Privacy Policy

1. Data Controller

TrackTrading is a trading journal and performance analytics platform operated by Brazhelp Solutions Ltd, a company incorporated in England and Wales (Company Registration Number: 13259174), with its registered office at 124 City Road, London, EC1V 2NX, United Kingdom.

Brazhelp Solutions Ltd is the data controller for all personal data processed through the TrackTrading platform, including the website at tracktrading.cloud and the TrackTrading mobile applications distributed through the Apple App Store and Google Play Store. For all privacy enquiries, please contact us at [email protected].

Data Protection Officer: Chris Holanda — [email protected]

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through the TrackTrading web application (accessible at tracktrading.cloud), the TrackTrading iOS application (available on the Apple App Store), the TrackTrading Android application (available on Google Play), and any related services, features, or communications operated by Brazhelp Solutions Ltd. This policy does not apply to third-party websites, applications, or services that may be linked from within TrackTrading, including but not limited to Stripe's payment portal, Apple's or Google's account services, or any broker platforms you may connect.

3. Data We Collect

We operate on a data minimisation principle in accordance with Article 5(1)(c) of the UK GDPR. We collect only what is strictly necessary to provide the service.

3.1 Data You Provide Directly

3.2 Data Collected Automatically

3.3 Data We Do Not Collect

We do not collect: real names (a display name or nickname is sufficient), phone numbers, dates of birth, physical addresses, precise geolocation data, device fingerprints, IDFA or GAID advertising identifiers, behavioural analytics or usage telemetry, health data, biometric data, browsing history, contact lists, photos or media from your device (beyond voluntary avatar uploads), or any data beyond what is listed above. Trade journal entries are self-reported by the user — we do not verify, validate, or cross-reference them against any external brokerage or financial system.

4. How We Use Your Data

Your personal data is used exclusively to deliver and improve the TrackTrading service. Specifically, we use your data to: authenticate your identity and maintain your session across web and mobile platforms; store and display your trade journal entries, analytics, and performance metrics; process subscription payments via Stripe (Stripe handles all card data — we never store or see payment card information); send transactional emails including billing receipts and, where you have opted in, daily digest summaries of followed traders' activity; enable social trading features such as public profiles, follower counts, and the community leaderboard, where you have chosen to make your profile public; synchronise trade data from connected broker accounts (MetaTrader, Interactive Brokers) where you have explicitly configured a connection; and evaluate your risk alert thresholds to notify you of breaches.

We do not use your data for advertising, profiling, behavioural targeting, sale to data brokers, training of artificial intelligence models, or any purpose beyond the direct operation of the TrackTrading platform.

5. Legal Basis for Processing (UK GDPR)

Brazhelp Solutions Ltd processes your personal data under the following lawful bases as defined in Article 6 of the UK GDPR:

Contract performance (Article 6(1)(b)): Processing your account data, trade journal entries, and subscription details is necessary to deliver the service you have subscribed to.

Legitimate interests (Article 6(1)(f)): Security monitoring, fraud prevention, and service improvement, where these interests are not overridden by your rights and freedoms.

Consent (Article 6(1)(a)): For optional features such as the daily email digest, public profile visibility, and broker account connections, which you may enable or disable at any time in your account Settings.

Legal obligation (Article 6(1)(c)): Where processing is required to comply with applicable law, including financial record-keeping obligations and responding to lawful requests from authorities.

6. Data Sharing and Third Parties

Brazhelp Solutions Ltd does not sell, rent, or share your personal data with third parties for advertising or commercial purposes. We share data only with the following sub-processors, each bound by appropriate data processing agreements:

All transfers to processors outside the United Kingdom are governed by the UK International Data Transfer Agreement (IDTA) or equivalent Standard Contractual Clauses (SCCs) as approved by the UK Information Commissioner's Office.

7. Data Security

Brazhelp Solutions Ltd implements appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include: encryption of all data in transit using TLS 1.2 or higher; encryption of all data at rest; secure token-based authentication for mobile applications using industry-standard JWT with secure storage (iOS Keychain / Android Keystore); HttpOnly, Secure session cookies for web sessions; role-based access control for all administrative functions; regular security reviews and dependency audits; and restricted access to production databases limited to authorised personnel only.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the UK Information Commissioner's Office within 72 hours in accordance with Article 33 of the UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

8. Your Rights Under UK GDPR

As a data subject under the UK GDPR, you have the following rights, which you may exercise at any time by contacting us at [email protected]:

We will respond to all requests within 30 calendar days. If a request is complex or we receive a high volume of requests, we may extend this period by a further 60 days, and we will inform you of any such extension within the initial 30-day period. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at any time.

9. California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Specifically:

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business purpose for collecting it, and the categories of third parties with whom we share it.

Right to Delete: You have the right to request deletion of your personal information. You can exercise this right directly via Settings in the app, or by contacting us at [email protected].

Right to Opt-Out of Sale: Brazhelp Solutions Ltd does not sell your personal information to third parties. We do not share personal information for cross-context behavioural advertising. Therefore, there is no need to opt out.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected: Identifiers (email address, display name), commercial information (subscription plan), and internet or electronic network activity (authentication tokens, last sign-in timestamp). We do not collect sensitive personal information as defined under the CPRA.

10. Apple App Store Privacy Details

In accordance with Apple's App Store requirements, the following summarises TrackTrading's data practices as disclosed in our App Privacy "Nutrition Label":

TrackTrading does not use the AppTrackingTransparency framework, does not request IDFA access, and does not engage in any form of cross-app or cross-site tracking as defined by Apple.

11. Google Play Data Safety

In accordance with Google Play's Data Safety requirements, the following summarises TrackTrading's data practices:

Data collected: Email address (account management), name/display name (app functionality), user-generated content (trade journal entries, notes), app interactions (authentication events), and purchase history (subscription management via Stripe).

Data shared with third parties: Email address and payment identifiers are shared with Stripe for billing purposes only. No data is shared for advertising, analytics, or personalisation purposes.

Security practices: All data is encrypted in transit (TLS 1.2+) and at rest. Authentication tokens are stored in Android Keystore. Users can request data deletion at any time through the app or by contacting [email protected].

Data deletion: Users can delete their account and all associated data from Settings within the app. The account deletion URL for Google Play compliance is: https://tracktrading.cloud/settings

12. Account Deletion

You may permanently delete your account at any time from Settings → Danger Zone → Delete Account in both the web application and the mobile app. Upon deletion, all your personal data — including trade records, journal entries, targets, risk alerts, broker connections, subscription data, follow relationships, notifications, and profile information — will be immediately and irreversibly erased from our systems. No data is retained after deletion, except where required by applicable law (such as financial record-keeping obligations, which may require retention for up to 6 years).

If you have an active Stripe subscription, it will be automatically cancelled upon account deletion. The account deletion page is accessible at: https://tracktrading.cloud/settings

13. Cookies and Local Storage

The TrackTrading web application uses a single session cookie (tt_session) to maintain your authenticated session. This cookie is HttpOnly (not accessible to JavaScript), Secure (transmitted over HTTPS only), SameSite=None (required for cross-origin authentication), and is deleted when you log out or delete your account. We also store your theme preference and language selection in localStorage, which never leaves your device.

The TrackTrading mobile application does not use cookies. Authentication is managed via a secure JWT token stored in the device's secure storage (iOS Keychain / Android Keystore).

We do not use advertising cookies, tracking pixels, third-party analytics cookies, fingerprinting scripts, or any form of cross-site tracking on any platform.

14. International Data Transfers

TrackTrading is operated from the United Kingdom. Your data may be processed by our sub-processors in the United States (Stripe, Resend, Manus infrastructure, MetaApi). All such transfers are governed by the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses (SCCs) as approved by the UK ICO, ensuring your data receives equivalent protection to that afforded under UK law. Where the European Commission has made an adequacy decision for a recipient country, we rely on that decision as the basis for the transfer.

15. Children and Age Restrictions

TrackTrading is not directed at individuals under 18 years of age, and we do not knowingly collect personal data from minors. The Service involves financial trading concepts and is intended for adult users only. If you believe a person under 18 has registered an account, please contact us immediately at [email protected] and we will take prompt action to delete the account and all associated data. In compliance with the Children's Online Privacy Protection Act (COPPA) and equivalent legislation, we will delete any data we discover to have been collected from a child under 13 without verified parental consent.

16. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law. Active account data is retained for the duration of your account. Upon account deletion, all personal data is permanently erased within 30 days, except where a longer retention period is required by law (for example, financial transaction records may be retained for up to 6 years under HMRC requirements). Anonymised, aggregated statistical data that cannot be used to identify any individual may be retained indefinitely for service improvement purposes.

17. Third-Party Sign-In Services

TrackTrading supports authentication via Sign in with Apple and Google Sign-In. When you choose to authenticate using one of these services, we receive only your email address (or a private relay email in the case of Apple's "Hide My Email" feature) and a unique identifier. We do not receive your password, contacts, photos, or any other data from these providers. Your use of Apple or Google sign-in is also subject to Apple's and Google's respective privacy policies.

18. Push Notifications (Mobile)

The TrackTrading mobile app may request permission to send push notifications for risk alert breaches and important account updates. You can enable or disable push notifications at any time through your device's system settings. We do not use push notification tokens for advertising, tracking, or any purpose other than delivering the notifications you have consented to receive.

19. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the features of the Service. Material changes will be communicated via email to your registered address, via an in-app notification, or via an update notice within the mobile app, at least 14 days before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy. If you do not agree with the changes, you may delete your account before the effective date.

20. Contact Us

For any privacy-related enquiries, data subject requests, CCPA requests, or complaints, please contact: