Back to Tradearttradeart.app

Privacy Policy

Effective date: 19 May 2026

This Privacy Policy explains how Tradeart (operated by Andrii Levchenko, sole proprietor in Austria) collects, uses, and protects your personal data when you use the Tradeart web application. We follow the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).

1. Data controller

Andrii Levchenko (Einzelunternehmer)
Wehlistraße 291/2/53, 1020 Wien, Austria
GISA-Zahl: 39618283
Email: support@tradeart.app

For any privacy-related request — access, correction, deletion, portability, objection — please contact us at the email above.

2. What data we process

Account data: email address, first and last name, avatar image, preferred language, timezone, base currency. Provided by you or imported from your Google account if you sign in with Google.

Authentication data: hashed password (if you sign up with email), authentication tokens, sign-in timestamps, IP address of the request used for security and fraud prevention.

Trading data: the trades, strategies, tags, notes, screenshots and dashboard configurations you create in the application, plus any trade history imported from MetaTrader 5 accounts you choose to connect.

MetaTrader credentials: if you connect an MT5 account, the login, server, and password you provide. Passwords are encrypted at rest using AES-GCM and only decrypted server-side during a synchronisation run.

Payment data: if you subscribe, Stripe processes your payment and shares with us limited billing data (subscription status, plan, last 4 digits of card, billing country). We do not store full card numbers.

Usage and technical data: basic logs of API and edge-function requests, error reports, browser and device information needed to operate and secure the Service.

3. Why we process your data and on what legal basis

  • To provide the Service (account, journal, sync, analytics, AI features you trigger) — Art. 6(1)(b) GDPR, performance of a contract.
  • To process payments and manage subscriptions — Art. 6(1)(b) GDPR.
  • To secure the Service, prevent abuse, debug errors — Art. 6(1)(f) GDPR, our legitimate interest in a stable and safe product.
  • To send transactional emails (sign-up, password reset, email change, subscription notices) — Art. 6(1)(b) GDPR.
  • To comply with legal obligations (e.g. accounting under Austrian law) — Art. 6(1)(c) GDPR.

We do not sell your personal data. We do not use your trading data to train AI models. We do not show third-party advertising inside the Service.

4. Cookies and local storage

The Service uses only strictly necessary cookies and local storage to keep you signed in, remember your language and theme preferences, and cache your dashboard layout for performance. No advertising or cross-site tracking cookies are used, so no consent banner is required.

5. Processors and sub-processors

To run the Service we rely on a small number of carefully selected processors, each bound by appropriate data-processing agreements:

  • Hosting and database — managed PostgreSQL database, authentication and file storage, with strict row-level security so that each user can only access their own data. Servers are located in the European Union.
  • Payments — Stripe Payments Europe, Ltd. (Ireland), for subscription and card processing.
  • Email delivery — transactional emails are sent from the notify.tradeart.app sub-domain via our email infrastructure provider.
  • AI processing — when you trigger an AI feature, the relevant subset of your data is sent to third-party AI providers (currently Google Gemini) for inference. Inputs are processed for the sole purpose of generating the response and are not used to train models.
  • Market data and economic calendar — public market-data vendors used to display reference prices and news events. These providers do not receive personal data about you.
  • MetaTrader 5 synchronisation — a third-party MT5 API provider used only when you connect an MT5 account, to read trade history on your behalf.

Some providers may process data outside the EU/EEA. Where this happens, transfers are based on the European Commission’s Standard Contractual Clauses and additional safeguards.

6. How long we keep your data

  • Account and trading data: for as long as your account exists.
  • After account deletion: personal data and trading data are deleted from active systems promptly. Encrypted backups are rotated and overwritten within a reasonable period.
  • Billing records: retained for up to 7 years where required by Austrian tax and commercial law (§ 132 BAO, § 212 UGB).
  • Security logs: retained for a limited period for fraud prevention and debugging, then deleted.

7. Your rights under GDPR

You have the right to:

  • access the personal data we hold about you (Art. 15);
  • request correction of inaccurate data (Art. 16);
  • request erasure of your data (Art. 17) — you can also delete your account directly from your account settings;
  • request restriction of processing (Art. 18);
  • receive your data in a portable format (Art. 20);
  • object to processing based on legitimate interests (Art. 21);
  • withdraw consent at any time, where processing is based on consent.

You also have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), dsb.gv.at, or with the supervisory authority of your country of residence.

8. Security

We use HTTPS for all data in transit, row-level security to isolate user data in the database, AES-GCM encryption for MetaTrader passwords, and a strict separation between publicly accessible keys and server-side secrets. No system can be guaranteed 100% secure, but we follow industry best practices and continuously review our setup.

9. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from anyone under 18. If you believe a child has provided personal data to us, please contact us and we will delete it.

10. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The effective date at the top of this page indicates when the current version came into force. Material changes will be communicated by email or in the Service.

11. Contact

For any question about this Privacy Policy or about how your data is processed, please email support@tradeart.app.