Privacy Policy

Last updated: March 12, 2026

1. Introduction

ProofTrade (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use the ProofTrade platform (“the Service”).

By using the Service, you consent to the data practices described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account through our authentication provider (Clerk), we may receive:

  • Email address
  • Display name and username
  • Profile avatar (if provided)
  • Authentication identifiers

2.2 Exchange API Credentials

When you connect an exchange account, we collect:

  • Read-only API key and secret
  • Exchange account identifiers

API credentials are encrypted at rest using 256-bit encryption (libsodium) and are only decrypted in memory during active sync operations. We never store credentials in plaintext.

2.3 Trading Data

Through your connected exchange API, we automatically sync and store:

  • Trade history (entries, exits, symbols, sides, quantities, prices)
  • Open and closed positions
  • Order history
  • Calculated performance metrics (PnL, win rate, drawdown, return percentages)
  • Equity curve data

2.4 User-Generated Content

  • Trade annotations and commentary
  • Profile settings and visibility preferences
  • Share card configurations

2.5 Automatically Collected Data

  • IP address and approximate geolocation
  • Browser type, device type, and operating system
  • Pages visited and features used
  • Referring URLs
  • Timestamps of access

3. How We Use Your Information

We use collected information to:

  • Provide the Service — sync trading data, calculate metrics, display profiles and leaderboards
  • Authenticate users — verify your identity and manage account access
  • Improve the Service — analyze usage patterns, diagnose issues, and develop new features
  • Communicate with you — send account notifications, security alerts, and service updates
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations — respond to lawful requests from authorities

We do not sell your personal information. We do not use your trading data to make trading decisions or provide financial advice.

4. Public Information

When you choose to publish your trading performance, the following information becomes publicly accessible based on your visibility settings:

  • Username and display name
  • Profile avatar
  • Aggregate performance metrics (returns, win rate, drawdown)
  • Published trade history (if you choose to share individual trades)
  • Live positions (if you enable live position sharing)
  • Leaderboard ranking
  • Trade and performance annotations

You control your visibility level through your account settings. You can restrict what data is publicly visible at any time. Note that data previously accessed by third parties when it was public cannot be recalled.

5. Data Sharing

We may share your information with:

5.1 Service Providers

  • Clerk — authentication and user management
  • Database hosting provider — encrypted data storage
  • Hosting provider — application deployment and serving

These providers are contractually bound to handle your data securely and only as needed to provide their services.

5.2 Exchange APIs

We send your encrypted API credentials to the relevant exchange (e.g., Bybit) solely for the purpose of reading your trading data. We only make read-only API calls and do not transmit any additional personal information to exchanges.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of ProofTrade, our users, or the public.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such transfer and any changes to this Privacy Policy.

6. Data Security

We implement multiple security measures to protect your data:

  • Encryption at rest — API credentials are encrypted using libsodium (256-bit)
  • Encryption in transit — all data transmitted over HTTPS/TLS
  • Access controls — role-based access to internal systems
  • Audit logging — security-sensitive operations are logged
  • Read-only API access — we never request permissions to trade or withdraw funds

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security and are not responsible for unauthorized access resulting from factors outside our reasonable control.

7. Data Retention

We retain your data as follows:

  • Account data — retained while your account is active
  • Trading data — retained while your account is active and your exchange is connected
  • API credentials — deleted immediately upon disconnection or account deletion
  • Audit logs — retained for up to 12 months for security purposes
  • Automatically collected data — retained for up to 12 months

When you delete your account, we delete your personal data, encrypted API credentials, and trading data. Some anonymized or aggregated data may be retained for analytical purposes. Data that has been made public and cached by third parties is beyond our control to delete.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate personal data
  • Deletion — request deletion of your personal data
  • Portability — request your data in a portable format
  • Object — object to certain processing of your data
  • Restrict processing — request that we limit how we use your data

To exercise any of these rights, contact us at the email address listed below. We will respond within 30 days.

9. Cookies and Tracking

We use essential cookies for authentication and session management (provided by Clerk). We may use analytics tools to understand how the Service is used.

We do not use advertising cookies or sell data to advertisers. We do not engage in cross-site tracking for advertising purposes.

10. Children's Privacy

ProofTrade is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected data from a minor, we will delete it promptly.

11. International Data Transfers

Your data may be stored and processed in countries other than your own. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your jurisdiction.

12. European Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the following additional provisions apply:

12.1 Legal Basis for Processing

We process your personal data on the following legal bases:

  • Contract performance — processing necessary to provide the Service you requested (account management, data syncing, profile display)
  • Legitimate interests — improving the Service, ensuring security, preventing fraud, and analyzing usage patterns, where these interests are not overridden by your rights
  • Consent — where you have given explicit consent, such as opting in to publish trading data publicly
  • Legal obligation — processing required to comply with applicable laws

12.2 Your GDPR Rights

In addition to the rights listed in Section 8, you have the right to:

  • Data portability — receive your personal data in a structured, commonly used, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing
  • Lodge a complaint — file a complaint with your local data protection supervisory authority

To exercise these rights, contact us at the email address listed below. We will respond within 30 days, or sooner as required by applicable law.

13. California Users (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights:

  • Right to know — you may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share it
  • Right to delete — you may request deletion of personal information we have collected, subject to certain exceptions
  • Right to opt-out of sale — we do not sell your personal information. If this changes, we will provide a “Do Not Sell My Personal Information” link
  • Right to non-discrimination — we will not discriminate against you for exercising any of your CCPA rights

To submit a verifiable consumer request, contact us at the email address listed below. We will verify your identity before fulfilling any request.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or in-app notification. The “Last updated” date at the top reflects the most recent revision.

15. Contact Us

For questions, concerns, or requests regarding your privacy or this policy, contact us at: privacy@prooftrade.io