractual Clauses where required.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or in-app notice.
We encourage you to review this page periodically. Your continued use of the Platform following any update constitutes acceptance of the revised Policy.
Contact Us
For any privacy-related questions, data requests, or concerns, please contact us:
Email: support@tradinggrove.com
Website: tradinggrove.com
We aim to respond to all privacy enquiries within 2 business days, and to fulfil data rights requests within 30 days.