Informativa sulla privacy
Last updated: 29 March 2026
This Privacy Policy explains how Tradexis ("Tradexis", "we", "us", "our"), a company based in Tbilisi, Georgia, collects, uses, stores, shares, and protects personal data when you use our website (tradexis.io), web application (app.tradexis.io), Chrome browser extension, and related services (collectively, the "Service").
We are committed to protecting your privacy and processing your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the Georgian Law on Personal Data Protection, and other applicable data protection legislation.
1. Data controller
The data controller responsible for your personal data is:
- Entity: Tradexis
- Location: Tbilisi, Georgia
- Email: [email protected]
For payment-related data processing, our payment provider may act as an independent data controller. Please refer to the payment provider's privacy policy (available at checkout) for details on how they handle your payment data.
2. Personal data we collect
We collect and process the following categories of personal data:
2.1 Account and identity data
- Full name (provided via Google OAuth)
- Email address (provided via Google OAuth)
- Profile picture URL (provided via Google OAuth)
- Account identifiers and authentication tokens
2.2 Trading journal data (user-generated content)
- Trade journal entries, including trade direction, instrument/pair, timeframe, entry/exit prices, and trade outcomes
- Confirmation and concept selections (trading strategy annotations)
- Screenshots captured from TradingView via the Chrome extension
- Notes, tags, and other annotations you add to your journal entries
2.3 Technical and usage data
- IP address
- Browser type and version
- Operating system
- Device information
- Pages visited and features used within the Service
- Date and time of access
- Referral source
- Error logs and crash reports
2.4 Payment data
We do not directly collect or store credit card numbers, bank account details, or other financial payment instruments. All payment data is collected and processed by our payment provider. We receive from our payment provider: transaction identifiers, subscription status, plan type, billing country, and transaction amounts for the purpose of managing your account.
2.5 Communication data
- Messages and correspondence sent to our support team
- Feedback and survey responses
3. How we use your data
We process your personal data for the following purposes:
3.1 Service provision and contract performance
- Creating and managing your account
- Authenticating your identity via Google OAuth
- Providing access to the trading journal, Chrome extension, and all Service features
- Storing and displaying your trade journal entries, screenshots, and analytics
- Processing AI-assisted analytics on your trading data (via OpenRouter)
- Managing your subscription and coordinating with our payment provider for billing
3.2 Communication
- Sending transactional emails (account confirmation, password changes, billing notifications)
- Responding to your support requests and inquiries
- Sending service-related announcements (downtime notices, security alerts, material changes to the Service)
3.3 Service improvement and analytics
- Analysing usage patterns to improve features and user experience
- Identifying and fixing bugs, errors, and performance issues
- Conducting aggregate statistical analysis (non-identifying)
3.4 Security and fraud prevention
- Detecting, preventing, and responding to security incidents, fraud, and abuse
- Enforcing our Terms of Service
- Maintaining the integrity and availability of the Service
3.5 Legal compliance
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from public authorities
4. Legal bases for processing (GDPR)
Where the GDPR applies, we rely on the following legal bases for processing your personal data:
- Performance of a contract (Article 6(1)(b)): Processing necessary to provide the Service, manage your account, and fulfil our contractual obligations to you
- Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and conducting analytics, where these interests are not overridden by your rights and freedoms
- Legal obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal obligations
- Consent (Article 6(1)(a)): Where we rely on your consent (for example, for non-essential cookies or optional marketing communications), you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal
5. Data sharing and third-party recipients
We share your personal data only with the following categories of recipients, and only to the extent necessary:
5.1 Payment provider
Our payment provider processes your payment data as an independent data controller. They handle billing, invoicing, tax collection, and refund processing, and operate under their own privacy policy.
5.2 Google (Authentication)
We use Google OAuth for account authentication. When you sign in, Google shares your name, email address, and profile picture with us. Google processes data under its own privacy policy.
5.3 OpenRouter (AI analytics)
If you use AI-assisted analytics features, your trading data may be sent to OpenRouter for processing by large language models. Data sent to OpenRouter is limited to what is necessary for the requested analysis. OpenRouter processes data under its own privacy policy and data processing terms.
5.4 Infrastructure providers
We use hosting and infrastructure providers to operate the Service. Your data is stored on dedicated servers with PostgreSQL databases and Redis caching. These providers process data on our behalf and under our instructions.
5.5 Legal and regulatory authorities
We may disclose personal data where required to do so by law, regulation, legal process, or enforceable governmental request.
We do not sell your personal data to any third party. We do not share your personal data with third parties for their own marketing purposes.
6. International data transfers
Tradexis is based in Georgia. Your personal data may be transferred to and processed in Georgia and other countries where our service providers operate. Georgia has been recognised by the European Commission as providing an adequate level of data protection (Commission Decision of 20 January 2025).
Where personal data is transferred to countries that have not received an adequacy decision, we implement appropriate safeguards as required by the GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognised transfer mechanisms.
7. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy:
- Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for account recovery
- Trading journal data: Retained for the duration of your account. Upon account deletion, journal data is permanently deleted within 30 days
- Screenshots: Retained for the duration of your account. Upon account deletion, all screenshots are permanently deleted within 30 days
- Technical and usage data: Retained for up to 12 months for analytics and security purposes
- Payment records: Retained for up to 7 years as required by applicable tax and accounting laws
- Support correspondence: Retained for up to 3 years after resolution to improve our support quality and resolve any follow-up disputes
After the applicable retention period, personal data is securely deleted or anonymised.
8. Your rights
Under the GDPR and the Georgian Law on Personal Data Protection, you have the following rights regarding your personal data:
- Right of access (Article 15 GDPR): You may request a copy of the personal data we hold about you
- Right to rectification (Article 16 GDPR): You may request correction of inaccurate or incomplete personal data
- Right to erasure (Article 17 GDPR): You may request deletion of your personal data where there is no compelling reason for continued processing
- Right to restriction of processing (Article 18 GDPR): You may request restriction of processing in certain circumstances
- Right to data portability (Article 20 GDPR): You may request to receive your personal data in a structured, commonly used, machine-readable format
- Right to object (Article 21 GDPR): You may object to processing based on legitimate interests, including profiling
- Right to withdraw consent (Article 7(3) GDPR): Where processing is based on consent, you may withdraw consent at any time
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority. For EU/EEA residents, this is the data protection authority in your country of residence. In Georgia, the supervisory authority is the State Inspector's Service (Personal Data Protection Inspector)
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one (1) month of receipt, as required by the GDPR. This period may be extended by up to two additional months for complex or numerous requests, in which case we will inform you of the extension and the reasons for it.
You may also export your trading data at any time from your account settings within the web application.
9. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, loss, or destruction. These measures include:
- Encryption of data in transit using TLS/SSL
- Secure storage in dedicated PostgreSQL databases with access controls
- JWT-based authentication with secure token handling and automatic token refresh
- Regular security reviews and updates
- Access to personal data restricted to authorised personnel only
- Redis caching with appropriate access controls
While we take reasonable measures to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.
10. Children's privacy
The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete that data promptly. If you believe we have inadvertently collected data from a child, please contact us at [email protected].
11. Automated decision-making
The Service may use automated processing to generate trading analytics and AI-assisted insights based on your journal data. These features are informational tools only and do not produce legal effects or similarly significantly affect you. No automated decisions are made regarding your account status, access, or billing without human involvement.
12. Georgian data protection law
In addition to the GDPR, Tradexis complies with the Georgian Law on Personal Data Protection. Under Georgian law, you have similar rights regarding access, rectification, erasure, and objection to processing. The State Inspector's Service (Personal Data Protection Inspector) is the competent supervisory authority in Georgia. Complaints may be directed to the Inspector at: personaldata.ge.
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email or through the Service at least fourteen (14) days before the changes take effect. We encourage you to review this Privacy Policy periodically.
14. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us:
- General privacy inquiries: [email protected]
- Support: [email protected]
- Company: Tradexis, Tbilisi, Georgia