Privacy Policy

This Privacy Policy explains how TerraTrade ("TerraTrade," "we," "our," or "us") collects, uses, discloses, and protects information about you when you use our websites, mobile apps, browser extensions, APIs, and related services (collectively, the "Services"). It also describes your privacy rights and how to exercise them.

By using the Services, you agree to the practices described here. If you do not agree, do not use the Services. This Policy is provided for transparency and does not create contractual rights, except where required by law.

1. Scope & Key Definitions

  • "Personal Data" or "personal information" means information that identifies or can reasonably be linked to an identifiable individual.
  • "Trading Connections" means connections you authorize between TerraTrade and brokers, exchanges, or data providers to import trade history, orders, executions, balances, or market data.
  • "AI Features" means analytics, insights, summaries, and recommendations powered by machine learning models we operate or integrate.

2. Information We Collect

A. Information You Provide

  • Account Data: name, email, password (hashed), authentication tokens, profile settings, preference and theme selections.
  • Trading Data: trade logs, executions, positions, P&L, notes/journal entries, tags, strategies, imported statements, uploaded files, watchlists.
  • Support & Communications: messages you send us, feedback, survey responses, and content of in-app help requests.
  • Payment & Subscription Data: plan tier, billing status, and limited payment metadata. We do not store full payment card numbers.

B. Information From Trading Connections & Integrations

With your explicit authorization, we collect data from connected brokers, exchanges, and data providers (e.g., orders, fills, balances, instruments, timestamps, fees, and market data). You can disconnect integrations at any time in your account settings.

C. Information Collected Automatically

  • Usage & Diagnostics: event logs, session duration, pages/screens viewed, buttons clicked, feature usage, crash reports.
  • Device & Network: IP address, device model, OS version, browser type, language, timezone, and coarse location inferred from IP.
  • Cookies & Similar Tech: cookies, local storage, and device identifiers used for authentication, preferences, analytics, and fraud prevention.

3. How We Use Your Information

  • Provide and operate the Services, including trade import, journaling, analytics, backtesting, AI insights, and data visualizations.
  • Authenticate you, maintain account and subscription status, and secure your sessions.
  • Improve performance, reliability, accuracy of analytics/AI models, and overall user experience.
  • Personalize features, content, and recommendations (e.g., strategy insights, dashboards).
  • Provide customer support and communicate service updates, security alerts, and changes to terms or policies.
  • Monitor, detect, and prevent fraud, misuse, or security incidents.
  • Comply with legal obligations, enforce agreements, and protect our rights and users.

AI Features

For AI-powered features, we may process your Trading Data and journal content to generate summaries, classifications, anomaly detection, or strategy insights. Unless we explicitly say otherwise (and obtain your consent where required), we do not use your personal Trading Data to train publicly available third-party models. If we work with an AI vendor, we use contractual and technical controls to protect your data and limit its use to providing the requested functionality.

4. Legal Bases for Processing (EEA/UK)

  • Contractual necessity (to provide the Services you request).
  • Legitimate interests (to secure and improve the Services, prevent abuse, and understand usage).
  • Consent (for certain analytics, marketing, or specific integrations where required).
  • Legal obligation (to comply with applicable laws and requests from authorities).

5. How We Share Information

  • Service Providers/Processors: hosting, storage, analytics, error monitoring, customer support, email delivery, and payment processing (access limited to what’s necessary).
  • Integrations You Enable: if you connect a broker or data provider, we will exchange data as needed to provide the integration.
  • Legal & Safety: to comply with law, respond to legal requests, enforce terms, or protect rights, property, or safety.
  • Business Transfers: in a merger, acquisition, or asset sale, your information may be transferred, subject to this Policy.

We do not sell personal information. We do not share for targeted advertising without your consent where required by law.

6. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Services and meet the purposes described here. After account closure, we typically delete or anonymize personal data within 30 days, subject to:

  • Legal/Regulatory: we may retain certain records as required by law, audits, or to resolve disputes (generally up to 3–7 years, depending on jurisdiction).
  • Backups: data may persist in encrypted backups for up to 90 days before being overwritten in the normal course of business.
  • Analytics Aggregates: we may retain de-identified or aggregated analytics that no longer identify you.

7. Security

  • Encryption in transit (HTTPS/TLS) and at rest for sensitive stores.
  • Access controls, least privilege, audit logging, and environment isolation.
  • Vulnerability management, monitoring, and incident response procedures.

No system is perfect; we cannot guarantee absolute security. If we learn of a breach impacting your data, we will notify you and regulators when required by law.

8. Your Privacy Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Delete your data (see Section 10).
  • Portability (receive your data in a portable format).
  • Restrict or object to certain processing.
  • Withdraw consent where processing is based on consent.
  • Appeal certain decisions or lodge a complaint with a regulator.

To exercise rights, use the in-app settings or contact us at support@terratrade.app. We may need to verify your identity and jurisdiction.

9. Cookies & Similar Technologies

We use cookies, local storage, and similar technologies to keep you logged in, remember preferences, measure performance, and prevent fraud. You can adjust cookie settings in your browser or device; certain features may not work without required cookies. We currently do not respond to "Do Not Track" signals.

10. Account Deletion & Data Deletion

A. Delete Your Account (Self-Serve)

  1. Open the TerraTrade app or web dashboard.
  2. Go to Settings > Account and choose Delete Account.
  3. Confirm your password and complete the verification prompt.

We immediately queue your account for deletion and sign you out of active sessions. Within 30 days, we delete or anonymize personal data in production systems, subject to the retention exceptions in Section 6. Encrypted backups roll off within 90 days.

B. Delete By Request

If you cannot access your account, email support@terratrade.app from your registered email with the subject "Account & Data Deletion". We may request identity verification. We will confirm receipt within 7 days and complete deletion within 30 days of verification (or as required by law).

C. Scope of Deletion

  • Personal profile data, Trading Data stored by TerraTrade, session tokens, and app content you provided.
  • Connected integrations are disconnected. You may need to revoke access on the third-party side as well.
  • We may retain limited records needed to comply with law, prevent fraud, or resolve disputes (e.g., billing records, security logs) for the applicable retention period.

11. Managing Trading Connections

You can add or remove Trading Connections in Settings > Integrations. Disconnecting stops future imports. Previously imported Trading Data will remain in your account until you delete it or delete your account.

12. Children's Privacy

The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal data, contact us and we will take appropriate steps to remove it.

13. International Data Transfers

We may process and store information in countries other than where you live. Where required, we use appropriate safeguards for international transfers (e.g., Standard Contractual Clauses). By using the Services, you understand that your data may be transferred to and processed in jurisdictions with different data protection laws than your own.

14. Third-Party Links & Services

The Services may link to third-party websites, apps, or services. Their privacy practices are governed by their own policies. We are not responsible for third-party content or practices.

15. Communications Preferences

You may opt out of non-essential emails (like tips and announcements) using the unsubscribe link in the message. We may still send transactional or service-related messages (e.g., security, billing, critical updates).

16. Region-Specific Disclosures

California (CPRA)

  • We collect identifiers, commercial information (subscription status), internet activity (usage logs), geolocation (coarse), and inferences for product improvement.
  • We do not sell your personal information. We do not share for cross-context behavioral advertising without your opt-in where required.
  • You may request access, deletion, and correction. You may designate an authorized agent to make requests on your behalf.

EEA/UK (GDPR)

  • You have rights to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with your supervisory authority.
  • Where consent is the basis, you can withdraw it at any time without affecting prior processing.

17. Changes to This Policy

We may update this Policy to reflect changes to our practices or for legal, technical, or business reasons. We will post the updated Policy with a new "Last updated" date and, where appropriate, notify you via the Services or by email. Your continued use of the Services after changes become effective means you accept the updated Policy.

18. Contact Us

Questions or requests? Email support@terratrade.app.

If you are in the EEA/UK and wish to contact a data protection representative (if applicable) or exercise regional rights, include your country of residence in your email subject line.

Last updated: August 8, 2025