Privacy Policy

We collect the minimum data needed to run Tradbuk. We never sell your data. We use trusted, security-audited processors (Stripe, Supabase, Resend, Vercel) to operate the service. You can export or delete your data at any time by contacting us.

This page explains the details.

Account information. Your email address when you sign up. Optionally your name and any profile info you choose to add.

Authentication data. Session tokens to keep you signed in. We use one-time email codes for sign-in (no passwords). These are handled by Supabase Auth.

Trading data.When you connect your MT5 account in Phase 1 and beyond, we receive your trade history (fills, prices, P&L, timestamps). This data belongs to you. We process it to power your dashboard, analytics, and AI coaching.

Usage analytics. Standard pageview and performance metrics so we can keep the product fast and find bugs. No personally identifying data is included in analytics.

Payment information. Stripe processes your payment. We receive a customer ID and subscription status. We never see or store your card number.

To provide the Tradbuk service.

To send transactional emails (sign-in codes, billing receipts, important account notices).

To improve the product (anonymized usage patterns inform what we build next).

For security and fraud prevention (rate limiting, suspicious activity detection).

We do not use your data to train external AI models. We do not sell or rent your data to third parties.

Tradbuk relies on a small set of sub-processors:

Stripe — payment processing. Their privacy policy: https://stripe.com/privacy

Supabase — database and authentication. Their privacy policy: https://supabase.com/privacy

Resend — transactional email delivery. Their privacy policy: https://resend.com/legal/privacy-policy

Vercel — hosting and deployment. Their privacy policy: https://vercel.com/legal/privacy-policy

Sentry — error tracking and performance monitoring. Their privacy policy: https://sentry.io/privacy/

We share only the data required for these services to function (e.g., your email address with Resend to deliver your sign-in code). We do not share data with anyone else.

You can:

Request a copy of all data we hold about you.

Export your trading data in standard formats.

Correct inaccurate information.

Delete your account, which permanently removes your data within 30 days (some logs retained for fraud prevention up to 90 days).

To exercise any of these rights, email us at hello@tradbuk.com.

We use exactly one cookie: your authentication session cookie. It’s required for sign-in to work.

We do not use third-party tracking cookies, advertising pixels, or cross-site tracking. We use Vercel Analytics for aggregate pageview metrics (privacy-friendly, no PII).

All connections to Tradbuk use HTTPS. All data is encrypted in transit. Database storage is encrypted at rest by Supabase.

We use industry-standard authentication (Supabase Auth) with one-time codes — no passwords to leak.

If you discover a security issue, please email hello@tradbuk.com.

Tradbuk is for adults only. You must be at least 18 years old to use the service. We do not knowingly collect data from anyone under 18.

Tradbuk currently operates on US-based infrastructure (AWS via Supabase, Vercel’s global edge network). By using Tradbuk, you consent to your data being processed in the United States.

We respect the principles of GDPR (Europe) and CCPA (California) regarding access, deletion, and transparency rights, even where not strictly required.

We may update this policy as Tradbuk evolves. Material changes will be announced by email or with a prominent notice on the site at least 14 days before they take effect.

Privacy questions: hello@tradbuk.com

We aim to respond within 3 business days.