Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following categories of information:

  • Account information: name, email address, password (stored as a secure hash — we never store your actual password)
  • Trade data: trade records you import (CSV or Excel files), manually entered trades, and associated metadata (symbols, prices, dates, notes, emotions)
  • AI interaction data: AI-generated reviews and insights linked to your account
  • Usage data: pages visited, features used, import history
  • Consent records: timestamps and details of consents granted or revoked

2. How We Use Your Information

  • To provide and operate the EdgeCoach AI service
  • To generate AI-powered trading insights and behavioral analysis (only with your explicit consent)
  • To improve the service and fix issues
  • To communicate service updates and respond to support requests
  • To ensure security, prevent fraud, and enforce our Terms of Service

3. AI Data Processing

When you request an AI review, your trade data is sent to our AI provider (Anthropic / Claude API) for behavioral analysis. Important details:

  • Your trade data is sent only when you explicitly request an AI review
  • Data sent to Anthropic is not used to train AI models (per Anthropic's API data policy)
  • We send anonymized trade data (prices, dates, quantities) — no personal identity information is included in AI requests
  • You can choose not to use AI features — the journaling and analytics work without AI

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Anthropic (Claude API): anonymized trade data for AI analysis, only when you request it
  • Infrastructure providers: hosting and database services necessary to operate the platform
  • Payment processors: Stripe, for subscription billing (when applicable) — we never see or store your full payment card details
  • Legal requirements: when required by law, regulation, or valid legal process

5. Data Retention

  • Your data is retained as long as your account is active
  • When you delete your account, we enter a 30-day grace period (allowing recovery by logging back in)
  • After 30 days, all your data is permanently and irreversibly deleted — including trades, AI reviews, personal information, and consent records
  • We do not retain anonymized or aggregated data from deleted accounts

6. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access: request a copy of all data we hold about you
  • Portability: export your complete data in JSON or CSV format
  • Deletion: request permanent deletion of all your data
  • Rectification: update or correct your personal information at any time
  • Restriction: request that we limit how we process your data
  • Objection: object to specific types of data processing
  • Consent withdrawal: revoke any consent at any time without affecting prior processing

To exercise any of these rights, contact us at edgecoachai@gmail.com. We will respond within 30 days.

7. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

8. Security

We implement industry-standard security measures:

  • Passwords hashed with bcrypt (cost factor 12)
  • All connections encrypted via HTTPS/TLS
  • Rate limiting on all API endpoints
  • Input sanitization and XSS prevention
  • Security headers (CSP, HSTS, X-Frame-Options)
  • Short-lived JWT sessions (1 hour) with server-side verification
  • Per-user data isolation — no user can access another user's data

9. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States (for AI processing via Anthropic). We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR.

10. Children

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top indicates the most recent revision.

12. Contact

For privacy-related inquiries, data requests, or concerns, contact us at edgecoachai@gmail.com.