Skip to main content
← Back to Home
Last Updated: January 2025

Privacy Policy

Your privacy and data security are our top priorities. This policy explains how we collect, use, protect, and handle your information.

Quick Navigation

1. Information We Collect2. How We Use Your Information3. Data Storage & Security4. API Key Encryption5. Third-Party Services6. Cookies & Tracking7. Your Rights8. Data Retention9. Contact Us

1. Information We Collect

1.1 Account Information

  • Email address (required for account creation and communication)
  • Password (hashed using bcrypt with minimum 10 rounds)
  • TradingView username (optional, for indicator access)
  • Two-factor authentication settings (if enabled)
  • Account creation and last login timestamps

1.2 Trading Activity Data

  • Received trading signals (symbol, action, price, stop loss, take profit)
  • Signal execution history and results
  • Position data and profit/loss calculations
  • Trading performance metrics and statistics
  • Automation settings and preferences

1.4 Subscription Information

  • Whop customer ID and subscription ID
  • Subscription plan, status, and billing period
  • Payment history (processed by Whop, not stored by us)
  • Subscription changes and cancellation data

1.5 Usage and Technical Data

  • IP addresses and geographic location (for security)
  • Browser type, device information, and operating system
  • Session data and authentication tokens
  • Feature usage patterns and interaction logs
  • Error logs and diagnostic information

2. How We Use Your Information

2.1 Service Delivery

  • Process and execute trading signals automatically
  • Authenticate access to your trading accounts via encrypted API keys
  • Display your trading history, positions, and performance analytics
  • Provide real-time updates via WebSocket connections
  • Manage your subscription and feature access

2.2 Security & Fraud Prevention

  • Verify your identity and prevent unauthorized access
  • Detect and prevent fraudulent activities
  • Monitor for unusual trading patterns or security breaches
  • Enforce rate limiting and API usage policies

2.3 Communication

  • Send account verification and password reset emails
  • Notify you of important account changes or security alerts
  • Provide subscription updates and billing notifications
  • Send service announcements and platform updates
  • Respond to your support requests

2.4 Service Improvement

  • Analyze usage patterns to improve features and performance
  • Debug issues and optimize platform stability
  • Develop new features based on user needs
  • Conduct internal research and analytics

2.5 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and prevent illegal activities
  • Enforce our Terms of Service
  • Protect our rights, property, and safety

3. Data Storage & Security

3.1 Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
  • Encryption at Rest: API keys encrypted with AES-256-GCM
  • Password Security: Bcrypt hashing with minimum 10 rounds
  • Database Security: Encrypted PostgreSQL connections with row-level security
  • Access Control: JWT-based authentication with HTTP-only secure cookies
  • Two-Factor Authentication: Optional TOTP-based 2FA for enhanced security

3.2 Data Storage Location

Your data is stored in secure, encrypted databases hosted by trusted cloud providers. We use geographically distributed backups to ensure data availability and disaster recovery.

3.3 Access Control

Access to your data is strictly controlled:

  • Only authorized personnel with legitimate business needs can access user data
  • All access is logged and monitored
  • Automated systems use least-privilege principles
  • API keys are never transmitted or displayed in plain text

Important Security Notice

While we implement robust security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials, including your password and 2FA device. Never share your login credentials with anyone.

4. API Key Encryption & Protection

Your trading platform API keys are among the most sensitive data we handle. We employ military-grade encryption to protect them:

4.1 Encryption Method

  • Algorithm: AES-256-GCM (Advanced Encryption Standard with Galois/Counter Mode)
  • Key Management: Separate encryption keys stored in secure environment variables
  • Initialization Vectors: Unique IV generated for each encryption operation
  • Authentication Tags: Ensures data integrity and prevents tampering

4.2 API Key Usage

Your API keys are only decrypted:

  • When actively executing trades on your behalf
  • When you explicitly test your connection to Tradovate
  • In memory only, never written to logs or temporary storage
  • With your explicit authorization via active session

5. Third-Party Services

We work with trusted third-party services to provide our platform. Each service has its own privacy policy and data handling practices:

Whop (Subscription Management)

Whop handles all subscription billing and payment processing. We do not store your payment information.

Data Shared: Email address, subscription status, customer ID

Purpose: Manage subscriptions and verify feature access

View Whop Privacy Policy →

Email Service (Resend/SendGrid)

We use email service providers to send transactional emails (verification, password resets, notifications).

Data Shared: Email address, message content, delivery status

Purpose: Deliver important account and security notifications

Database & Infrastructure Providers

We use secure cloud infrastructure providers (e.g., Supabase, Neon, Railway, Upstash) for data storage and caching.

Data Shared: All user data stored in encrypted databases

Purpose: Secure data storage, caching, and platform infrastructure

Important: We do not sell your data to third parties. Third-party services are used solely to provide platform functionality and are bound by strict data processing agreements.

6. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our service:

6.1 Essential Cookies (Required)

  • Authentication Tokens: Secure, HTTP-only cookies for session management
  • Security Tokens: CSRF protection and request validation
  • Preferences: Remember your settings and language preferences

These cookies are necessary for the platform to function and cannot be disabled.

6.2 Analytics Cookies (Optional)

  • Usage statistics and feature adoption metrics
  • Performance monitoring and error tracking
  • User journey and interaction analysis

You can opt out of analytics tracking in your account settings.

6.3 Session Storage

We use browser session storage for temporary data during your active session (UI state, form data, real-time updates). This data is cleared when you close your browser.

7. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, subject to legal and contractual obligations.

Right to Data Portability

Receive your data in a structured, machine-readable format to transfer to another service.

Right to Object

Object to certain types of data processing, including marketing communications.

Right to Restrict Processing

Request limitation on how we use your data in certain circumstances.

Right to Withdraw Consent

Withdraw previously given consent for data processing at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@mrtrader.io

We will respond to your request within 30 days. You may also manage many settings directly from your account dashboard.

8. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

Active Accounts

Data is retained while your account is active and for the duration of your subscription.

Deleted Accounts

When you delete your account:

  • Personal information is deleted within 30 days
  • API keys are immediately purged from all systems
  • Trading signals are anonymized for statistical purposes
  • Backup copies are overwritten within 90 days

Legal Requirements

Some data may be retained longer to comply with legal, tax, or regulatory obligations (typically 7 years for financial records).

Inactive Accounts

Accounts inactive for more than 2 years may be automatically deleted after email notification.

9. International Data Transfers

MrTrader operates globally, and your data may be transferred to and processed in countries other than your own. We ensure adequate protection through:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with all third-party providers
  • Encryption during transit and at rest
  • Compliance with GDPR, CCPA, and other applicable privacy laws

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal data, we will take steps to delete such information immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on your dashboard

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Data Protection Officer

dpo@mrtrader.io

We aim to respond to all privacy-related inquiries within 48 hours. No account required.

Questions About Your Privacy?

Our team is here to help you understand how we protect your data.

Email UsView Terms of Service