Privacy notice

Last updated: 2026-06-02

This privacy notice explains how Trading Portal ("we", "us") processes personal data when you use our website and authenticated application.

1. Controller

Trading Portal (see Imprint for contact details).

2. What we process

Data category	Examples	Purpose
Account data	Name, email, password hash	Registration, authentication (Better Auth)
Trading signals	Alert JSON from TradingView (ticker, side, timestamps, raw payload)	Store and display your trade analytics
Webhook configuration	Labels, secrets (hashed/stored securely), allowed tickers	Receive and validate inbound alerts
Billing data	Stripe customer ID, subscription status, plan	Paid plans and access to /app/*
Technical data	IP address, user agent (sessions), server logs	Security, abuse prevention

We do not sell your personal data.

3. Legal bases (GDPR)

Where the GDPR applies, we rely on:

• Contract (Art. 6(1)(b)) — providing the service you signed up for
• Legitimate interests (Art. 6(1)(f)) — securing webhooks, preventing fraud, improving reliability
• Consent (Art. 6(1)(a)) — where required (e.g. optional marketing cookies, if enabled later)
• Legal obligation (Art. 6(1)(c)) — tax and accounting records for billing

4. TradingView webhooks

When you configure TradingView to POST alerts to your webhook URL:

• Payloads are validated and stored in our database (Dolt via Prisma)
• Secrets are compared using timing-safe checks
• Raw JSON is retained for analytics and troubleshooting

You control which alerts are sent from TradingView. Do not share webhook URLs or secrets publicly.

5. Processors and transfers

We use sub-processors including:

• Hosting / database — your deployment (e.g. homelab Dolt + app server)
• Stripe — payment processing (see Stripe Privacy)
• Sentry (if enabled) — error monitoring

Data may be processed outside the EEA where processors provide appropriate safeguards (e.g. SCCs).

6. Retention

• Account data: until you delete your account, then deleted or anonymized within a reasonable period
• Trades and webhook logs: until you delete them or your account, subject to backup cycles
• Billing records: as required by commercial and tax law

7. Your rights

You may have the right to access, rectify, erase, restrict, port, or object to processing, and to withdraw consent. You may lodge a complaint with a supervisory authority.

Contact: support@example.com

8. Security

We use HTTPS, hashed credentials, per-webhook secrets, and least-privilege access to infrastructure. No system is 100% secure; report issues responsibly.

9. Children

The service is not directed at children under 16.

10. Changes

We may update this notice. Material changes will be reflected on this page with a new "Last updated" date.

---

Seed content for development. Have qualified counsel review before production.