Privacy Policy

Account information. When you create an account, we collect your email address and a hashed password. We do not collect your name unless you provide it voluntarily in your profile.

Payment information. Payments are processed by Stripe. We do not store your credit card number, CVV, or banking details on our servers. We only store a record of your payment status (paid / not paid) and the Stripe session identifier for verification purposes.

Usage data. We collect data about how you interact with the Service, including chat messages you submit, trading levels you save, and general usage patterns. This data is used to provide and improve the Service.

Profile data. If you use profile features (avatar, trading preferences), we store this information to personalize your experience.

Technical data. We may collect IP addresses and request metadata for security purposes, including rate limiting and fraud prevention. This data is not used for advertising.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Verify your identity and manage your account.
• Process your payment and grant access to paid features.
• Personalize your AI coaching experience based on your trading profile.
• Send transactional emails (account confirmation, password reset, morning briefings if opted in).
• Detect and prevent abuse, fraud, and security threats.
• Comply with our legal obligations.

We do not use your data to train external AI models. Your chat messages are used only to generate your responses in real time and are stored solely to provide conversation history within your account.

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

We share your information only with the following trusted service providers, strictly to operate the Service:

• Supabase — database and authentication infrastructure. Your data is stored on Supabase servers.
• Stripe — payment processing. Stripe processes your payment under their own privacy policy.
• Anthropic — AI inference. Your messages are sent to Anthropic's API to generate responses. Anthropic does not train on API inputs by default.
• Resend — transactional email delivery.
• Vercel — hosting and infrastructure.

We may disclose your information if required by law, court order, or governmental authority.

We use cookies strictly necessary for the Service to function. Specifically:

• Supabase session cookies — used to maintain your authenticated session across page loads. These are HttpOnly and Secure in production.
• Admin bypass cookie — a short-lived cookie used for internal admin access only.

We do not use tracking cookies, analytics cookies, or advertising cookies. No third-party tracking scripts are loaded on the Service.

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data (email, profile, chat history) within 30 days, except where we are required by law to retain it longer.

Anonymized or aggregated data that cannot be linked to you personally may be retained indefinitely for service improvement purposes.

Depending on your location, you may have the following rights:

• Access. Request a copy of the personal data we hold about you.
• Correction. Request correction of inaccurate or incomplete data.
• Deletion. Request deletion of your account and personal data.
• Portability. Request your data in a portable format.
• Objection. Object to certain processing of your data.

To exercise any of these rights, you can delete your account directly from your Profile settings, or contact us at privacy@bulliondesk.pro. We will respond within 30 days.

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), HttpOnly and Secure session cookies, Row Level Security (RLS) on our database, and strict access controls.

However, no system is completely secure. We cannot guarantee the absolute security of your information. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

The Service is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. Changes will be posted on this page with a revised “Last updated” date. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

For privacy-related requests or questions, contact us at privacy@bulliondesk.pro.