Private beta — free access by invitation
Option Journal

Legal

Privacy Policy

Last updated: 20 May 2026

This Privacy Policy explains how the operator of Option Journal("we", "us") processes personal data when you use Option Journal at https://optionjournal.appand related application pages (the "Service"). We act as the data controller for the processing described below.

1. Who this policy applies to

  • Visitors to our marketing website
  • Users who create an account or request beta access
  • Subscribers when paid plans are offered (billing data processed by our payment provider)

2. Data we collect

Account and identity

  • Email address, password (stored in hashed form by our auth provider), and optional name
  • Authentication logs and session identifiers

Service and trading data

  • Trades, positions, portfolios, notes, and settings you enter or import (e.g. broker CSV exports)
  • Import file metadata and parsing preferences
  • Usage necessary to run dashboards, calendars, and P&L views

Beta access requests

  • Information you submit on the access request form (e.g. email, message)

Technical data

  • IP address, browser type, device information, and server logs
  • Cookies or similar technologies strictly needed for login and security (see section 8)

3. Why we process your data (legal bases)

Under the GDPR, we rely on the following bases where applicable:

  • Contract — to create your account, provide the journal, imports, and support
  • Legitimate interests — to secure the Service, prevent abuse, and improve reliability (balanced against your rights)
  • Consent — where required (e.g. non-essential cookies or marketing emails, if offered)
  • Legal obligation — when we must retain or disclose data under applicable law

4. How we use your data

  • Operate and maintain the Service you signed up for
  • Authenticate you and protect your account
  • Process broker imports and display analytics you request
  • Respond to support and beta access requests
  • Send service-related emails (e.g. password reset, access approval)
  • Enforce our terms and protect against fraud or misuse

We do not sell your personal data or your trading history to third parties for advertising.

5. Processors and third parties

We use trusted providers who process data on our instructions:

  • Supabase — authentication, database, and file storage for imports
  • Vercel — hosting and delivery of the web application
  • Resend (or similar) — transactional email for beta notifications and auth flows
  • Finnhub — market quotes and FX rates (server-side requests; we do not send your full trade history to Finnhub). Quotes are cached in our database for up to five minutes per symbol to limit external API usage
  • Stripe — when subscription billing is enabled: payment and subscription status (we do not store full card numbers on our servers)

Each provider is bound by contractual safeguards appropriate to their role. Some may process data outside the European Economic Area; we use mechanisms such as Standard Contractual Clauses where required.

6. Retention

  • Account and journal data are kept while your account is active and for a reasonable period afterward unless you request deletion
  • Import files may be retained to allow re-parsing or audit; you can delete imports in Settings
  • Server logs are retained for a limited period for security and troubleshooting
  • Billing records may be kept longer where required by tax or accounting law

7. Security

We implement technical and organisational measures appropriate to a SaaS application (HTTPS, access controls, hashed passwords via our auth provider, private storage buckets). No method of transmission over the Internet is 100% secure; you are responsible for keeping your password and broker export files safe on your devices.

8. Cookies and local storage

We use strictly necessary cookies and local storage for authentication, session management, and theme preference. We do not use third-party advertising cookies on the Service. If we add analytics or marketing cookies later, we will update this policy and, where required, ask for consent.

9. Your rights (EEA / UK)

If GDPR applies to you, you may have the right to:

  • Access a copy of your personal data
  • Rectify inaccurate data
  • Erase data ("right to be forgotten") in certain cases
  • Restrict or object to processing in certain cases
  • Data portability for data you provided, where applicable
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with your local supervisory authority

To exercise these rights, email contact@optionjournal.app. We may need to verify your identity before responding.

10. Children

The Service is not directed at anyone under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us and we will delete it.

11. International users

If you access the Service from outside the EEA, you understand that data may be processed in the United States or other countries where our processors operate, with safeguards as described above.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by the "Last updated" date. We encourage you to review this page periodically.

13. Contact

For privacy questions or requests: contact@optionjournal.app
See also our Legal notice.

← Back to home