Privacy Policy

Last Updated: December 11, 2025

At Reflectro, we are committed to protecting your privacy and ensuring the security of your personal information and trading data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading journal and analytics platform.

1. Information We Collect

1.1 Personal Information

When you create an account with Reflectro, we collect:

  • Name and email address
  • Password (encrypted and securely stored)
  • Phone number (if provided)
  • Payment and billing information (processed securely through third-party payment processors)
  • Profile preferences and settings

1.2 Trading Data

As a trading journal platform, we collect and store:

  • Trade details (entry/exit prices, position sizes, profit/loss)
  • Trading strategies and rules you create
  • Market data and ticker symbols
  • Trading journal entries, notes, and tags
  • Performance statistics and analytics
  • Screenshots and attachments you upload

1.3 AI Analysis Data

When you use our AI-powered analysis features, we process:

  • Your trading history and patterns
  • Journal entries and notes submitted for AI analysis
  • AI-generated insights and recommendations
  • Usage of AI credits and analysis requests

1.4 Usage Data

We automatically collect information about how you interact with our platform:

  • IP address and device information
  • Browser type and version
  • Pages visited and features used
  • Time and date of visits
  • Referring website addresses
  • Operating system and screen resolution

1.5 Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your logged-in session
  • Remember your preferences and settings
  • Analyze platform usage and performance
  • Provide personalized features and content

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of our platform.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain our services: Process your trades, generate analytics, and deliver AI-powered insights
  • Improve and personalize your experience: Analyze usage patterns to enhance features and user interface
  • Process transactions: Handle subscription payments and manage your account billing
  • Communicate with you: Send service updates, security alerts, customer support responses, and account notifications
  • Develop new features: Research and develop new trading analytics, AI capabilities, and platform enhancements
  • Ensure security: Detect and prevent fraud, abuse, and unauthorized access
  • Comply with legal obligations: Meet regulatory requirements and respond to lawful requests
  • Marketing (with consent): Send promotional materials, feature announcements, and educational content (you can opt-out anytime)

3. How We Share Your Information

We do not sell your personal information or trading data. We may share your information in the following limited circumstances:

3.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform:

  • Cloud infrastructure: Supabase for database hosting and authentication
  • AI providers: OpenAI and Google Gemini for AI-powered analysis features
  • Payment processors: Stripe or similar services for secure payment processing
  • Email services: For sending transactional and marketing emails
  • Analytics providers: For understanding platform usage and improving user experience

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Business Transfers

If Reflectro is involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and how it affects your data.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Protection of our rights, privacy, safety, or property
  • Investigation of fraud or security issues

3.4 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

4. AI and Data Processing

When you use our AI analysis features, your trading data and journal entries may be processed by third-party AI providers (OpenAI, Google Gemini). We take the following measures to protect your data:

  • Data is transmitted securely using encryption
  • AI providers are bound by strict data processing agreements
  • We anonymize sensitive information where possible
  • AI-generated insights are stored securely in your account
  • You can delete AI analysis data at any time

Please note that AI analysis is optional, and you can choose not to use these features while still accessing all other platform capabilities.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest
  • Authentication: Secure password hashing and optional two-factor authentication
  • Access controls: Strict limitations on who can access your data
  • Regular security audits: Ongoing monitoring and vulnerability assessments
  • Secure infrastructure: Enterprise-grade cloud hosting with automatic backups

Security Notice: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but continuously work to maintain the highest security standards.

6. Your Data Protection Rights

Depending on your location, you have the following rights regarding your personal information:

6.1 Access and Portability

You have the right to request a copy of your personal information in a structured, commonly used, and machine-readable format. You can export your trading data and journal entries directly from your account.

6.2 Correction

You can update or correct your personal information at any time through your account settings. If you need assistance, contact our support team.

6.3 Deletion

You have the right to request deletion of your personal information and trading data. You can delete your account through the account settings, which will permanently remove your data within 30 days. Some information may be retained as required by law or for legitimate business purposes (e.g., financial records).

6.4 Restriction and Objection

You can request that we restrict processing of your personal information or object to certain types of processing (e.g., marketing communications).

6.5 Withdrawal of Consent

Where we rely on your consent to process your information, you have the right to withdraw that consent at any time.

6.6 Exercising Your Rights

To exercise any of these rights, please contact us at reflectroteam@gmail.com. We will respond to your request within 30 days.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (e.g., tax and accounting requirements)
  • Resolve disputes and enforce our agreements
  • Improve and develop our platform

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it by law. Backups containing your information will be deleted within 90 days.

8. International Data Transfers

Reflectro operates globally, and your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, such as:

  • Standard contractual clauses approved by regulatory authorities
  • Ensuring service providers maintain adequate data protection measures
  • Obtaining your consent where required

9. Children's Privacy

Reflectro is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information immediately.

10. Third-Party Links

Our platform may contain links to third-party websites or services (e.g., brokerage platforms, educational resources). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: What personal information we collect, use, and share
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: Opt-out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at reflectroteam@gmail.com.

12. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including those outlined in Section 6 above.

Our legal basis for processing your information includes:

  • Contract performance: To provide our services to you
  • Legitimate interests: To improve our platform and prevent fraud
  • Consent: Where you have provided consent (e.g., marketing communications)
  • Legal obligations: To comply with applicable laws

You have the right to lodge a complaint with a supervisory authority in your jurisdiction.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email or through a prominent notice on our platform
  • Obtain your consent if required by law

We encourage you to review this Privacy Policy periodically. Your continued use of Reflectro after changes are posted constitutes your acceptance of the updated policy.

14. Do Not Track Signals

Some browsers support a "Do Not Track" (DNT) signal. Currently, there is no industry standard for responding to DNT signals. Reflectro does not respond to DNT signals at this time. We will update this policy if we adopt a DNT standard in the future.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at reflectroteam@gmail.com.