Last updated: March 28, 2025
ProfitLogHQ is built on the principle that your trading data belongs to you and only you. This policy explains exactly what we collect, why we collect it, and how we protect it.
When you register, we collect your name, email address, and a hashed password. We never store passwords in plain text.
Trade records, P&L figures, notes, screenshots, journal entries, and strategy playbook content that you manually enter or import via CSV, broker API, or our MT5 bridge agent.
If you connect a broker via API, we store your API key and secret encrypted at rest using AES-256. We use these credentials solely to fetch your trade history on your behalf.
Anonymous usage data (pages visited, features used, session duration) to improve the product. This data cannot be linked back to individual users.
Payment details are processed exclusively by Stripe. ProfitLogHQ never sees or stores your card number, CVV, or full billing address.
Your trading data is used solely to power your personal dashboard, analytics, and journal. We do not aggregate, sell, or share individual trading data.
Your email is used to send account-related notifications such as password resets, subscription receipts, and critical service updates.
Aggregated, anonymised usage patterns help us prioritise features and fix bugs. Individual user data is never used for this purpose.
We may process your data to comply with applicable laws, respond to lawful requests from authorities, or enforce our Terms of Service.
We will never sell, rent, or trade your personal information or trading data to any third party for marketing or commercial purposes.
We use trusted sub-processors: Stripe (payments), Vercel (hosting), and PlanetScale/Neon (database). Each is bound by a Data Processing Agreement.
Data fetched from your connected brokers flows directly into your private account. It is never shared with other users or third parties.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Broker API credentials are additionally encrypted with a per-record key.
Access to production systems is restricted to authorised personnel and requires multi-factor authentication. We conduct periodic security reviews.
In the unlikely event of a data breach affecting your personal data, we will notify you within 72 hours as required by applicable regulations.
You may request a full export of all data we hold about you at any time from your account settings.
You can update your profile information directly within the app at any time.
You can permanently delete your account and all associated data from the account settings page. Deletion is irreversible and completed within 30 days.
You may object to certain processing activities. To exercise this right, contact us at privacy@profitloghq.app.
We will notify you by email at least 14 days before any material changes to this Privacy Policy take effect. Continued use of the service after that date constitutes acceptance.