Privacy Policy
Last updated: April 7, 2026
This Privacy Policy explains how Trading Risk Lab (“we”, “us”) collects, uses, and protects your personal data when you use our website and tools.
1. Who we are and how to contact us
- Controller: Trading Risk Lab is operated by Natalia Manijak, based in Poland. For the personal data described in this Privacy Policy, Trading Risk Lab acts as the data controller unless stated otherwise.
- Privacy contact: If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to make a complaint directly to us first, use our support page or .
2. Data we collect
Account data
Such as your email address, hashed password handled through Supabase authentication, display name, account settings, consent choices, and plan-related account status.
Subscription and billing data
Such as your selected plan, billing status, billing dates, country and tax-related billing information, Paddle customer identifiers, and records needed to manage purchases, refunds, disputes, and compliance. Full payment card details are handled by Paddle as Merchant of Record and are not stored by us.
Usage and device data
Such as pages viewed, tools used, interactions with the Service, browser type, device type, operating system, language, approximate location derived from IP, IP address, and technical diagnostics used for security, performance, and analytics.
Support and communications data
Information you provide when you contact us for support, report a bug, ask a question, or otherwise communicate with us.
Locally stored data and similar technologies
We use cookies, local storage, session storage, and similar technologies to keep the Service working, remember essential choices, and store your analytics consent choice. If you are logged in, we may also sync your analytics consent preference to your account using Supabase.
Data we do not intentionally request
We do not intentionally request your broker or exchange login credentials or trading account API keys through the Service.
3. How we use your data
We use your data to:
- Provide, operate, secure, and maintain the Service, including account access, authentication, subscriptions, and core product functionality.
- Process purchases, renewals, cancellations, taxes, invoices, refunds, disputes, and related customer support.
- Respond to your questions, requests, and support messages.
- Monitor performance, investigate errors, prevent abuse or fraud, and protect the security and integrity of accounts and the Service.
- Measure and understand how visitors use the Service with Google Analytics, but only where required after you have given valid consent for analytics.
- Comply with legal obligations, enforce our Terms, and keep appropriate business and accounting records.
- Send service-related communications, such as important updates about the Service, billing, security, legal terms, or your account.
4. Legal bases for processing (GDPR)
If you are in the European Economic Area (EEA), the UK or similar jurisdictions, we rely on the following legal bases when processing your personal data:
- Performance of a contract — for example, when we create and manage your account, provide paid or free features, process subscriptions, and respond to requests that are part of the Service.
- Legitimate interests — for example, to secure the Service, prevent misuse, investigate problems, improve performance, keep internal records, and defend legal claims, provided those interests are not overridden by your rights.
- Consent — for example, when we process optional analytics data using Google Analytics where consent is required by law. You can withdraw your consent at any time through our cookie preferences.
- Legal obligation — for example, when we must keep records for tax, accounting, fraud-prevention, consumer-protection, or other legal compliance purposes.
5. Cookies and similar technologies
- We use cookies, local storage, session storage, and similar technologies to keep the Service working, maintain logins and security, store essential settings, and record your analytics consent choice.
- We use only one optional cookie category in our consent tool: analytics. We use Google Analytics only where required after you have given valid consent.
- We do not rely on a separate marketing or advertising cookie category in our current consent tool.
- For more information, see our Cookie Policy and the choices available in our cookie banner and preferences panel.
6. How we share your data
We may share personal data with trusted service providers that help us operate the Service, including:
- Supabase for authentication, database, and related infrastructure.
- Paddle as Merchant of Record for subscriptions, billing, taxes, invoices, refunds, fraud checks, and payment-related support.
- Cloudflare for hosting, content delivery, caching, site performance, and security.
- Google Analytics for analytics, but only where required after consent has been given.
We may also disclose personal data where necessary to comply with law, respond to lawful requests, enforce our Terms, detect or prevent fraud or security issues, or protect our rights, users, or the public.
These service providers may act as processors or independent controllers depending on the service and the legal context. We require appropriate contractual and organizational safeguards where applicable.
We do not sell your personal data.
7. International transfers
- Some of our service providers may process personal data outside your country or outside the EEA or UK, including in countries that may not provide the same level of legal protection as your home jurisdiction.
- Where required by applicable law, we use appropriate safeguards for international transfers, such as standard contractual clauses, adequacy decisions, or other recognized transfer mechanisms.
8. Data retention
- We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain records, resolve disputes, enforce agreements, and meet legal, tax, accounting, and security obligations.
- Account and subscription records are generally kept while your account remains active and for a reasonable period afterwards, unless a longer retention period is required or permitted by law.
- Support communications and technical logs may be retained for a limited period appropriate to troubleshooting, security, fraud prevention, and record-keeping needs.
- Analytics data retention is managed through Google Analytics settings and our internal configuration.
- We may retain anonymized or aggregated information for longer where it no longer identifies you personally.
9. Your rights (including GDPR)
Depending on your location and applicable law, you may have the right to:
- Request access to the personal data we hold about you.
- Request that we correct inaccurate or incomplete personal data.
- Request deletion of your personal data in certain circumstances.
- Object to or request restriction of certain processing.
- Request a copy of certain personal data in a portable format.
- Withdraw consent at any time where we rely on consent, including for optional analytics cookies where applicable.
- Lodge a complaint with a supervisory authority or regulator if you believe your rights have been infringed.
To exercise your rights, use our support page or . We may need to verify your identity before completing your request.
If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
10. Security
- We use reasonable technical and organizational measures to protect personal data, including measures designed to protect data in transit, restrict access, and support account security.
- However, no website, infrastructure provider, or transmission method can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you suspect unauthorized access.
We currently do not operate a public bug bounty program and cannot guarantee monetary compensation, rewards, or other consideration for vulnerability reports. However, we welcome responsible security disclosures submitted in good faith. If you believe you have found a security issue affecting Trading Risk Lab, please contact us at [email protected] with sufficient details to help us understand and verify the issue. We ask that you do not exploit, publicly disclose, access, modify, delete, or exfiltrate any data, or disrupt our services while investigating or reporting a potential vulnerability.
11. Changes to this Privacy Policy
- We may update this Privacy Policy from time to time to reflect changes to the Service, our providers, our legal obligations, or the way we process personal data.
- We will post the updated version on this page and update the “Last updated” date. Where required, we may also give additional notice through the Service or by email.
12. Contact and complaints
- If you have questions, complaints, or requests about this Privacy Policy or your personal data, use our support page or .
- You may also have the right to lodge a complaint with a data protection authority or other competent regulator, particularly in the country where you live, work, or where you believe a data protection issue has occurred.