Privacy Policy – MyTradeNotes

1. Who We Are

MyTradeNotes is a trading journal application operated by Marcel Heiniger, based in Switzerland. We are subject to the Swiss Federal Act on Data Protection (nFADSGVO / revDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).

Contact: contact form · Domain: https://mytradenotes.com

2. Data We Collect

Account data — username, email address, password (bcrypt hashed, never stored in plain text)
Trade data — trade records, journal entries, account balances you import or enter manually
cTrader data — if you connect via Open API: access tokens, trade history pulled from your broker
Payment data — handled entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see your card details.
Technical data — IP address and user agent recorded at account creation for GDPR consent logging

3. How We Use Your Data

To provide and operate the trading journal service
To process your subscription via Stripe
To send password reset emails
To comply with our legal obligations (consent log, data retention)

      We do not sell your data. We do not use it for advertising. We do not share it with third parties except as described below.
    

4. Third Parties

Stripe — payment processing. Stripe Privacy Policy
cTrader / Spotware — only if you connect your account via OAuth. Spotware Privacy Policy
Hosting provider — your data is stored on servers in the EU/Switzerland

5. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all personal data is permanently deleted within 30 days. Stripe transaction records may be retained longer for tax/legal compliance.

6. Your Rights

Under nFADSGVO/GDPR you have the right to:

Access the personal data we hold about you
Correct inaccurate data
Request deletion of your account and data
Export your data (available via the app)
Withdraw consent at any time (this will not affect data already processed)
Lodge a complaint with the Swiss FDPIC or your national supervisory authority

To exercise any of these rights, use our contact form.

7. Cookies & Storage

We use a single session cookie to keep you logged in. We use localStorage in your browser to store your UI preferences (theme, branding customisations). No tracking cookies, no analytics, no third-party scripts.

8. Security

All connections are encrypted via HTTPS/TLS. Passwords are hashed with bcrypt (cost factor 12). Access tokens are stored encrypted in the database.

9. Changes

If we make material changes to this policy, we will notify users via email or an in-app notice. Continued use of the service after changes constitutes acceptance.