← Back to home

Privacy Policy

Last updated: April 19, 2026

This policy explains what TradeLens collects, why, how we store it, and the rights you have over your data. TradeLens is a trading journal and analytics service; we are not a broker, not an investment adviser, and not affiliated with Charles Schwab & Co., Inc.

1. Information we collect

Account data. Username, email address, optional first/last name and phone number, a one-way hash of your password, and a machine-generated API key used to authenticate your sessions. Email is verified via a 6-digit one-time code.

Brokerage data (optional). If you choose to connect a Charles Schwab account, we store OAuth tokens returned by Schwab and cache the brokerage responses we fetch on your behalf: account balance, positions, and order history. We use this data only to render your dashboard, reconstruct trades, and compute statistics.

Journal and preferences. Notes you write, watchlist tickers you add, notification preferences, timezone, theme, and any trading goals you set.

Billing data. If you subscribe, a Stripe customer ID, subscription ID, price/plan, status, and renewal date. Stripe collects and stores your payment method directly; we never see or store full card numbers.

Operational logs. Standard web-server logs (IP, user-agent, request path, timestamps), rate-limit counters, and signup attempts. These are retained for up to 90 days for security and abuse prevention.

2. How we use it

  • Provide the journal/dashboard you signed up for, including Schwab synchronization.
  • Authenticate you, issue sessions, and protect the service from abuse (rate limiting, anomaly detection).
  • Send transactional email (verification, password reset, billing receipts, service notices).
  • Process payments through Stripe when you subscribe.
  • Debug problems you report and improve the product.

We do not sell your personal information, and we do not run third-party advertising trackers.

3. Third parties we share with

  • Charles Schwab & Co. — only when you authorize the OAuth connection, and only to fetch your own brokerage data.
  • Stripe — for subscription billing. See Stripe’s privacy policy at stripe.com/privacy.
  • Email provider (SMTP) — for transactional email delivery.
  • Market data provider — anonymous server-side fetches for public stock quotes shown on your watchlist.

4. Security

Passwords are stored using bcrypt hashing. Sessions are issued as httpOnly cookies with the Secure and SameSite attributes set in production. We enforce rate limiting on authentication endpoints and perform server-side HTML sanitization on journal content. No system is perfectly secure; if you suspect a vulnerability, email us at security@tradelens.example.

5. Retention & deletion

We retain account data while your account is active. You can delete your account from the Profile page, which triggers a purge of your rows across all TradeLens tables including Schwab tokens and cached brokerage data. Stripe retains its own records for regulatory/accounting purposes even after account deletion. Operational logs and rate-limit counters roll off within 90 days.

6. Your rights (GDPR / CCPA)

You can request access to, correction of, export of, or deletion of your personal data by emailing support@tradelens.example. We will respond within 30 days. California residents have additional rights under the CCPA; EU residents have rights under the GDPR. We do not sell personal information.

7. Cookies

We use a single session cookie (tl_session) to keep you signed in, an admin session cookie for the admin console, and functional localStorage for UI preferences (theme, timezone, sidebar state). We do not use third-party analytics cookies.

8. Not investment advice

TradeLens displays your own trading data and general statistics. Nothing in the product constitutes investment advice, a recommendation, or a solicitation. Trading involves substantial risk of loss. You are solely responsible for your trading decisions.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect.

10. Contact

Privacy questions: privacy@tradelens.example. Security disclosures: security@tradelens.example.