This Privacy Policy explains how TradeStop (“TradeStop”, “we”, “us”, or “our”) collects, uses, and shares information when you visit our websites (including https://www.letstradestop.com and any subdomains) and when you use our Windows desktop application (the “App”). It also describes your privacy rights and how the law protects you.

If you do not agree with this policy, please do not use our Services.

Who we are & how to contact us

• Controller: TradeStop

• Website: https://www.letstradestop.com (and subdomains)

• Support / Privacy contact: support@letstradestop.com

If you are in a jurisdiction that requires a local representative or a Data Protection Officer (DPO), contact us at the email above and we’ll provide details.

What this policy covers

This policy applies to:

• Our public website (marketing pages, help pages, forms).

• Our Windows desktop App used to schedule trading sessions and enforce blocking rules.

This policy does not apply to third-party websites, services, or brokers/platforms that you access from our website or App.

What we collect

We collect the minimum information needed to provide TradeStop safely and reliably.

3.1 Information you provide to us

• Account information (if you create an account): email address, hashed password (authentication is provided by our identity provider, currently Supabase, acting as our processor).

• App configuration: session schedules (e.g., start/end times, recurrence), feature toggles, time zone, and other preferences.

• Manual override reasons: if you use the one-per-day manual unblock, we store the text reason and timestamps to support the 5-minute cooldown, your daily allowance, and your activity history.

• Support communications: messages you send us (e.g., support requests, feature requests, or broker addition requests).

3.2 Information we collect automatically

• Website logs: standard web logs (IP address, user-agent, pages viewed, timestamp, referrer).

• App diagnostics (minimal by default): App version, OS version, basic error logs. If we enable optional crash reporting (e.g., via Sentry) and you opt in, crash reports may include stack traces and machine/OS metadata. We do not collect trading data.

• Security/abuse prevention: limited technical data required to protect our Services (e.g., rate limiting, fraud prevention, and service integrity).

3.3 Information we do not collect

• No broker credentials: TradeStop does not ask for or store your TradingView or broker usernames, passwords, API keys, or tokens.

• No order/position data: TradeStop does not read your orders, positions, balances, or trading history.

• No traffic interception: The App enforces blocking locally on your Windows machine (Windows Firewall rules, hosts file entries, and optional local DNS sinkhole) and does not route your traffic through our servers.

How we use your information (purposes & legal bases)

We use your information to:

1. Provide and maintain the Service (Art. 6(1)(b) GDPR / contract)

   • Authenticate your account, store session schedules, enforce limits, maintain logs needed for features (e.g., one allowed manual unblock per day, cooldown timers).

2. Improve reliability and security (Art. 6(1)(f) GDPR / legitimate interests)

   • Secure our Services, prevent abuse, debug errors, enhance stability and performance.

3. Communicate with you (Art. 6(1)(b) or (f) GDPR)

   • Respond to support requests, send important notices (e.g., critical updates).

4. Process payments (if/when you subscribe) (Art. 6(1)(b) GDPR)

   • Payments are handled by our Payment Provider (e.g., Stripe/Paddle). We do not store your full card details on our servers.

5. Comply with law (Art. 6(1)(c) GDPR)

   • Legal, regulatory, or audit requirements.

Where we rely on consent (e.g., optional analytics or crash reporting), you can withdraw it at any time via in-product settings or by contacting us.

How the App works (privacy by design)

• Local enforcement: The App creates and manages Windows Firewall rules, hosts file entries, and an optional local DNS sinkhole to block broker/platform endpoints during out-of-session times.

• No API access to brokers: We block domains/IPs; we don’t connect to your broker accounts or handle API keys.

• Minimal logging: We store timestamps of blocks/unblocks and manual override reasons only to make the features work (daily allowance, 5-min cooldown, activity history) and to provide visibility to you.

• Uninstall cleanup: When you uninstall, the App removes the rules it created. Account data (e.g., schedules, logs) persists in your account until you delete it or close your account (see Retention).

Cookies and similar technologies (website)

• Essential cookies: for basic site functionality (e.g., remembering preferences or session state).

• Analytics (if enabled): we may use privacy-respecting analytics to understand site usage. Where required, we’ll request your consent via a banner.

• Third-party embeds: if pages include embedded content (e.g., videos), those providers may set their own cookies. See §10 below.

You can control cookies via your browser settings. Rejecting non-essential cookies may reduce certain site features.

Payments

If you purchase a subscription, payment processing is handled by a third-party Payment Provider. We receive payment status data (e.g., success/failed, subscription state, and limited metadata) but not your full card number. Your payment information is processed under the Payment Provider’s privacy policy and PCI-DSS requirements.

Sharing & disclosure

We do not sell your personal data. We share it only with:

• Service providers / processors:

  • Supabase (authentication, database, hosting)

  • Payment Provider (subscriptions and billing)

  • Error/crash reporting (if enabled; e.g., Sentry)
    These providers process data on our instructions under data processing agreements.

• Legal & safety: We may disclose information if required by law, to protect our rights, users, or the public, or to detect/prevent fraud, abuse, or security incidents.

• Business transfers: If we engage in a merger, acquisition, or asset sale, your data may be transferred per applicable law with notice to you.

Data retention

We keep data only as long as necessary for the purposes above:

• Account & configuration: kept while your account is active. If you close your account, we delete or anonymize within 30 days, unless we must retain for legal reasons.

• Activity logs (block/unblock events, override reasons): retained for up to 12 months by default to provide your history; you can request earlier deletion.

• Support tickets: retained while your request is active and for a reasonable period thereafter for troubleshooting/audit.

• Website logs: typically retained for 30–90 days for security/operational purposes.

We may retain minimal records if required by law (e.g., tax, accounting, fraud prevention).

Third-party links & embedded content

Our site may link to or embed third-party content (e.g., videos, documentation). Those sites may collect data about you, use cookies, and monitor interactions according to their own privacy policies. We are not responsible for their practices.

International data transfers

We and our processors may store and process data in countries other than yours (for example, where Supabase or our Payment Provider operates). When we transfer personal data internationally, we rely on appropriate safeguards (such as Standard Contractual Clauses or other lawful mechanisms). Contact us if you want details relevant to your jurisdiction.

Security

We implement administrative, technical, and physical safeguards to protect your data (e.g., encrypted transport, restricted access, configuration hardening). No system is 100% secure; please use strong passwords, keep your system up to date, and contact us immediately if you suspect unauthorized access.

The App requires system permissions to manage Windows Firewall, hosts file, and DNS sinkhole entries. These changes are limited to enforcing your schedules and can be removed by the App or during uninstall.

Your rights

Depending on your location, you may have the following rights:

• Access: request a copy of personal data we hold about you.

• Rectification: correct inaccurate or incomplete data.

• Deletion: request deletion of your data (subject to legal retention).

• Restriction / Objection: limit or object to processing in certain cases.

• Portability: receive your data in a portable format.

• Withdraw consent: where we rely on consent (e.g., optional analytics/crash reporting).

To exercise rights, email support@letstradestop.com. We may need to verify your identity.

CCPA/CPRA (California)

We do not sell or share personal information for cross-context behavioral advertising. California residents can request access/deletion and non-discrimination for exercising rights. Submit requests at support@letstradestop.com.

Children’s privacy

TradeStop is not intended for children under the age of 16 (or the age required by your jurisdiction). We do not knowingly collect personal data from children. If you believe a child provided us data, contact us and we’ll delete it.

Broker coverage & requests (transparency notice)

TradeStop blocks order routing by targeting broker/platform domains and IP addresses you select from our supported list. We maintain the list centrally to keep pace with changes, so you do not need to manage endpoints yourself.
If we don’t currently support your broker, email support@letstradestop.com with the broker/platform name (and login URL/gateway if available). We’ll validate and add it promptly.

Changes to this policy

We may update this policy from time to time. We’ll post the new version with a “Last updated” date at the top. For material changes, we’ll provide additional notice (e.g., in-app message or email).

How to reach us

Questions, requests, or complaints about privacy?
Email: support@letstradestop.com
We aim to respond within a reasonable timeframe. If you’re in the EU/UK and believe we have not resolved your concern, you may lodge a complaint with your local data protection authority.

Appendix: Comments, media, and spam (if you enable blog/comments)

If our site allows comments or uploads:

• When visitors leave comments, we collect the data shown in the form, plus IP address and user-agent to help spam detection.

• An anonymized hash of your email may be sent to Gravatar to check if you use it (see https://automattic.com/privacy/). After approval, your profile image may be visible with your comment.

• If you upload images, avoid including EXIF GPS data; visitors could download and extract that location data.

• If you request a password reset, your IP may be included in the reset email for security.