Privacy Policy

MindTradr is operated by MiKaro Media sp. z o.o., a Polish limited company. NIP: 8811502248. Registered office: Poland. We act as the data controller for personal data processed through the app and the marketing site. For any data request — access, export, deletion — write to hello@mindtradr.com.

We collect only what we need to run the journal and improve it:

• Account — email address (via Supabase Auth) and, if you sign in with Google, the email + display name Google returns.
• Trade data — every trade you log: ticker, entry/exit, P&L, setup, platform, currency, attached notes, fees, leverage.
• Psychology entries — mood, sleep quality, stress level, morning intentions, end-of-day reflections, tagged mistakes, and trading rules you create.
• Usage analytics — anonymous product events (which screens you open, which features you use, paywalls shown / dismissed) via Posthog. Used to improve the product; not sold or shared with marketers.

Your account and journal data are stored in Supabase, a cloud database provider. We use the EU region. Every table is locked down with row-level security so only you can read or write your own rows. Backups are encrypted at rest and rotated by Supabase.

AI features (Pulse, Sanity Check, Coach Insights, Coach Chat, Pattern Breakdowns) send a minimal slice of your trade data to Anthropic's Claude API for processing. The request is anonymised — we do not send your email, name, or any account identifier. Anthropic processes the request to generate the response and does not retain it beyond that processing per their commercial terms. The AI response is stored in our cache (one row per user per day for Pulse / Insights; cached briefly for Sanity Check).

When you upgrade to Pro, payments are processed by Whop as the Merchant of Record. They handle the checkout, tax compliance, and stored card data on their PCI-compliant infrastructure. We never see or store your card number. We receive a webhook with your subscription state (active / past due / cancelled) and a Whop membership ID, which we link to your account so the app knows your tier.

We use two categories of browser storage:

• Auth session — a Supabase session token (HTTP-only cookie + localStorage fallback) so you stay signed in.
• Analytics — Posthog uses a first-party cookie + local storage to deduplicate sessions. No third-party advertising cookies.

As an EU data subject (and for users outside the EU we apply the same rules), you have the right to:

• Access the personal data we hold about you.
• Export your trade and journal data in a portable format.
• Request deletion of your account and all associated data — handled via the "Delete account" option in Settings, or by emailing us.
• Correct any inaccurate data.
• Object to processing or restrict it.
• Lodge a complaint with your local supervisory authority (in Poland: UODO).

To exercise any of these rights, write to hello@mindtradr.com. We respond within 30 days.

Account and journal data are kept for as long as your account exists. When you delete your account, all rows scoped to your user ID are removed via cascading foreign keys — typically within minutes. Anonymised analytics events may persist in Posthog according to their default retention. Whop retains payment records as required by EU tax law (7 years for invoices); we cannot delete those on your behalf, but they are not linked to your trade content.

Questions, data requests, complaints, or anything privacy-related — hello@mindtradr.com. We read every email; replies usually land within 1–2 business days.