Privacy Policy

Last updated: April 5, 2026

1. Information We Collect

When you use TradeLens, we collect the following information:

  • Account information: Email address, username, and password (hashed with bcrypt — we never store plain text passwords).
  • Trading data: Trades synced from your MetaTrader 5 accounts, including symbol, entry/exit prices, lot sizes, profit/loss, timestamps, and any notes or classifications you add.
  • Journal entries: Text content, mood ratings, and any images you upload to your trading journal.
  • MT5 credentials: login, password, and server. These are encrypted with Fernet symmetric encryption at rest and never exposed in API responses.
  • Usage data: We may collect basic analytics such as pages visited, feature usage, and error logs to improve the service.

2. How We Use Your Information

  • To provide the trading journal service — syncing trades, computing analytics, and displaying your data.
  • To authenticate you and secure your account.
  • To improve the product and fix bugs.
  • To send important service updates (e.g., security alerts, planned maintenance). We do not send marketing emails without your consent.

3. Data Security

  • Passwords are hashed with bcrypt before storage.
  • Broker credentials (MT5 password) are encrypted with Fernet (AES-128-CBC) at rest.
  • Authentication uses httpOnly secure cookies — tokens are not accessible to JavaScript and cannot be stolen via XSS.
  • All API communication should use HTTPS in production.
  • Login endpoints are protected with rate limiting (5 attempts per 5 minutes per IP).
  • We do not share, sell, or transfer your data to third parties.

4. Data Retention & Deletion

  • Your data is retained for as long as your account is active.
  • You can export all your data at any time as a ZIP file (trades, journal, images, settings).
  • You can request complete account deletion by contacting support. All data including trades, journal entries, images, and account credentials will be permanently deleted.
  • Backups may be retained for up to 30 days after deletion for disaster recovery purposes.

5. Third-Party Services

  • Google OAuth: If you sign in with Google, we receive your email and name from Google. We do not access your Google data beyond authentication.
  • MetaTrader 5: We connect to your MT5 broker's server to sync trades. Your MT5 credentials are encrypted and used solely for trade synchronization.

6. Cookies

We use a single httpOnly cookie for authentication (session management). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Your Rights

  • Access: You can view all your data within the application.
  • Export: Full data export is available at any time (ZIP with all trades, journal, images).
  • Deletion: You may request complete account deletion.
  • Correction: You can edit your trades, journal entries, and account settings at any time.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice within the application. Continued use after changes constitutes acceptance.

9. Contact

If you have questions about this Privacy Policy or your data, contact us at support@tradelens.app.