Your Privacy Matters

Privacy Policy

We believe your data is yours. Here's exactly what we collect, why we collect it, and how we protect it.

Last updated: January 1, 2025 5 min read GDPR Compliant
1

Overview

Welcome to The Profit Journal ("we", "our", or "us"). We operate the website and trading journal application at profitjournal.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

We built The Profit Journal for traders, by traders. We have zero interest in selling your data or using it for anything other than making your experience better.

By using our service, you agree to the collection and use of information in accordance with this policy. If you disagree with any part, please discontinue use of our service.

2

Data We Collect

We collect only what's necessary to provide you with a great trading journal experience:

  • Account Information: Your name, email address, and profile picture — provided via Google OAuth when you sign in.
  • Trade Data: All trade entries you log including symbol, entry/exit prices, P&L, notes, emotions, and strategy tags.
  • Usage Data: Pages visited, features used, and time spent — collected anonymously to improve the product.
  • Device Information: Browser type, operating system, and IP address for security and analytics purposes.
  • Cookies & Local Storage: Session tokens and preferences to keep you logged in and remember your settings.

We do NOT collect your broker credentials, bank details, actual account balances, or any financial account access information.

3

How We Use Your Data

Your data is used exclusively to power your trading journal experience:

  • To create and manage your account securely
  • To store, display, and analyze your trade history
  • To generate your analytics, equity curves, and performance reports
  • To power the leaderboard (only if you opt in)
  • To send important service updates and security alerts via email
  • To improve our product based on aggregated, anonymized usage patterns
  • To prevent fraud, abuse, and unauthorized access

We will never use your data for advertising, sell it to third parties, or use it in any way not described here without your explicit consent.

4

Data Sharing & Third Parties

We share your data with a minimal set of trusted service providers who help us operate:

  • Supabase: Our database and authentication provider. Your trade data is stored securely on Supabase's infrastructure with row-level security.
  • Google OAuth: Used only for authentication. We receive your name, email, and profile picture — nothing else.
  • Cloudflare: Our hosting and CDN provider. They process network traffic but do not have access to your personal data.

All third-party providers are bound by strict data processing agreements and are prohibited from using your data for their own purposes.

We may disclose your information if required by law, court order, or to protect the rights and safety of our users.

5

Data Security

We take security seriously and implement industry-standard measures to protect your data:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Authentication is handled via Google OAuth — we never store your password
  • Row-level security (RLS) ensures users can only access their own data
  • Regular security audits and dependency updates
  • Automatic session expiry and secure token rotation

While we implement strong security measures, no system is 100% secure. We encourage you to use a strong, unique password for your Google account and enable 2FA.

6

Cookies & Tracking

We use minimal cookies and local storage to make the app work properly:

  • Session Cookies: To keep you logged in during your session
  • Preference Storage: To remember your dashboard settings and theme preferences
  • Analytics: Anonymous, aggregated usage data — no personal identifiers

We do not use advertising cookies, tracking pixels, or any third-party marketing trackers. You can clear cookies at any time through your browser settings, though this will log you out.

7

Your Rights

You have full control over your data. At any time, you can:

  • Access: Request a complete export of all your data
  • Correct: Update or correct any inaccurate information
  • Delete: Request permanent deletion of your account and all associated data
  • Portability: Export your trade data as CSV at any time from the dashboard
  • Opt-out: Disable leaderboard participation or analytics collection
  • Withdraw Consent: Revoke Google OAuth access at any time via your Google account settings

To exercise any of these rights, email us at privacy@profitjournal.com. We will respond within 30 days.

8

Children's Privacy

The Profit Journal is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@profitjournal.com and we will delete that information promptly.

9

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to all registered users for material changes
  • Display a banner on the app for 30 days after significant updates

Continued use of the service after changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

10

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

We aim to respond to all privacy-related inquiries within 2 business days.