← Back

Privacy Policy

Last updated: 2026-05-29

This Policy describes what data Trading Tracker collects, why we collect it, and how it is handled.

1. Data We Collect

• Account data: username, optional email, hashed password, account creation timestamp.
• Trade journal: stock and option trades you record or import (ticker, prices, dates, fees, notes, tags).
• Financial entries: deposits, withdrawals, starting balance, W2 income, tax-year configuration — only what you choose to enter.
• Imported broker data: CSV files you upload are parsed and the relevant rows stored. The raw file is retained temporarily in /uploads/imports/ for audit/undo, then can be deleted.
• Operational logs: auth attempts (with IP), email send logs, API provider call logs. Used to enforce rate limits and to debug provider issues.

2. Data We Do Not Collect

We do not collect brokerage credentials. We do not place orders. We do not have access to your money. We do not sell or share your data with third parties for marketing.

3. How Your Data Is Used

• To render your own dashboard, charts, and reports.
• To send account-related emails (verification, password reset).
• To enforce rate limits and detect abuse.

4. Third-Party Data Providers

When you use research features (quotes, news, options chains), the Service fetches data from third-party APIs (Finnhub, Polygon, Tradier, Alpha Vantage, NewsAPI). The ticker symbol is sent to those providers. Your trade-journal data is never sent to them.

5. Data Retention

Your data is retained as long as your account exists. Deleting your account erases your trades, options trades, watchlists, alerts, balance adjustments, imports, and any associated tokens. Anonymous operational logs (e.g. auth attempt counts) may be retained for security purposes.

6. Security

Passwords are hashed with the modern PHP password hashing algorithm. Sessions are cookie-based, marked HttpOnly + SameSite=Lax, and (in production) marked Secure. All inter-user data is scoped server-side by user_id.

7. Cookies

We use a single session cookie (PHPSESSID) for authentication. We do not use tracking pixels, third-party analytics, or advertising cookies.

8. Your Rights

You can view, edit, or delete any data you've entered at any time. To delete your entire account, contact your administrator (or use the account delete feature in Settings when available).

9. Children

The Service is not intended for users under 18.

10. Changes

Material changes to this Policy will be flagged in-product or by email.

11. Contact

Questions about your data? Contact your administrator.