Privacy Policy

Last updated: March 1, 2026

1. What we collect

We collect the minimum data required to operate the service:

• Email address and password hash (via Supabase Auth)
• Trade data you enter: instrument, P&L, date/time, notes, screenshots
• Usage metrics: number of AI analysis calls per month

2. How we use your data

Your data is used solely to provide the Zeta Trading Journal service. We do not sell, share, or use your trading data for any purpose other than displaying it back to you.

AI analysis requests send anonymised trade summaries to the Anthropic Claude API. No personally identifiable information is included in these requests.

3. Data storage

All data is stored on Supabase (PostgreSQL) infrastructure in the EU region. Row-level security ensures your data is only accessible by you.

4. Data retention

Your data is retained for as long as your account is active. You can delete your account at any time from Settings, which permanently removes all your data.

5. Legal basis for processing (GDPR Art. 6)

• Contract performance — processing your trade data and account information to provide the service you signed up for.
• Legitimate interest — basic service security, fraud prevention, and service stability.
• Legal obligation — retaining billing records as required by applicable law.

6. Cookies

We use only strictly necessary cookies required for authentication (session token issued by Supabase Auth). These cookies are exempt from consent requirements under the ePrivacy Directive as they are essential for the service to function. No tracking, analytics, or advertising cookies are used.

7. Data processors

We share your data only with the following processors, each bound by GDPR-compliant data processing agreements:

• Supabase, Inc. — database, authentication, and storage. Data stored in EU region (eu-west-1). supabase.com/privacy
• Vercel, Inc. — hosting and serverless functions. vercel.com/legal/privacy-policy
• Anthropic, PBC — AI analysis (Claude API). Anonymised trade summaries only — no name, email, or personally identifiable information is included. anthropic.com/legal/privacy
• Stripe, Inc. — payment processing for Pro subscriptions. Stripe is the data controller for payment card data. stripe.com/privacy

8. International transfers

Supabase stores data in the EU. Vercel and Anthropic are US-based companies that provide Standard Contractual Clauses (SCCs) as the legal mechanism for transfers outside the EEA.

9. Your rights (GDPR Art. 15–22)

As a data subject under GDPR, you have the following rights:

• Access — request a copy of all data we hold about you.
• Rectification — correct inaccurate personal data.
• Erasure — delete your account and all associated data at any time from Settings → Delete Account.
• Portability — export your trade data in CSV format from the Import/Export section.
• Objection — object to processing based on legitimate interest.
• Restriction — request restriction of processing while a dispute is resolved.

To exercise any right, contact support@zetajournal.com. We will respond within 30 days.

10. Right to lodge a complaint

If you believe your rights have not been respected, you have the right to lodge a complaint with your national data protection authority. In Italy: Garante per la protezione dei dati personali (www.garanteprivacy.it).

11. Data controller

The data controller for this service is the operator of Zeta Trading Journal, reachable at support@zetajournal.com.

12. Changes to this policy

We may update this policy. Significant changes will be communicated by email. Continued use of the service after changes constitutes acceptance.