Return to Home

Privacy Policy

Last Updated: March 2026 | California Compliance Version

1. Information We Collect

In compliance with the CCPA/CPRA and CalOPPA, we disclose the categories of personal information collected in the preceding 12 months:

  • Identifiers: Email address and IP address (for authentication and security).
  • Financial Information: Trading records, ledger entries, and transaction history actively provided by you.
  • Commercial Information: Subscription history and payment metadata via Stripe.
  • Electronic Activity: Cookies and server logs used strictly for site functionality.

2. How We Handle Sensitive Documents

We utilize "In-Memory" processing for all file uploads (PDFs, CSVs, and Images).

  • No Persistent File Storage: Your original brokerage statements are not stored on our disks. Data is extracted and the file is discarded immediately.
  • Supabase Integration: Only normalized ledger data is stored in your private database profile.

3. Sharing Data with Service Providers

We do not sell your data. We only share information with "Service Providers" necessary to operate TrackPnL:

  • Stripe: Processes your payments. We do not store your full credit card numbers.
  • Supabase: Provides our encrypted database and authentication infrastructure.
  • Google Cloud (Gemini AI): Used for OCR processing of trade screenshots. No data is used to train Google's models.

4. Do Not Sell & Right to Limit Use

Do Not Sell or Share My Personal Information: TrackPnL does not sell, rent, or lease your personal trading history to third parties.

Limit the Use of Sensitive Information: You have the right to limit our use of sensitive financial information strictly to what is necessary to perform the service (e.g., rendering your dashboard).

5. California Consumer Rights (CCPA/CPRA)

  • Right to Know/Access: Request a copy of all data we hold on you.
  • Right to Delete: Use the "Nuke Ledger" feature in Settings or the "Delete Account" feature in your Profile.
  • Right to Correct: Modify any inaccurate trading records directly in your dashboard.

6. "Do Not Track" Signals

TrackPnL does not currently respond to browser "Do Not Track" (DNT) signals, as there is no industry standard for how such signals should be interpreted.

7. Contact for Privacy Requests

To exercise your rights, please email us at:trackpnladmin@trackpnl.app