Privacy Policy
SECTION 01
Introduction
This Privacy Policy explains what personal information TradLoop collects, why, and your choices. By using the Service you accept this Policy. In plain terms: we collect the account and usage information needed to run a trading-practice and journaling service, we use a small number of named providers to operate it, we do not sell your personal information, and California residents have specific rights described below.
SECTION 02
Interpretation and Definitions
Capitalized terms have the meanings given here. “Company” (“we,” “us”) means Ali Alkhafaji (to become TradLoop LLC). “Service” means the TradLoop platform. “Personal Data” means information that identifies or can be linked to you. “Usage Data” means data collected automatically from your use of the Service. “Service Provider” means a third party that processes data on our behalf. “You” means the user. CCPA-defined terms (“Business,” “Consumer,” “Sale,” “Personal Information”) carry their statutory meanings where used in the California section.
SECTION 03
Personal Data We Collect
Account data: email, first and last name, and Google sign-in identifiers. Usage Data: IP address, browser type and version, pages visited, dates and times, time spent, device identifiers, and diagnostic data. User Content: trades, journal entries, screenshots and PDFs, session state, and preferences. AI Inputs: text and files you submit through AI Mentor or Journal Import. We collect sign-in information only from Google; we do not use Facebook, Twitter/X, or LinkedIn login.
SECTION 04
Cookies and Tracking Technologies
We use strictly necessary session cookies for authentication, CSRF protection, and session state, and persistent functionality cookies for replay state and user preferences. We do not currently use third-party advertising or tracking cookies, and we do not use web beacons. If this changes, we will update this Policy and the cookie disclosures before deployment.
SECTION 05
How We Use Personal Data
- To provide, operate, and maintain the Service and your account.
- When billing is introduced, to perform the subscription contract and process payments through our payment processor. Billing is not currently active.
- To contact you about service, security, and account matters.
- To respond to support requests.
- To analyze and improve the Service, including de-identified, aggregated analysis.
- For business transfers, as described below.
We do not use your information for third-party marketing personalization unless you opt in to such a feature in the future.
SECTION 06
How We Share Personal Information
We share personal information only with Service Providers that process it on our behalf, in connection with a business transfer (merger, acquisition, or asset sale), or with your consent. We do not have business partners or public user-to-user features that share your information, and we will update this Policy before introducing any.
SECTION 07
Retention
We retain personal information for as long as needed to provide the Service and for legitimate legal, security, dispute-resolution, and enforcement purposes. Usage Data is generally retained for shorter periods unless needed for security or to improve the Service.
SECTION 08
Where Data Is Processed
Your data is processed in the United States. The Service is offered only to U.S. residents; by using it you understand processing occurs in the United States.
SECTION 09
Deleting Your Personal Data
You may delete your account through account settings or by contacting legal@[BRAND_DOMAIN].com. We will delete or de-identify your personal information except where retention is required for legal compliance, dispute resolution, or enforcement of agreements.
SECTION 10
Disclosure of Personal Data
We may disclose personal information in connection with a business transaction, to comply with law or valid legal process, to enforce our terms, to protect the rights, property, or safety of TradLoop or others, or to prevent or investigate wrongdoing.
SECTION 11
Security
We use reasonable, industry-standard safeguards. No method of transmission or storage is completely secure, and you are responsible for keeping your password confidential.
SECTION 12
Third-Party Service Providers
We use only the following providers, each under its own privacy terms: Resend (transactional email); Google Sign-In (authentication); Anthropic (Claude) for AI Mentor and Journal Import (receives the prompts and files you submit); our database host [DB HOST PLACEHOLDER]; Yahoo Finance (yfinance) (historical market data, no personal data shared); and Stripe (planned payment processing, not currently active). We do not use Google Analytics, Firebase, or reCAPTCHA; if we add any analytics or tracking provider, we will update this Policy first.
As of [PUBLICATION DATE], based on Anthropic’s API data-usage policy then in effect, content submitted through TradLoop’s use of the Anthropic (Claude) API is not used by Anthropic to train its models by default. This statement describes a third party’s practices and must be re-verified at publication and kept current.
SECTION 13
Your California Privacy Rights (CCPA/CPRA)
This section applies to California residents. TradLoop does not sell personal information as defined under the CCPA, has not sold personal information in the preceding 12 months, and has no plans to do so. We also do not “share” personal information for cross-context behavioral advertising.
Categories of personal information collected in the past 12 months: Category A (Identifiers): Yes; Category B (customer records: name, email): Yes; Category C (protected classifications): No; Category D (commercial information / purchase history): No, because payment processing is not currently active; Category E (biometric): No; Category F (internet/electronic activity): Yes; Category G (geolocation: approximate, from IP): Yes; Category H (sensory): No; Category I (professional/employment): No; Category J (non-public education): No; Category K (inferences): No.
Sources: directly from you, automatically from your use of the Service (cookies/usage), and from Service Providers. Business purposes: providing and securing the Service, support, and improvement. If billing is introduced, business purposes may also include performing the subscription contract. Categories disclosed for business purposes: A, B, F (and D only if billing is introduced), to Service Providers only.
Your rights: to know, to access, to delete, to correct, to opt out of sale or sharing (we do not sell or share), and to limit use of sensitive personal information. We honor Global Privacy Control (GPC) signals. We do not currently respond to browser “Do Not Track” signals, consistent with industry practice. We will not discriminate against you for exercising these rights.
To exercise rights, contact legal@[BRAND_DOMAIN].com (a “Do Not Sell or Share My Personal Information” request may be sent to the same address). We verify requests and respond within 45 days, with one permitted 45-day extension; an authorized agent may submit a request with proof of authorization. We do not knowingly collect personal information from anyone under 18.
SECTION 14
Children’s Privacy
The Service is not intended for anyone under 18. We do not knowingly collect personal information from anyone under 18, and will delete it promptly if we learn we have. Parents or guardians may contact legal@[BRAND_DOMAIN].com.
SECTION 15
California “Shine the Light” (Cal. Civ. Code §1798.83)
California residents may request information about disclosures of personal information to third parties for their direct-marketing purposes. We do not currently share personal information with third parties for their direct marketing.
SECTION 16
California Privacy Rights for Minor Users (Cal. Bus. & Prof. Code §22581)
Although the Service is restricted to users 18 and older, a California resident under 18 who has registered may request removal of content they posted by contacting legal@[BRAND_DOMAIN].com. Removal may not be complete or instantaneous and does not ensure removal from all copies.
SECTION 17
Links to Other Sites
The Service may link to sites we do not control. We are not responsible for their content or privacy practices; review their policies.
SECTION 18
Changes to This Policy
We will post changes and update the “Last Updated” date. For material changes we will provide notice by email and an in-app banner before they take effect.
SECTION 19
Contact Us
legal@[BRAND_DOMAIN].com. Mailing address: [Operations, c/o California — to be provided].
[INTERNAL NOTE] Every paragraph here is original. CCPA category labels and statute citations are factual references. Fill placeholders in lib/legal-constants.ts and re-run the plagiarism spot-check before publishing.