Legal

Privacy Policy

We keep the minimum data we need to run a trading tool. This page tells you exactly what that is and what your rights are.

Last updated: April 8, 2026

The short version. We store your email, your trade journal, your saved scans, and your linked-broker tokens. We use Stripe for payments, Polygon for market data, SnapTrade for broker connectivity, and Amazon SES for email. We do not sell your data, we do not run third-party ad trackers, and we do not have any first-party analytics pixel on marketing pages at time of writing. You can delete everything with one email.

1. Who is responsible for your data

The data controller for Tradient is the operator of tradient.net. You can reach us at privacy@tradient.net for any question about this policy, a data access request, or a deletion request.

2. What we collect and why

2.1 Account data

When you create an account we store your email address and a salted-and-hashed password (via bcrypt) or a WebAuthn passkey public key. We never store your password in plain text and we never see the private half of a passkey — only your authenticator does. We log the IP address and user agent of successful logins for security monitoring and keep those records for up to 90 days.

2.2 Trade and scan data

The following lives in your account because the product literally cannot function without it:

  • Trade journal entries you log manually or via a linked broker.
  • Saved scans, watchlists, and strategy templates.
  • Paper-broker positions, fills, and P&L history.
  • Notes, tags, and annotations you attach to any of the above.
  • Alert rules and their firing history (when they triggered, what we notified you about).

We use this data only to operate the Service for you. We do not aggregate trade data across users for resale, and we do not publish your trades to anyone.

2.3 Broker connectivity (SnapTrade)

If you link a live brokerage account through SnapTrade, we store an encrypted SnapTrade user secret so we can request your positions and place orders on your behalf. We do not store your brokerage username or password — SnapTrade handles the OAuth/credential flow directly with your broker. You can revoke the link at any time from the account portfolio page or by emailing support.

2.4 Payment data

All payments are processed by Stripe. We never see or store your full credit card number or CVV. We store only:

  • Your Stripe customer ID.
  • The subscription plan and status.
  • The last 4 digits and brand of the card on file (for display only).
  • Invoices and payment history surfaced to us by Stripe.

Stripe's own privacy notice is at stripe.com/privacy.

2.5 Email

Transactional email (magic links, password resets, billing receipts, alert notifications) is sent via Amazon Simple Email Service (SES). SES processes your email address and message body to deliver the message and keeps delivery logs per its retention policy. We do not send marketing email unless you explicitly opt in, and every marketing message contains an unsubscribe link.

2.6 Market data

Market data (quotes, option chains, Greeks, IV history) comes from Polygon.io. Market data is not personal data about you and is not linked to your identity when we fetch it. Your individual scan requests are not sent to Polygon in a way that identifies you.

2.7 Cookies and local storage

Tradient uses cookies and browser local storage for:

  • Session management. A JWT stored in anHttpOnly cookie to keep you logged in.
  • CSRF protection. A rotating anti-forgery token on state-changing requests.
  • UI preferences. Light/dark theme and layout toggles, stored in localStorage on your device only — never sent to us.

We do not set third-party advertising cookies. We do not run Google Analytics, Meta Pixel, or similar trackers on marketing pages at the time of writing. If this ever changes, we will update this policy and — where required — ask for your consent first.

2.8 Server logs and error tracking

Our servers log standard request metadata (timestamp, HTTP method, path, status code, IP, user agent, request ID) for operational debugging and abuse detection. These logs are retained for up to 30 days and are not used for profiling. If we use a third-party error-tracking service (such as Sentry), we will scrub personal identifiers from payloads before sending and we will list the processor here.

3. How we use your data

  • Operate the Service. Run scans, display your trades, route paper/live orders, send you the alerts you asked for.
  • Bill you. Handle subscription renewals and receipts through Stripe.
  • Secure the platform. Detect and block abuse, brute-force login attempts, and rate-limit violations.
  • Communicate with you. Transactional email for account events, and — only if you opt in — occasional product updates.
  • Comply with law. Respond to lawful requests from authorities when required.

We do not sell, rent, or trade your personal data to data brokers, advertisers, or anyone else.

4. Sub-processors we rely on

These are the third-party services that receive some subset of your data in order to help us run Tradient:

  • Linode / Akamai — cloud infrastructure hosting the application servers and the Postgres database.
  • Stripe — payment processing.
  • SnapTrade — broker connectivity, position sync, and order routing.
  • Polygon.io — market data provider.
  • Amazon Web Services (SES) — transactional email delivery.
  • Let's Encrypt — TLS certificate issuance (receives only our domain name).

We review sub-processors before onboarding them and require them to have reasonable security and privacy practices.

5. How long we keep your data

  • Account data — for as long as your account is active, plus up to 30 days after deletion to allow for reversal of accidental deletions.
  • Trade journal and scan history — same as account data.
  • Login/security logs — up to 90 days.
  • Billing records — up to 7 years (retained by Stripe for tax/accounting purposes; we keep metadata for the same period).
  • Server request logs — up to 30 days.
  • Backups — nightly encrypted Postgres dumps with a 14-day rolling retention window.

6. Security

We host Tradient on a hardened Linux VPS with a restrictive firewall (only HTTPS is exposed to the public internet), fail2ban on SSH, automated security updates, and non-root container runtimes. Traffic is served over TLS 1.2+ with HSTS. Passwords are hashed with bcrypt; passkeys use WebAuthn. Database backups are stored with restricted filesystem permissions.

No system is perfectly secure. If you believe you have found a security vulnerability, please email security@tradient.net and give us a reasonable window to patch before disclosure.

7. Your rights

Depending on where you live, you may have the right to:

  • Access — ask for a copy of the personal data we hold about you.
  • Rectify — correct inaccurate or incomplete data.
  • Erase— ask us to delete your account and associated data (“right to be forgotten”).
  • Port — receive your trade journal and saved scans in a portable format (CSV or JSON).
  • Object / restrict processing — where we rely on legitimate interest as the legal basis.
  • Withdraw consent — where we rely on consent (e.g., marketing emails).
  • Lodge a complaint with your local data protection authority (for EU/UK residents).

To exercise any of these rights, email privacy@tradient.net from the address on file. We will respond within 30 days.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect about you, to request deletion, and to opt out of “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under the CCPA/CPRA. You will not be discriminated against for exercising any CCPA right.

EU/UK residents (GDPR)

Our legal bases for processing are: contract (to provide the Service you signed up for), legitimate interest (to secure the platform and improve the product), consent (for optional marketing email), and legal obligation (to comply with applicable law). International transfers from the EU/UK rely on Standard Contractual Clauses or equivalent safeguards.

8. Children

Tradient is not directed to children under 18 and we do not knowingly collect personal data from children. If you believe a child has created an account, email privacy@tradient.net and we will delete it.

9. Changes to this policy

We may update this Privacy Policy as the product evolves or as laws change. If the changes are material — new sub-processor, new data category, changed retention — we will notify you by email and update the “last updated” date at the top of this page.

10. Contact

Privacy questions, access requests, and deletion requests: privacy@tradient.net. Security disclosure: security@tradient.net. Everything else: support@tradient.net.

Questions about this document? Email legal@tradient.net. For product support, use support@tradient.net.

Terms of ServicePrivacy PolicyRisk Disclaimer