Your trades. Your data. Your call.
Plain English, not legalese. Everything here is directly true about the current implementation — if any of this changes, this page changes in the same release.
What we store
Your individual trade rows
Date, time, symbol, side, qty, entry / exit prices, P&L, fees, asset type, option strike / expiration / type, and any notes / playbook tags / emotion tags you add. Exactly what you'd see in the trade log.
Account metadata
Your email, display name, avatar (if uploaded), and the trading accounts you set up in Settings (just the names and colors you chose — not broker credentials).
Session state
An encrypted JWT cookie so you stay logged in across page loads. Expires after 7 days. Contains your user ID + name + admin flag, nothing else.
What we don't store
Your raw CSV file
CSV imports are parsed entirely in your browser — the file bytes never leave your device. We only store the structured trade rows you confirm in the import preview.
Broker credentials
You never enter your broker password or API key anywhere on this site. CSV imports don't need them.
Broker account numbers
The "...XXXX" account tail in Schwab exports, IBKR account IDs, etc. are stripped during parsing and never transmitted.
SSN, tax ID, or banking info
We don't ask for or process any of these. This is a journal, not a broker.
Where your data lives
Database: Neon PostgreSQL
Managed Postgres hosted on AWS (us-east). TLS in transit, encrypted at rest by the provider. Every query is scoped to your user ID — one user can't see another user's trades.
Avatar images: Vercel Blob
The only file storage we use. Images are served from a CDN but tagged to your user ID.
Hosting: Vercel
The app itself runs on Vercel. Standard commercial hosting, HTTPS enforced.
Analytics: Google Analytics 4
Aggregate traffic only. We never send trade-level data (prices, symbols, P&L) to GA. Basic page-view tracking for "how many people use the dashboard vs. the calendar" type questions.
How we protect it
Passwords are hashed with bcrypt
Cost factor 12 (slow enough to resist brute force). Plaintext passwords are never stored or logged. Password reset tokens are hashed before storage — the raw token exists only in the email link.
Per-user data scoping
Every API call goes through a server-side session check. Every database query includes your user ID as a filter. There's no "all trades everywhere" endpoint.
Strong HTTP security headers
HSTS (HTTPS-only for 2 years), Content-Security-Policy, X-Frame-Options: DENY (blocks clickjacking), nosniff, strict referrer policy, and camera / mic / geolocation disabled by Permissions-Policy.
SQL injection is prevented by design
All database queries go through Prisma (our ORM), which parameterizes everything. No raw string-concatenated SQL anywhere.
Your rights
Export everything
Settings → Data → "Export as JSON" downloads a complete dump of your trades, accounts, journal entries, and preferences. Use it to move to another tool, archive, or verify what we hold on you.
Delete your account
Settings → Account → "Delete account" wipes your user record and cascades deletes to your trades, accounts, journal entries, and any avatar file. This action is irreversible. Email receipts and log entries older than 90 days are retained for operational security.
Change your email / password any time
Settings → Account lets you update either without support intervention.
Third parties we rely on
Neon (database)
Stores your trades and account data. Encrypted at rest.
Vercel (hosting + file storage)
Serves the app and stores avatar images.
Google Analytics
Aggregate traffic stats only. Never trade-level data.
Resend (email, when enabled)
Sends password-reset emails only. Not currently active.
Questions?
DM @Rags2Tendies on X. If you've found what looks like a security issue, please reach out privately first rather than posting publicly.