Privacy Policy
Last updated: June 8, 2026
This Privacy Policy explains how TraderCore ("we", "us") collects, uses, and protects information when you use our website and services (the "Service"). TraderCore is operated from the Republic of Serbia and is offered to a global audience. This policy is written to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and the Serbian Law on Personal Data Protection (ZZPL).
1. Who we are
Controller: TraderCore. Contact: support@tradercore.live. If you are in the EU/UK and wish to contact us about your rights, please use the same email and we will respond within 30 days.
2. Information we collect
- Account data: your email address and authentication provider identifier (email/password or Google OAuth) via our authentication provider.
- User content: trade journal entries, trade records, notes, and any other content you create in the app, stored in our managed database.
- Local storage on your device: session timestamp, recent whale-activity cache, onboarding flag, and workspace preferences. This data stays on your device unless you sign in, in which case relevant trades may be synced to your account.
- Technical data: IP address, user agent, and request logs collected by our hosting provider for security and reliability.
- Optional AI prompts: if you use the in-app Copilot or trade-review features, the text you submit is sent to our AI provider to generate a response.
3. How we use your information
- To provide and maintain your account and the Service.
- To store and display your trade journal and notes.
- To generate AI responses you explicitly request.
- To secure the Service against abuse and to debug errors.
- To comply with legal obligations.
4. Legal bases (GDPR / UK GDPR / ZZPL)
- Contract — to deliver the account features you sign up for.
- Legitimate interest — to keep the Service secure, prevent abuse, and improve reliability.
- Consent — for any non-essential cookies and, in future, marketing emails. You can withdraw consent at any time.
- Legal obligation — to comply with applicable laws.
5. Third-party processors
We use the following processors to operate the Service. Each is bound by contractual data-protection terms:
- Hosting & database (Lovable Cloud / Supabase): account data and user content.
- Authentication (Supabase Auth, Google OAuth): sign-in.
- AI provider (Lovable AI Gateway): processes prompts you submit to Copilot/review features.
- Public market-data APIs (Binance, Bybit, Finnhub) and news RSS sources: we fetch public market and news data; these providers do not receive your account information.
6. Payments (Pro plan)
We currently do not process payments. When the Pro plan launches, payments will be handled by a regulated payment processor (e.g. Stripe or Paddle). We will not receive or store your full card number. This section will be updated before any paid feature is enabled.
7. International transfers
Your data may be processed in countries outside your country of residence, including the European Union and the United States. Where required, transfers rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms.
8. Data retention
- Account data: kept until you request deletion.
- Trade journal and notes: kept while your account is active.
- Server logs: typically 30–90 days.
- Local storage on your device: cleared by your browser or by you.
9. Your rights (GDPR / UK GDPR / ZZPL)
- Access — request a copy of your personal data.
- Rectification — correct inaccurate data.
- Erasure — request deletion of your account and data.
- Restriction — limit how we process your data.
- Portability — receive your data in a portable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — at any time, without affecting prior processing.
- Lodge a complaint with your local supervisory authority (in Serbia: the Commissioner for Information of Public Importance and Personal Data Protection).
To exercise any right, email support@tradercore.live.
10. Your rights — California residents (CCPA/CPRA)
If you are a California resident you have the right to know what personal information we collect, to delete it, to correct it, to opt out of "sale" or "sharing", and not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. To exercise a right, email support@tradercore.live.
11. Cookies and local storage
We use only essential cookies and browser local storage required to keep you signed in and remember your in-app preferences. We do not use advertising cookies or third-party analytics trackers. When that changes, we will request consent first.
12. Security
We use industry-standard measures including TLS in transit, encryption at rest at the database level, and row-level security so each user can access only their own records. No system is perfectly secure; please use a strong, unique password.
13. Children
The Service is intended for users aged 18 and over. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.
14. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be highlighted in-app.
15. Contact
Questions about this policy or your data: support@tradercore.live.