EmotionGuard Logo

Privacy Policy

Introduction

At EmotionGuard, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading analysis platform. Please read this policy carefully to understand our practices regarding your personal data and your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR).

What Data We Collect

We collect the following types of information:

  • Account Information: Email address, first and last name, and password (encrypted)
  • Usage Data: Login activity, features used, interaction with our platform, and session duration
  • Trading Data: Trading patterns, performance metrics, journal entries, emotional tags, and analysis provided through our services
  • Technical Data: IP address, browser type, device information, operating system, and cookies
  • Communication Data: Support inquiries, feedback, and correspondence with our team

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing necessary to provide our trading analysis services and fulfill our Terms of Service
  • Consent: Where you have explicitly given consent for specific processing activities (e.g., marketing communications)
  • Legitimate Interest: To improve our services, ensure platform security, prevent fraud, and provide customer support
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations

How We Use Your Data

We use your personal data for the following purposes:

  • Provide, operate, and maintain our trading analysis platform
  • Improve and personalize your experience with AI-powered insights
  • Analyze usage patterns and optimize our services
  • Communicate with you regarding updates, security alerts, and support
  • Process payments and manage subscriptions
  • Prevent fraudulent activities and ensure platform security
  • Comply with legal obligations and respond to legal requests

Automated Profiling and AI Analysis

EmotionGuard uses automated tools and artificial intelligence to analyze your trading behavior, emotional patterns, and performance data. This automated processing includes:

  • Pattern recognition in trading performance and emotional responses
  • Personalized insights and recommendations based on your data
  • Risk assessment and behavioral analysis for educational purposes
  • Trend identification and performance optimization suggestions

Important: Our automated processing is used solely for analytical and educational purposes. We do not make automated decisions that produce legal effects or significantly affect you. All trading decisions remain entirely under your control.

Third-Party Services

EmotionGuard may use third-party services to support our platform. These services may include:

  • Supabase: For user authentication, database management, and secure data storage
  • Stripe: For secure payment processing and subscription management
  • Resend: For sending transactional emails and service notifications
  • Analytics Providers: To help us understand platform usage and performance
  • Trading Platform APIs: For importing and synchronizing trading data (when connected)

These third-party services have their own privacy policies, and we recommend reviewing them to understand how they handle your data. We only share data with these services as necessary to provide EmotionGuard's functionality.

International Data Transfers

Your data may be stored and processed in countries outside your jurisdiction, including the United States and European Union. When we transfer your personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Certification under recognized privacy frameworks
  • Binding corporate rules where applicable

Our third-party service providers, including Supabase and Stripe, maintain robust international data protection standards and comply with applicable transfer mechanisms.

Data Security

We implement comprehensive security measures to protect your personal data:

  • Encryption: Data is encrypted in transit using SSL/TLS and at rest using industry-standard encryption
  • Access Controls: Strict access controls and authentication mechanisms limit data access to authorized personnel only
  • Infrastructure Security: Our data is hosted on Supabase's secure, SOC 2 Type II compliant infrastructure
  • Regular Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Data Backup: Regular automated backups to prevent data loss
  • Employee Training: Regular security training for all team members with data access

Account Security & User Responsibility

While we implement robust security measures, account security is a shared responsibility. You are responsible for:

  • Safeguarding your password and maintaining its confidentiality
  • All activities that occur under your account
  • Immediately notifying us of any unauthorized account access or security breaches
  • Using strong, unique passwords and enabling two-factor authentication when available
  • Keeping your account information accurate and up-to-date

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Active Accounts: Data is retained while your account remains active and for legitimate business purposes
  • Account Deletion: Upon account deletion, personal data is permanently removed within 90 days, except where legal obligations require longer retention
  • Inactive Accounts: Accounts inactive for 3 years may be automatically deleted after appropriate notice
  • Legal Requirements: Some data may be retained longer to comply with legal, regulatory, or tax obligations
  • Aggregated Data: Anonymized and aggregated data may be retained indefinitely for research and platform improvement

Cookies and Tracking

EmotionGuard uses cookies and similar tracking technologies to track activity on our platform and store certain information. Cookies are files with a small amount of data that may include an anonymous unique identifier. We use cookies for authentication, security, user preferences, and analytics. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent, though this may affect platform functionality.

Children's Privacy

EmotionGuard is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from children under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Your Rights

As a user of EmotionGuard, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data we hold
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your data in certain circumstances
  • Right to Data Portability: Obtain and reuse your data for your own purposes
  • Right to Object: Object to processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days as required by applicable law.

Contact Information

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us.

For GDPR-related inquiries or to contact our Data Protection Officer, you may also reach us through our contact page with "GDPR Request" in the subject line.

Changes to This Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date below. For significant changes, we may also notify you via email or through a prominent notice on our platform. You are advised to review this Privacy Policy periodically for any changes.

Last updated: June 2025