Privacy Policy
Effective Date: 27 Dec 2025 | Version: 1.0
1. Introduction
The Daily Profiler, LLC ("Company," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading journal application and related services (the "Service").
This policy applies to all users worldwide and complies with:
- GDPR (General Data Protection Regulation) - European Union
- CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act)
- FTC (Federal Trade Commission) guidelines - United States
- CFTC (Commodity Futures Trading Commission) requirements
2. Information We Collect
2.1 Information You Provide Directly
- Account Registration: Username, email address, password (hashed and encrypted)
- Profile Information: Name (optional), bio, trading preferences, experience level
- Trading Data: Trade logs, journal entries, backtest results, business plans, screenshots, charts
- Newsletter Subscription: Email address, name (optional), subscription preferences
- Support Requests: Contact information, support ticket messages, attachments
2.2 Information Collected Automatically
- Server-Side Session Data: Session ID (stored on server, not in browser cookies)
- Login Activity: Login timestamps, last activity, IP address (for security)
- Technical Information: Browser type, operating system, device type, screen resolution
- User-Agent String: For troubleshooting and compatibility
2.3 Cookies and Tracking Technologies
IMPORTANT: We use server-side sessions stored on our servers (NOT in browser cookies). We do NOT use tracking cookies, analytics cookies, or third-party advertising cookies.
- Session Management: Essential session cookie with session ID only (required for login)
- Consent Preferences: Stored in browser localStorage (not a cookie)
- Third-Party CDN Services: Bootstrap, Font Awesome, Chart.js (non-tracking, functional only)
See our Cookie Policy for complete details.
3. How We Use Your Information
We use your information for the following purposes:
- Provide Services: Deliver trading journal functionality, analytics, reporting
- Account Management: Authenticate users, manage accounts, process requests
- Email Communications: Send password resets, account updates, service notifications
- Newsletter (Opt-In): Send blog updates and trading education content (unsubscribe anytime)
- Improve Service: Analyze usage patterns, fix bugs, develop new features
- Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, fraud
- Legal Compliance: Comply with laws, regulations, court orders, investigations
Legal Basis (GDPR): Consent (for newsletters), Contract (to provide services), Legitimate Interest (security, fraud prevention), Legal Obligation (compliance).
4. How We Share Your Information
WE DO NOT SELL YOUR PERSONAL INFORMATION.
We may share your information only in these limited circumstances:
4.1 Service Providers
- Email Delivery: Microsoft 365 (Microsoft Graph API) for transactional emails and newsletters
- Cloud Hosting: Server infrastructure providers (database, file storage)
- CDN Services: jsDelivr, Cloudflare for static resources (non-tracking)
- Customer Support: Microsoft Teams Live Chat for real-time customer support (chat transcripts, session data)
Microsoft Teams Live Chat: When you use our live chat widget, your messages and session data are processed by Microsoft Corporation. Microsoft acts as a data processor on our behalf. For details, see Microsoft's Privacy Statement.
4.2 Legal Requirements
- Law enforcement requests, court orders, subpoenas
- Regulatory compliance (CFTC, FTC, SEC investigations)
- Protect rights, safety, or property of Company or users
4.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email if this occurs.
4.4 With Your Consent
- Mentorship Matching (Opt-In): Share limited profile info with matched mentors/mentees
- Battle Buddy Pairing (Opt-In): Share contact info with paired trading partners
- Business Plan Sharing (Opt-In): Share business plan with cohort members (private data filtered)
5. Data Retention
- Active Accounts: Data retained while account is active
- Deleted Accounts: Personal data permanently deleted within 30 days (anonymized analytics retained for statistics)
- Newsletter Subscriptions: Retained until unsubscribe, then deleted within 30 days
- Audit Logs: Security logs retained for 7 years (legal compliance requirement)
- Cookie Consent Records: Retained for 3 years (GDPR compliance proof)
6. Your Privacy Rights
6.1 All Users (US & International)
- Access: Request a copy of your personal data
- Correction: Update inaccurate or incomplete information
- Deletion: Request account and data deletion (see Settings)
- Data Portability: Export your data in machine-readable format (JSON/CSV)
- Opt-Out: Unsubscribe from marketing emails (link in every email)
6.2 EU Users (GDPR Rights)
- Right to Object: Object to data processing based on legitimate interests
- Right to Restrict Processing: Limit how we use your data
- Right to Withdraw Consent: Revoke consent at any time (doesn't affect past processing)
- Right to Lodge a Complaint: File complaint with EU Data Protection Authority in your country
- Right to Not Be Subject to Automated Decision-Making: We do not use automated profiling or decision-making
6.3 California Users (CCPA/CPRA Rights)
- Right to Know: Request categories of personal information collected and shared
- Right to Delete: Request deletion of personal information (with exceptions for legal obligations)
- Right to Opt-Out of Sale: We do NOT sell personal information
- Right to Non-Discrimination: Equal service and pricing regardless of privacy choices
- Right to Correct: Request correction of inaccurate personal information
6.4 Exercising Your Rights
To exercise any of these rights, email us at [email protected] or use the Settings page in your account. We will respond within 30 days (GDPR) or 45 days (CCPA).
7. Data Security
We implement industry-standard security measures:
- Password Security: Hashed using bcrypt (industry-standard)
- Encryption in Transit: HTTPS/TLS for all data transfers
- Encryption at Rest: Database encryption for stored data
- Access Controls: Role-based permissions (admin, mentor, user)
- Security Audits: Regular penetration testing and vulnerability scans
- Employee Training: Limited staff access to personal data, NDA agreements
- Incident Response: 72-hour breach notification plan (GDPR requirement)
Note: While we implement strong security measures, no online service is 100% secure. You are responsible for safeguarding your password.
8. Children's Privacy (COPPA Compliance)
Our Service is NOT intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are under 18, do not use the Service or provide any personal information.
If you believe a child under 18 has provided us with personal data, contact us immediately at [email protected] and we will delete it.
9. International Data Transfers
Your data may be transferred to and stored on servers located in the United States. By using our Service, you consent to this transfer and acknowledge that US data protection laws may differ from those in your country.
For EU Users: We comply with GDPR requirements for international data transfers, including appropriate safeguards and data transfer agreements.
10. Do Not Track Signals
Since we do not use tracking cookies or third-party analytics, Do Not Track (DNT) browser settings do not affect our Service. We do not track users across websites.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via:
- Email notification to registered users
- Prominent notice on our website
- Update to "Effective Date" at top of this page
Continued use of the Service after changes constitutes acceptance of the updated policy. If you do not agree to changes, you must stop using the Service and delete your account.
12. Contact Us
For questions, requests, or concerns about this Privacy Policy or your personal data, contact us:
The Daily Profiler, LLC
Email: [email protected]
Website: www.thedailyprofiler.com
Address: [Physical address for GDPR compliance - to be added]
EU Representative: [If required for GDPR - to be added]
DPO (Data Protection Officer): [If required - to be added]