Trading AI Mind

Privacy Policy

Last updated: 2026-05-08

This Privacy Policy explains how Trading AI Mind (“we”, “us”) collects, uses, and protects information when you use our Service.

1. What we collect

  • Account info: email, full name, hashed password (managed by Supabase Auth).
  • Broker credentials: MetaTrader 5 server, login number, investor and trader passwords. Stored encrypted at rest using AES-256-GCM envelope encryption with a key we control.
  • Anthropic API key (BYOK): stored encrypted, used server-side only, never exposed to the browser.
  • Trading activity: heartbeats from your EA (account balance, equity, open positions count), trade events (basket opens/closes), and AI-generated signals associated with your account.
  • Billing data: handled entirely by Stripe. We store only your Stripe customer ID and subscription status.
  • Operational logs: request IPs, user-agent, timestamp. Retained for 30 days for abuse detection.

2. What we don’t collect

We do not have access to your MT5 broker account beyond what the EA reports via heartbeats. We do not see your full trade history, your withdrawals, or your browsing on other sites. We use no third-party analytics tracking on the dashboard.

3. How we use your data

  • To operate the Service (generate signals, run the EA, render the dashboard).
  • To authenticate you and authorise your EA license token.
  • To bill you and prevent fraud.
  • To respond to support requests.
  • To detect and prevent abuse of the API or signal pipeline.

4. Sharing

We share data only with the service providers necessary to operate the Service:

  • Supabase — database, authentication, storage
  • Anthropic — the LLM that generates trading signals (using your API key, not ours)
  • Stripe — payment processing
  • Vercel / hosting provider — serving the web app

We do not sell, rent, or trade personal data with anyone.

5. Retention

Account, billing, and trade history are retained for as long as you have an active subscription, plus 7 years for tax/audit purposes. Operational logs (IP, user-agent) rotate after 30 days. You can request deletion of your account at any time by emailing support@tradingaimind.com.

6. Security

All data is transmitted over TLS. Sensitive credentials (broker passwords, BYOK key) are encrypted at rest. Access to production databases is restricted to our administrative team and audited.

7. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children.

8. Changes

We may update this policy. We’ll notify users by email and post the updated date at the top of this page. Continued use after changes constitutes acceptance.

9. Contact

Email support@tradingaimind.com for any privacy-related question or to exercise data rights available under the law of your jurisdiction.