01 Information We Collect
a) Account Information
When you sign up, we collect your email address and an encrypted password. Authentication is handled securely by Supabase, hosted on AWS infrastructure. We never store your password in plain text.
b) Trade Journal Data
If you use the trade journal feature, your trade entries — including symbols, entry/exit prices, quantities, dates, stop-loss levels, and personal notes — are stored in our database. This data is private to your account and is never shared with other users or third parties.
c) Watchlists & Settings
We store your platform preferences, watchlists, chart layout preferences, and user-configured settings (such as Telegram chat IDs and broker integration parameters) in your account profile. Sensitive keys are stored only to enable features you explicitly configure.
d) Usage Data
We collect basic technical data to maintain platform stability and security:
- Pages visited and features used within the platform
- Browser type, device type, and screen resolution
- IP address (for security and abuse prevention only)
- Timestamps of login and session activity
e) Support Conversations
Messages sent through the in-app support channel may be reviewed by our support team to resolve your query. Conversation history is retained for service improvement purposes.
f) Click-wrap Consent Records
When you accept these Terms or this Privacy Policy, we record your User ID, IP address, and timestamp as evidence of informed consent. This is a legal compliance record and is not used for any other purpose.
✓ WHAT WE DO NOT COLLECT
We do not collect: government ID, PAN, Aadhaar, bank account details, demat account credentials, financial statements, or any biometric data. TradEdge never has access to your actual brokerage account or funds.
02 How We Use Your Information
We use your data only for the purposes listed below. We do not use your data for advertising, profiling, or any purpose not described here.
| Purpose | Data Used | Basis |
|---|
| Account authentication & access control | Email, hashed password | Contract |
| Service delivery (scanners, journal, matrix) | Trade data, watchlists, settings | Contract |
| Price alerts & Telegram notifications | Email, Telegram chat ID | Consent |
| Support & troubleshooting | Email, support messages | Legitimate Interest |
| Security & abuse prevention | IP address, session timestamps | Legitimate Interest |
| Platform stability & bug resolution | Usage data, device/browser info | Legitimate Interest |
| Click-wrap consent recordkeeping | User ID, IP address, timestamp | Legal Obligation |
03 Data Storage & Infrastructure
Your data is stored and processed using the following infrastructure:
- Supabase (PostgreSQL on AWS) — Primary database for account data, trade journal, watchlists, and settings. Data is stored on servers in the ap-south-1 (Mumbai) AWS region where available, subject to Supabase's infrastructure configuration.
- Browser localStorage — Certain data (active trade positions, UI preferences, API keys you configure) is stored locally in your browser and never transmitted to our servers unless you explicitly enable cloud sync.
- Cloudflare Workers — Used as an edge proxy layer for API requests. No personal data is stored at the edge; it only routes requests.
- GitHub / Vercel — Used for hosting the platform frontend. No personal user data is stored at the hosting layer.
CROSS-BORDER DATA NOTICE
While we prefer India-region storage, Supabase infrastructure may route or replicate data through servers outside India depending on availability. By using the Service, you consent to this processing. We ensure all third-party providers maintain adequate data protection standards.
04 Data Sharing & Third Parties
We do not sell, rent, or trade your personal data to any third party. Data is shared only in the following limited circumstances:
- Supabase — Our database and auth provider processes your data solely to provide infrastructure services and is bound by their own privacy and security policies.
- Telegram — If you configure Telegram alerts, your chat ID is used exclusively to deliver notifications you have explicitly requested. No other personal data is shared with Telegram.
- Yahoo Finance / NSE APIs — Used to fetch market price data. These are read-only public data sources; no personal data is transmitted to them.
- Cloudflare — Processes network requests as an intermediary. No personal data is retained beyond standard network logs governed by Cloudflare's privacy policy.
- Legal requirements — We may disclose data if required by law, court order, or a competent regulatory authority in India.
NO ADVERTISING DATA SHARING
TradEdge does not participate in any advertising networks. Your trading behaviour, journal data, and usage patterns are never shared with marketers, data brokers, or analytics platforms.
05 Cookies & Local Storage
TradEdge uses browser localStorage (not traditional cookies) for session-side persistence. This includes:
- Active trade positions (
te_trades)
- User preferences and layout settings
- Cached API keys you configure (Supabase URL/key, Groq API key, GitHub token)
- Watchlist data and fund allocation settings
This data lives entirely in your browser and is not automatically synced to our servers. You can clear it at any time by clearing your browser's site data for the TradEdge domain.
We do not use tracking cookies, advertising cookies, or third-party cookie scripts of any kind.
06 Analytics & Tracking
✓ NO THIRD-PARTY ANALYTICS
TradEdge does not use Google Analytics, Meta Pixel, Mixpanel, Hotjar, or any third-party behavioural tracking or analytics tools. We do not track you across websites. We do not build advertising profiles.
Any usage data we collect (as described in Section 1d) is limited to what is technically necessary for platform security and stability, and is processed internally only.
07 Telegram Notifications
TradEdge offers optional Telegram-based price alerts and scanner notifications. This feature works as follows:
- You voluntarily provide your Telegram chat ID to enable alerts.
- Alerts are delivered via our Telegram bot using Telegram's Bot API.
- We transmit only the alert message content (stock symbol, price, signal type) — no personal or financial data is included in alert payloads.
- You can disable Telegram alerts at any time by removing your chat ID from your account settings.
- Telegram's own privacy policy governs their handling of messages delivered through their platform.
08 Data Retention
We retain your data for as long as your account is active or as needed to provide the Service:
- Account data (email, auth records): Retained for the lifetime of your account. Deleted within 30 days of an account deletion request.
- Trade journal entries: Retained indefinitely while your account is active. Exported and deleted upon request.
- Usage & security logs: Retained for up to 90 days for security audit purposes, then purged.
- Support conversations: Retained for up to 12 months, then archived or deleted.
- Click-wrap consent records: Retained for 5 years as a legal compliance record.
09 Your Rights
You have the following rights with respect to your personal data. To exercise any of these, contact us at the details in Section 13.
▸ Access
Request a copy of all personal data we hold about you.
▸ Correction
Request correction of inaccurate or incomplete personal data.
▸ Deletion
Request deletion of your account and all associated personal data.
▸ Portability
Request an export of your trade journal and watchlist data in a machine-readable format.
▸ Withdrawal of Consent
Withdraw consent for optional features (e.g. Telegram alerts) at any time via settings.
▸ Objection
Object to processing of your data for purposes based on legitimate interest.
We will respond to data rights requests within 15 business days. Data purge may take up to 30 days across all systems.
10 Data Security
We implement reasonable technical and organisational measures to protect your personal data:
- All data in transit is encrypted via HTTPS/TLS.
- Passwords are hashed using industry-standard algorithms by Supabase Auth — we never see your plaintext password.
- Database access is restricted via Supabase Row Level Security (RLS) — users can only access their own data.
- Sensitive API keys stored in your account are not exposed via any public endpoint.
- Single active session enforcement limits exposure from compromised credentials.
SECURITY LIMITATION NOTICE
No system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security of data transmitted over the internet or stored in third-party infrastructure. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.
11 Children's Privacy
TradEdge is intended exclusively for users aged 18 years and above. We do not knowingly collect personal data from minors. If we become aware that a user under 18 has created an account, we will immediately terminate that account and delete associated data.
If you believe a minor has registered on our platform, please contact us immediately at the details in Section 13.
12 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, platform features, or applicable law. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Display an in-platform notice for active users.
- Where required by law, seek fresh consent for any new data processing activities.
Continued use of the Service after the updated policy takes effect constitutes your acceptance of the revised Privacy Policy.
13 Contact
For any privacy-related queries, data access requests, or concerns, please contact us:
TRADEDGE — DATA & PRIVACY
📞 +91 96371 79125
Available Mon–Sat, 10:00 AM – 6:00 PM IST
For data deletion, export, or correction requests — mention "Privacy Request" in your message.
Response time: within 15 business days.
This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Sangli, Maharashtra, India.