Skip to main content
Legal

Privacy Policy

Last updated: April 7, 2026

This Privacy Policy explains how Trading Risk Lab (“we”, “us”) collects, uses, and protects your personal data when you use our website and tools.

1. Who we are and how to contact us

  • Controller: Trading Risk Lab is operated by Natalia Manijak, based in Poland. For the personal data described in this Privacy Policy, Trading Risk Lab acts as the data controller unless stated otherwise.
  • Privacy contact: If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to make a complaint directly to us first, use our support page or .

2. Data we collect

Account data

Such as your email address, hashed password handled through Supabase authentication, display name, account settings, consent choices, and plan-related account status.

Subscription and billing data

Such as your selected plan, billing status, billing dates, country and tax-related billing information, Paddle customer identifiers, and records needed to manage purchases, refunds, disputes, and compliance. Full payment card details are handled by Paddle as Merchant of Record and are not stored by us.

Usage and device data

Such as pages viewed, tools used, interactions with the Service, browser type, device type, operating system, language, approximate location derived from IP, IP address, and technical diagnostics used for security, performance, and analytics.

Support and communications data

Information you provide when you contact us for support, report a bug, ask a question, or otherwise communicate with us.

Locally stored data and similar technologies

We use cookies, local storage, session storage, and similar technologies to keep the Service working, remember essential choices, and store your analytics consent choice. If you are logged in, we may also sync your analytics consent preference to your account using Supabase.

Data we do not intentionally request

We do not intentionally request your broker or exchange login credentials or trading account API keys through the Service.

3. How we use your data

We use your data to:

  • Provide, operate, secure, and maintain the Service, including account access, authentication, subscriptions, and core product functionality.
  • Process purchases, renewals, cancellations, taxes, invoices, refunds, disputes, and related customer support.
  • Respond to your questions, requests, and support messages.
  • Monitor performance, investigate errors, prevent abuse or fraud, and protect the security and integrity of accounts and the Service.
  • Measure and understand how visitors use the Service with Google Analytics, but only where required after you have given valid consent for analytics.
  • Comply with legal obligations, enforce our Terms, and keep appropriate business and accounting records.
  • Send service-related communications, such as important updates about the Service, billing, security, legal terms, or your account.

5. Cookies and similar technologies

  • We use cookies, local storage, session storage, and similar technologies to keep the Service working, maintain logins and security, store essential settings, and record your analytics consent choice.
  • We use only one optional cookie category in our consent tool: analytics. We use Google Analytics only where required after you have given valid consent.
  • We do not rely on a separate marketing or advertising cookie category in our current consent tool.
  • For more information, see our Cookie Policy and the choices available in our cookie banner and preferences panel.

6. How we share your data

We may share personal data with trusted service providers that help us operate the Service, including:

  • Supabase for authentication, database, and related infrastructure.
  • Paddle as Merchant of Record for subscriptions, billing, taxes, invoices, refunds, fraud checks, and payment-related support.
  • Cloudflare for hosting, content delivery, caching, site performance, and security.
  • Google Analytics for analytics, but only where required after consent has been given.

We may also disclose personal data where necessary to comply with law, respond to lawful requests, enforce our Terms, detect or prevent fraud or security issues, or protect our rights, users, or the public.

These service providers may act as processors or independent controllers depending on the service and the legal context. We require appropriate contractual and organizational safeguards where applicable.

We do not sell your personal data.

7. International transfers

  • Some of our service providers may process personal data outside your country or outside the EEA or UK, including in countries that may not provide the same level of legal protection as your home jurisdiction.
  • Where required by applicable law, we use appropriate safeguards for international transfers, such as standard contractual clauses, adequacy decisions, or other recognized transfer mechanisms.

8. Data retention

  • We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain records, resolve disputes, enforce agreements, and meet legal, tax, accounting, and security obligations.
  • Account and subscription records are generally kept while your account remains active and for a reasonable period afterwards, unless a longer retention period is required or permitted by law.
  • Support communications and technical logs may be retained for a limited period appropriate to troubleshooting, security, fraud prevention, and record-keeping needs.
  • Analytics data retention is managed through Google Analytics settings and our internal configuration.
  • We may retain anonymized or aggregated information for longer where it no longer identifies you personally.

9. Your rights (including GDPR)

Depending on your location and applicable law, you may have the right to:

  • Request access to the personal data we hold about you.
  • Request that we correct inaccurate or incomplete personal data.
  • Request deletion of your personal data in certain circumstances.
  • Object to or request restriction of certain processing.
  • Request a copy of certain personal data in a portable format.
  • Withdraw consent at any time where we rely on consent, including for optional analytics cookies where applicable.
  • Lodge a complaint with a supervisory authority or regulator if you believe your rights have been infringed.

To exercise your rights, use our support page or . We may need to verify your identity before completing your request.

If you are in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.

10. Security

  • We use reasonable technical and organizational measures to protect personal data, including measures designed to protect data in transit, restrict access, and support account security.
  • However, no website, infrastructure provider, or transmission method can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your account credentials and for notifying us promptly if you suspect unauthorized access.
  • We currently do not operate a public bug bounty program and cannot guarantee monetary compensation, rewards, or other consideration for vulnerability reports. However, we welcome responsible security disclosures submitted in good faith. If you believe you have found a security issue affecting Trading Risk Lab, please contact us at [email protected] with sufficient details to help us understand and verify the issue. We ask that you do not exploit, publicly disclose, access, modify, delete, or exfiltrate any data, or disrupt our services while investigating or reporting a potential vulnerability.

11. Changes to this Privacy Policy

  • We may update this Privacy Policy from time to time to reflect changes to the Service, our providers, our legal obligations, or the way we process personal data.
  • We will post the updated version on this page and update the “Last updated” date. Where required, we may also give additional notice through the Service or by email.

12. Contact and complaints

  • If you have questions, complaints, or requests about this Privacy Policy or your personal data, use our support page or .
  • You may also have the right to lodge a complaint with a data protection authority or other competent regulator, particularly in the country where you live, work, or where you believe a data protection issue has occurred.

Questions about your privacy?

We’re committed to protecting your data. Contact us if you have any questions or want to exercise your privacy rights.