TradingAtlas← Back to home

Privacy Policy

How we collect, use, and protect your personal data.

Last updated: 10 March 2026

1. Introduction

TradingAtlas ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our trading analytics platform.

By registering for or using TradingAtlas, you acknowledge that you have read and understood this Privacy Policy. This Policy forms part of our Terms and Conditions.

TradingAtlas does not sell your personal data to third parties. We do not use your trading data for advertising purposes.

2. Data We Collect

2.1 Account Information

When you register, we collect:

  • Email address
  • Display name
  • Password (stored as a one-way BCrypt hash — never in plain text)
  • Google account identifier (if you use Google Sign-In)
  • Registration date and IP address
  • Legal acceptance records (terms version, acceptance timestamp)

2.2 Exchange Connection Data

When you connect a cryptocurrency exchange, we collect:

  • Exchange API keys (encrypted at rest using AES-256)
  • Exchange account identifiers
  • API key labels and connection timestamps

We store only read-only API credentials. We never request withdrawal permissions and we never execute trades on your behalf.

2.3 Trading Data

We collect and store trading data you import or sync, including:

  • Trade executions: symbol, side, quantity, price, fees, timestamps
  • Funding payments from perpetual futures positions
  • Position records and PnL calculations
  • MT5 journal entries: profit, commission, swap, symbol, timestamps
  • CSV upload records
  • Manually entered or modified trade data

2.4 Prop Firm and Risk Data

  • Prop firm account configurations and rule parameters
  • Risk tool calculator inputs and saved configurations

2.5 Subscription and Billing Data

Payment processing is handled by Stripe. TradingAtlas does not store full payment card details. We receive and store:

  • Subscription plan and status
  • Billing period and renewal dates
  • Stripe customer and subscription identifiers

2.6 Usage and Technical Data

  • IP addresses and approximate geolocation
  • Browser type, operating system, and device identifiers
  • Pages visited and features used within the Platform
  • API request logs (for Public API users): endpoint, method, response code, timestamp
  • Error logs and diagnostic data

3. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Platform and all its features.
  • Calculate PnL, analytics, tax summaries, and dashboard metrics.
  • Sync trading data from connected exchanges via their APIs.
  • Process subscription payments and manage billing.
  • Send transactional emails (account verification, password reset, billing notifications).
  • Respond to support requests and communicate with you.
  • Detect, investigate, and prevent fraudulent or abusive activity.
  • Comply with legal and regulatory obligations.
  • Improve Platform performance, reliability, and features.
  • Enforce our Terms and Conditions.

We do not use your trading data to train machine learning models for commercial sale or to provide market intelligence to third parties.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data on the following legal bases:

  • Contract performance — to deliver the services you have subscribed to.
  • Legitimate interests — to operate and improve the Platform, detect abuse, and ensure security.
  • Legal obligation — to comply with applicable laws and regulations.
  • Consent — where you have given explicit consent for specific processing activities.

5. Data Retention

We retain your data for as long as your account is active or as necessary to provide our services. Specifically:

  • Account data is retained for the life of the account plus 12 months after closure.
  • Trading data is retained for as long as you maintain an active account.
  • Billing records are retained for 7 years to comply with financial record-keeping obligations.
  • API request logs are retained for 90 days.
  • You may request deletion of your data at any time, subject to legal retention requirements.

6. Data Sharing

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

6.1 Service Providers

We work with trusted service providers who process data on our behalf under strict data processing agreements:

  • Cloud infrastructure providers (hosting, storage, databases)
  • Stripe — payment processing
  • Email delivery providers — transactional emails only
  • Error monitoring and performance analytics tools

6.2 Legal Requirements

We may disclose your data if required to do so by law, court order, or governmental authority, or where we believe disclosure is necessary to protect the rights, property, or safety of TradingAtlas, our users, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

7. Data Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over TLS/HTTPS encrypted connections.
  • Exchange API keys are encrypted at rest using AES-256.
  • Passwords are hashed using BCrypt with a work factor of 12.
  • Database access is restricted to authorised systems and personnel only.
  • Public API keys are stored as cryptographic hashes; the raw secret is shown only once.
  • Infrastructure is hosted on secure cloud providers with SOC 2 compliance.
  • Access to production systems is restricted by IP allowlisting and multi-factor authentication.

No method of data transmission or storage is 100% secure. While we take commercially reasonable steps to protect your data, we cannot guarantee absolute security. You use the Platform at your own risk and are responsible for maintaining the confidentiality of your credentials.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate or incomplete data.
  • Right to erasure — request deletion of your personal data ("right to be forgotten").
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to restrict processing — request that we limit how we use your data.
  • Right to object — object to processing based on legitimate interests.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at privacy@tradingatlas.io. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

9. International Data Transfers

Your data may be processed in countries outside your own, including outside the EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission where applicable.

10. Children's Privacy

The Platform is not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or Platform notification. Continued use of the Platform after changes constitutes acceptance of the revised Policy.

12. Contact

For privacy-related enquiries or to exercise your rights, contact our data protection team at: privacy@tradingatlas.io