Privacy Policy

We collect the following categories of information when you use Trackr:

• Account information: Your name and email address when you register.
• Trade data: Trade entries you log, including pairs, results, risk/reward ratios, review notes, chart images, and any custom fields you configure.
• Profile and preferences: Your trading experience level, timezone, country, primary markets, and notification preferences.
• Usage data: How you interact with the application — pages visited, features used, and session duration — to help us improve the product.
• Payment information: Billing information processed via Stripe. We do not store raw card details; these are handled entirely by Stripe.
• Broker sync data: If you connect a broker account, authentication credentials are stored encrypted. We do not share this with third parties.

We use your information to:

• Provide and operate the Trackr service, including storing and displaying your trade journal.
• Generate analytics and insights about your trading performance.
• Power the AI Coach feature using anonymised trade data sent to Anthropic's API.
• Send notifications you have opted into (streak alerts, weekly summaries, compliance alerts).
• Process payments and manage your subscription.
• Improve the product through aggregated, anonymised usage analysis.
• Communicate important service updates and security notices.

We do not sell your personal data to third parties, use it for advertising, or share it with anyone except as described in this policy.

Your data is stored in Supabase, a managed cloud database platform hosted on AWS infrastructure. All data is:

• Encrypted at rest using AES-256 encryption.
• Encrypted in transit using TLS 1.2 or higher.
• Protected by row-level security (RLS) policies — your data is only accessible to you.
• Backed up regularly to prevent data loss.

Access to production systems is restricted to authorised personnel only. We use industry-standard security practices to protect your information.

Trackr uses the following third-party services to operate:

• Supabase — Database, authentication, and file storage. Privacy policy: supabase.com/privacy
• Stripe — Payment processing. Your payment data is governed by Stripe's privacy policy: stripe.com/privacy
• Anthropic (Claude API) — Powers the AI Coach feature. Trade data submitted to AI Coach is processed by Anthropic. We do not share identifying information beyond what you include in your queries.
• Finnhub — Market data and economic calendar information displayed in the app.
• Resend — Transactional email delivery for account confirmation and notifications.

Each third-party service has its own privacy policy governing how they process data. We recommend reviewing their policies if you have specific concerns.

We retain your data for as long as your account is active. Specifically:

• Your account data is kept until you delete your account.
• When you delete your account, all your personal data — including trades, journal entries, trading plans, account records, and AI Coach memories — is permanently deleted within 30 days.
• Aggregated, anonymised analytics data (with no personal identifiers) may be retained indefinitely to improve the product.
• Payment records may be retained for legal compliance purposes for up to 7 years.

You have the following rights regarding your personal data:

• Access: You can view all your data within the app at any time.
• Correction: You can update your profile, trade details, and account information through the app.
• Export: You can export your trade data in CSV format from the Journal page.
• Deletion: You can permanently delete your account and all associated data from Settings → Danger Zone. This action is irreversible.
• Portability: Your exported data is provided in standard CSV format that you can use with other services.
• Withdrawal of consent: You can turn off non-essential notifications and data processing features in Settings.

To exercise any right not available through the app, contact us at privacy@trackrjournal.com.

Trackr uses a minimal set of cookies:

• Essential cookies: Used to manage your authentication session and keep you logged in. These are required for the app to function and cannot be disabled.
• Preference cookies: Stored in localStorage (not server-side cookies) to remember your theme, accent colour, and font size preferences.

We do not use advertising cookies, third-party tracking pixels, or any cookies that profile you for marketing purposes. You can manage cookie preferences through the consent banner that appears on your first visit.

Trackr is operated from Australia and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). As an Australian Privacy Principle entity, we are committed to handling your personal information responsibly.

If you believe we have not handled your personal information in accordance with the APPs, you have the right to make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Legal basis for processing: We process your data on the basis of contract performance (providing the service you signed up for) and legitimate interests (service improvement).
• Right to restriction: You may request that we restrict processing of your data in certain circumstances.
• Right to object: You may object to processing based on legitimate interests.
• Data transfers: Your data may be processed in the United States (via Supabase/AWS) and other countries. We ensure appropriate safeguards are in place through Standard Contractual Clauses.

To exercise your GDPR rights, contact privacy@trackrjournal.com. We will respond within 30 days.

For any privacy-related questions, requests, or complaints, contact us at:

We aim to respond to all privacy enquiries within 30 business days.