Privacy Policy

1. Information We Collect

Account information: email address, name, password hash, and (optionally) profile photo and Google OAuth identifiers when you sign in with Google.

Subscription & billing data: plan, status, billing period, Stripe customer ID, and last-4 of your card. Full card numbers and bank details are handled directly by Stripe — we never see or store them.

User content: chart screenshots you upload, prompts and conversations with the AI mentor, trade journal entries, trade history files you submit for evaluation, lesson progress, and ratings.

Usage data: pages viewed, features used, credits consumed, device type, browser, IP address, approximate location (derived from IP), timestamps, and error logs.

Affiliate data: if you join the affiliate program, your referral code, referrals, commissions, payout requests, and Stripe Connect account ID.

Cookies & similar technologies: session cookies for authentication, a referral-tracking cookie, and first-party analytics cookies. No third-party advertising trackers.

2. How We Use Your Information

• To create and operate your account and authenticate you.
• To generate AI chart analyses, lessons, voice replies, and trade evaluations.
• To process subscriptions, credits, and affiliate payouts.
• To save your history, journal, and progress so you can come back to them.
• To send service emails (verification, password resets, receipts, important changes).
• To monitor performance, detect abuse and fraud, and debug errors.
• To improve the Service and develop new features.
• To comply with legal obligations and enforce our Terms.

We do not sell your personal data and we do not use your User Content to train third-party AI models.

3. Legal Bases (EEA/UK)

Where the GDPR/UK GDPR applies, we rely on: performance of a contract (running your account, billing), legitimate interests (security, fraud prevention, product improvement), consent (optional analytics/marketing where required), and legal obligation (tax, accounting, regulatory requests).

4. AI Processing

To generate responses, we send your prompts, chart images, and relevant context to third-party AI providers including OpenAI, Google, and Anthropic via secure APIs. These providers process the data solely to return your response and have contractually agreed not to use API inputs/outputs to train their models. AI responses may be temporarily cached for performance.

5. Service Providers & Sharing

We share data only with vetted providers that help us run the Service:

• Stripe — payments, subscriptions, and Connect payouts.
• Supabase — authentication, database, and file storage (hosted in the EU/US).
• AI providers — OpenAI, Google, Anthropic.
• TradingView — chart symbol search and snapshots.
• Analytics & error tracking — PostHog, Sentry.
• Email delivery — for transactional and account emails.

We may also disclose information to comply with law, valid legal process, or to protect the rights, property, or safety of Trendsetter Labs, our users, or the public. In the event of a merger or acquisition, your data may be transferred to the successor entity under this Policy.

6. International Data Transfers

Your data may be processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

7. Data Retention

We retain account, billing, and User Content for as long as your account is active and for a reasonable period after for legal, tax, and fraud-prevention purposes (typically up to 7 years for billing records). You can delete your User Content from Settings, and we will delete or anonymize remaining data within 30 days of account deletion except where retention is legally required.

8. Your Rights

Depending on where you live (e.g., EEA, UK, California, Brazil), you may have the right to: access, correct, or delete your data; object to or restrict processing; port your data; withdraw consent; and lodge a complaint with your local data protection authority. California residents have additional CCPA/CPRA rights and we do not "sell" or "share" personal information as those terms are defined. To exercise any right, email privacy@trendsetterlabs.com — we will respond within the time required by applicable law.

9. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Security

We encrypt data in transit (TLS) and at rest. Row-level security policies in our database restrict access to your own data. We use scoped service credentials, audit logs, and regular dependency scanning. No system is 100% secure — please use a strong, unique password and notify us of any suspected compromise.

11. Cookies

Strictly-necessary cookies keep you signed in and remember your referral source. Analytics cookies (PostHog) help us understand usage. You can control cookies through your browser settings; disabling strictly-necessary cookies will break sign-in.

12. Changes to This Policy

We may update this Policy as the Service evolves. Material changes will be announced in-product and the "Last updated" date above will reflect the revision.

13. Contact

Privacy questions or requests: privacy@trendsetterlabs.com
General support: support@trendsetterlabs.com