Privacy Policy

TradeBoxOS ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use our browser extension and related services (collectively, "the Service"). Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

Information You Provide Directly

• Account information: Email address, username, and authentication credentials when you create an account or sign in
• User content: Trading strategies, journal entries, configurations, watchlists, and preferences you create within the Service
• Communications: Messages, feedback, and inquiries you send to us through support channels or email
• Payment information: If you subscribe to a paid plan, payment is processed by Stripe, our third-party payment processor. We do not directly store your full credit card number or banking details. For details on how Stripe handles your data, see Stripe's Privacy Policy

Information Collected Automatically

• Usage data: Feature usage patterns, interaction events, session duration, and performance metrics to improve the Service
• Device information: Browser type and version, operating system, screen resolution, and language preferences
• Error data: Crash reports, error logs, and diagnostic data to maintain Service reliability
• IP address: Collected for security purposes, fraud prevention, and approximate geolocation (country/region level only)

Information We Do NOT Collect

• We do not collect your TradingView login credentials or passwords
• We do not collect or store your brokerage credentials, bank details, or financial account numbers
• We do not track your browsing activity outside of TradingView
• We do not sell, rent, or trade your personal data to third parties for advertising or marketing purposes
• We do not use your personal trading data to train our AI models without your explicit consent

2. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Service to you (e.g., account management, delivering features you requested)
• Legitimate interest: Processing for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud, provided these interests do not override your fundamental rights
• Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time
• Legal obligation: Processing necessary to comply with applicable laws and regulations

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Service
• Process your strategies, journal entries, and analysis requests
• Authenticate your identity and manage your account
• Send important service updates, security alerts, and administrative notifications
• Respond to your support inquiries and provide customer assistance
• Analyze usage trends and patterns to improve user experience and develop new features
• Detect, investigate, and prevent fraud, abuse, security incidents, and technical issues
• Comply with legal obligations and enforce our Terms of Service
• Communicate with you about new features, updates, or promotions (only with your consent where required by law)

4. AI and Data Processing

TradeBoxOS uses artificial intelligence to provide features such as strategy generation, market analysis, and trade insights. When you use AI-powered features:

• Your inputs (such as strategy descriptions or prompts) are processed by our AI systems to generate outputs
• We may use aggregated, anonymized usage data to improve our AI models, but we do not use your personal trading data or identifiable information for AI training without your explicit consent
• AI outputs are generated automatically and are not reviewed by humans unless you contact support
• You may request deletion of your AI interaction history at any time

5. Data Storage and Security

Your data is stored securely using industry-standard encryption, both in transit (TLS 1.2 or higher) and at rest (AES-256 encryption). We implement appropriate technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction, including:

• Encrypted database storage with access controls
• Regular security audits and vulnerability assessments
• Access limited to authorized personnel on a need-to-know basis
• Secure coding practices and code review processes

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your data using commercially reasonable measures, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share data only in the following limited circumstances:

• Service providers: Trusted third-party services that help us operate the Service, bound by data processing agreements and strict confidentiality obligations. These include:
  • Vercel: Application hosting and deployment infrastructure. Your requests are processed through Vercel's servers, which may be located in various regions. See Vercel's Privacy Policy
  • Supabase: Database hosting, data storage, and authentication services. Your account data, waitlist entries, and user content are stored on Supabase's infrastructure. See Supabase's Privacy Policy
  • Vercel Analytics: Privacy-focused website analytics that collects page views, visitor counts, and performance metrics. See Vercel Analytics Privacy Policy
  • Stripe: Payment processing for paid plans. See Stripe's Privacy Policy
• Legal requirements: When required by law, regulation, subpoena, court order, or other legal process, or when we believe disclosure is necessary to protect our rights or safety
• Safety and security: To protect the rights, property, or safety of TradeBoxOS, our users, or the public, including to detect or prevent fraud
• Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets. In such cases, we will notify affected users and ensure the acquiring entity is bound by this Privacy Policy or provides equivalent protection
• With your consent: In any other circumstances where you have given explicit consent to share your data

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service to you. Specifically:

• Active accounts: Data is retained for the duration of your account and use of the Service
• Account deletion: If you request account deletion, we will delete or irreversibly anonymize your personal data within 30 days, except where retention is required by law
• Legal obligations: Certain information may be retained for longer periods as required by tax, accounting, or other legal requirements
• Anonymized data: Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytical purposes

8. Your Rights

Rights for All Users

Regardless of your location, you have the right to:

• Access the personal data we hold about you
• Correct any inaccurate or incomplete data
• Delete your personal data and account
• Export your data in a commonly used, machine-readable format
• Opt out of marketing communications at any time

Additional Rights Under the GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you additionally have the right to:

• Restrict certain processing of your personal data
• Object to processing based on legitimate interest
• Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal
• Data portability: Receive your data in a structured, commonly used, and machine-readable format
• Lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated

Additional Rights Under the CCPA/CPRA (California)

If you are a California resident, under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the right to:

• Know what personal information we collect, use, disclose, and sell
• Delete your personal information
• Opt out of the sale or sharing of your personal information (note: we do not sell your data)
• Non-discrimination: Not receive discriminatory treatment for exercising your privacy rights
• Correct inaccurate personal information
• Limit use of sensitive personal information

To exercise any of these rights, please contact us at support@tradeboxos.com. We will respond to all valid requests within 30 days (or within the timeframe required by applicable law).

9. Cookies and Local Storage

The TradeBoxOS extension uses browser local storage and session storage to save your preferences, authentication tokens, and session data. This is necessary for the Service to function properly.

Our website (tradeboxos.com) uses essential cookies for functionality such as session management. Specifically:

• Essential cookies: Required for basic site functionality, authentication state, and session management. These cannot be disabled
• Analytics (Vercel Analytics): We use Vercel Analytics to collect anonymous, aggregated data about page views, visitor counts, and site performance. Vercel Analytics does not use cookies, does not collect personal information, and does not track users across websites. It does not create advertising profiles. Data collected includes: page URL, referrer, browser type, operating system, device type, and country (derived from anonymized IP addresses). IP addresses are not stored

We do not use third-party advertising cookies, tracking pixels, or any other cross-site tracking technologies.

10. Browser Extension Permissions

The TradeBoxOS browser extension requests certain browser permissions to function. These permissions are used solely for the purposes described below:

• Access to TradingView pages: Required to integrate our tools into the TradingView interface and read chart data necessary for analysis features
• Storage: Used to save your preferences, settings, and cached data locally on your device
• Network requests: Required to communicate with our servers for AI processing, data synchronization, and account management

We only request the minimum permissions necessary for the Service to function. The extension does not access other websites, browser history, or data unrelated to TradingView.

11. Third-Party Links

The Service and our website may contain links to third-party websites or services (e.g., TradingView, social media platforms). We are not responsible for the privacy practices, content, or security of these third-party sites. We encourage you to review the privacy policies of any third-party services you visit.

12. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18, we will take steps to delete that information as quickly as possible. If you believe a child under 18 has provided us with personal data, please contact us immediately at support@tradeboxos.com.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States, where our hosting provider (Vercel) and database provider (Supabase) operate infrastructure. These countries may have data protection laws that differ from the laws in your jurisdiction. When we transfer data internationally, we ensure that appropriate safeguards are in place to protect your data, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with our service providers
• Compliance with applicable data transfer frameworks

14. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant data protection authorities within 72 hours of becoming aware of the breach, where required by law
• Notify affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms
• Provide details about the nature of the breach, the data affected, the likely consequences, and the measures we are taking to address it

15. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Since we do not engage in cross-site tracking, our Service responds to DNT signals by default. We do not track you across third-party websites regardless of your DNT setting.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by: (a) posting the updated policy on our website with a revised "Last updated" date, (b) sending you an email notification, or (c) displaying a notice within the Service. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy. If you do not agree with the updated policy, you should stop using the Service and contact us to delete your account.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data practices, please contact us:

• Email: support@tradeboxos.com
• Subject line: "Privacy Inquiry" for faster routing

We will acknowledge your request within 48 hours and provide a substantive response within 30 days (or within the timeframe required by applicable law).