Privacy policy
Last updated — March 20261. Data controller
Tradeglyph — hello@tradeglyph.com.
2. Data collected
Upon registration: email address, password (encrypted), first and last name (optional).
During use: trade data imported from your exchanges via read-only API key, API keys (AES-256 encrypted, never accessible in plain text), notes, tags and annotations added to your trades, performance data and statistics.
Automatically: IP address (server logs, kept 30 days), navigation data, browser type and operating system.
During use: trade data imported from your exchanges via read-only API key, API keys (AES-256 encrypted, never accessible in plain text), notes, tags and annotations added to your trades, performance data and statistics.
Automatically: IP address (server logs, kept 30 days), navigation data, browser type and operating system.
3. Purposes
Your data is used to: provide and maintain the Tradeglyph service, manage your account and subscription, generate AI analyses of your trades (data transmitted to the Anthropic API), send email notifications you have enabled, process payments via Stripe, and respond to support requests.
4. Legal basis
Contract performance — service provision, account and subscription management.
Legitimate interest — security, fraud prevention, service improvement.
Consent — email notifications (revocable at any time).
Legal obligation — retention of billing data.
Legitimate interest — security, fraud prevention, service improvement.
Consent — email notifications (revocable at any time).
Legal obligation — retention of billing data.
5. Sub-processors
Vercel Inc. — hosting (USA, Privacy Shield certified).
Anthropic PBC — AI trade analysis (USA, anonymised data).
Stripe Inc. — payment processing (USA, PCI-DSS certified).
These transfers outside the EU are governed by standard contractual clauses (SCC) compliant with the GDPR.
Anthropic PBC — AI trade analysis (USA, anonymised data).
Stripe Inc. — payment processing (USA, PCI-DSS certified).
These transfers outside the EU are governed by standard contractual clauses (SCC) compliant with the GDPR.
6. Retention
Active account data: retained for the duration of the account. Data after account deletion: deleted within 30 days. Billing data: 10 years (French legal obligation). Server logs: 30 days.
7. Your rights (GDPR)
You have the right to access, rectify, erase, port, object to, and restrict the processing of your data. To exercise these rights, contact us at hello@tradeglyph.com. We will respond within 30 days. You may also lodge a complaint with your local data protection authority.
8. Security
Tradeglyph implements: bcrypt password hashing, AES-256 encryption of exchange API keys, HTTPS/TLS on all communications, two-factor authentication (TOTP 2FA), JWT token rotation and revocation, encrypted database backups.
9. Cookies
Tradeglyph uses only strictly necessary cookies for service operation (session, authentication). No third-party advertising or analytics tracking cookies are used.
10. Changes
Any material changes to this policy will be notified by email to active users at least 30 days before taking effect.