Privacy Policy

Last updated: June 23, 2026

1. Introduction

Welcome to TradingStreak. We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we handle your data depending on how you use our application (local mode vs. an online account).

2. Modes of Operation

Local Mode (Default)

By default, TradingStreak operates as a local-first application. Your journal entries, settings, and trading data are stored exclusively in your browser's LocalStorage. We do not have access to this data, and it is never transmitted to our servers.

Online account (Optional)

If you choose to sign in with Google, you use an online account. Your data is securely synced to our database to allow access across multiple devices.

Cookies and LocalStorage

We use cookies and your browser's LocalStorage exclusively for technically necessary functions. These include keeping you logged in (Authentication Cookies) and saving your UI preferences (e.g., whether you have completed the onboarding or closed specific notifications). These local preferences may include your timezone, currency, display settings, onboarding state, and other app configuration needed to provide the journal experience.

Legal basis: We use these technologies based on our legitimate interest (Art. 6 Abs. 1 lit. f DSGVO / GDPR) in providing a fully functional and user-friendly application, and they are strictly necessary to provide the service you requested (§ 25 Abs. 2 Nr. 2 TTDSG / TDDDG). We do not use any cookies for cross-site tracking or advertising.

3. Data We Collect (Online account only)

When you use an online account, we collect and store the following:

  • Account Info: Your email address, name, and profile picture (provided by Google or Discord).
  • Journal Data: The trading journal entries, PnL data, and notes you create.
  • Account Settings and Preferences: Your selected timezone, currency, display preferences, risk settings, and other configuration values used to calculate journal periods, recurring goals, reports, and app display.
  • Legal and Billing Consent Records: When you create or use an online account, we may store the timestamp, legal document versions, accepted consent text, IP address, and user agent needed to document acceptance of the Terms, Pricing Policy, Privacy Policy, and Right of Withdrawal notice.
  • Usage Data: Basic analytics to improve service performance.
  • Meetup & Community Data: If you create or join Meetups, your chosen location data, participation status, and public leaderboard ranking (if enabled) will be visible to other authenticated users.
  • Publishing, Follow, and Subscription Data: If you use creator publishing, follow a creator, subscribe to a creator, or receive creator notifications, we store the relationship, audience settings, subscriber archive access settings, notification preferences, subscription status, and related timestamps needed to provide those features.

4. Creator Publishing, Follows, and Subscriptions

If you publish journal entries, the selected audience can access the content you make available to them. Depending on your settings, this may include public profile information, journal entry text, PnL breakdowns, tags, strategies, brokers shown in the app, attached images, and other entry details. Entries remain private unless you explicitly publish or share them.

If you follow or subscribe to a creator, we process your relationship to that creator, email notification preference, subscription status, current billing period, and cancellation state so we can provide the following feed, gated entry access, and creator notifications.

If you connect Stripe as a creator, Stripe collects identity, business, tax, payout, bank, and compliance information directly from you. We store only the connected account identifier, selected account country, onboarding and readiness status, Stripe product or price identifiers, and related metadata needed to operate paid creator subscriptions. We do not store full payment card numbers or full bank account details.

5. Infrastructure & Security

We use industry-standard security measures to protect your data:

  • Hosting: Our application is self-hosted on a secure Virtual Private Server (VPS) provided by IONOS SE (Elgendorfer Str. 57, 56410 Montabaur, Germany).
  • Database: Your data is stored in a private PostgreSQL database hosted on the same secure VPS infrastructure located in Germany.
  • Encryption: All data transmission is encrypted using SSL/TLS (Let's Encrypt).
  • Access Control: Our database is protected within a private Docker network and is not directly exposed to the public internet.

6. Third-Party Services

We use the following third-party services:

  • Google & Discord: For authentication (OAuth).
  • Stripe and Stripe Connect: For TradingStreak billing, creator subscription checkout, billing portal access, creator connected-account onboarding, payment processing, fraud prevention, compliance checks, and payouts.
  • Geocoding & Maps: If you create a Meetup, the location you input is processed via geocoding services to generate coordinates for our interactive 3D globe visualization.
  • ipapi.co: For automatic location-based currency detection during onboarding. Your IP address is processed briefly to determine your approximate location and local currency.
  • Google Gemini (AI): If you opt-in to AI Coaching Reports or use the AI Trading Copilot, your anonymized journaling data (such as trades, win rate, and PnL) and any user-provided AI coaching focus or trading challenges may be sent to Google's Gemini API to generate insights. This data is not used by Google to train its core models.

7. Payment processing via Stripe

If you make a payment using the Stripe payment service, we store data in connection with your transaction. This data has no direct personal reference, but is nevertheless mentioned here for completeness. Data processed by the third party payment provider is subject to their privacy policy.

For paid creator subscriptions, Stripe Checkout and the Stripe billing portal may process your email address, payment method, billing information, subscription, invoices, refunds, disputes, and related transaction data. We store the Stripe customer ID, checkout session ID, subscription ID, subscription status, billing period end, and cancellation-at-period-end flag needed to grant or revoke access.

1. Scope of data processing

  • Stripe Customer ID (if available)
  • Stripe email address (for transaction confirmation)
  • Transaction ID (tx_id)
  • Stripe Checkout Session ID and Subscription ID, if applicable
  • Currency used
  • Final payment amount
  • Legal consent records for billing eligibility

This data contains no direct personal reference and is used exclusively for:

  • Transaction verification
  • Customer support
  • Accounting purposes

2. Purpose of data processing

The processing of this data serves documentation purposes, fulfillment of our contractual obligations, and compliance with legal requirements (particularly tax regulations).

3. Legal basis for processing

Art. 6(1)(b) GDPR (contract fulfillment) for payment processing and Art. 6(1)(c) GDPR (legal obligation) for retention according to § 147 German Tax Code. Processing by Stripe is based on your consent (Art. 6(1)(a) GDPR) when using Stripe Checkout.

4. Duration of storage

Transaction data is stored for 10 years according to § 147 German Tax Code (tax retention requirements). Stripe stores data according to their policies (https://stripe.com/privacy).

5. Possibility of objection and elimination

Objection to the processing of this data required for contract fulfillment and legal obligations is not possible, as the processing is necessary for compliance with our legal requirements.

8. Email Newsletter & Updates

If you explicitly opt-in to our Email Newsletter in your account settings, your email address will be processed by our third-party email provider (Brevo) to send you product updates, trading insights, and important account notices. Furthermore, to analyze and improve the content we send you, we track if you click on links within those emails (Click Tracking).

Legal basis:

The processing of this data is based exclusively on your consent (Art. 6(1)(a) GDPR).

Possibility of objection and elimination:

You can withdraw your consent at any time via the settings page by toggling off the Email Newsletter, or by using the unsubscribe link provided in every newsletter email. This will automatically delete your email from our mailing lists.

9. Creator Entry Notification Emails

If you follow or subscribe to a creator and email notifications are enabled for that relationship, we may send you a notification when that creator publishes a new journal entry for your audience. These emails are sent through our email provider and include only the preview or access information required for the notification.

You can turn off creator notification emails per creator where the app provides this setting. We may still send transactional account, payment, security, or legally required notices.

10. Your Rights

You have the right to export your data (Backup) or delete your account and all associated data at any time via the Profile settings.