Overview

BT4T is committed to protecting the privacy and security of your trading data. This policy explains what data we collect, how we use it, how we store it, and what rights you have. We believe your trading data belongs to you — we are custodians, not owners.

Data We Collect

Trading Data

• Trade records synced from connected exchanges
• Journal entries, notes, and screenshots
• Performance metrics and analytics calculations
• AI analysis cache (insights generated for your account)

Account Information

• Email address
• Encrypted passwords (bcrypt-hashed, never stored in plain text)
• Subscription plan and billing details
• User preferences and settings

Technical Data

• Usage analytics (anonymized and aggregated)
• API credentials (AES-256 encrypted at rest)
• Session data and authentication tokens

Cookies & Local Storage

• Authentication tokens stored in localStorage
• UI preferences (theme, layout, panel states)
• No third-party tracking cookies

How We Use Your Data

Primary Uses

• Trading analysis, journaling, and performance tracking
• Account management and authentication
• Product improvement using anonymized, aggregated data

AI Processing

• Trade data is processed via the OpenAI API to generate personalised insights
• Your data is not used for AI model training
• AI analysis cache is private to your account
• AI-powered features can be opted out of in Settings

Data Storage & Security

Infrastructure

• PostgreSQL database on encrypted EU-based servers
• AES-256 encryption for all stored API credentials
• Strict access control with role-based permissions
• Audit logging on all sensitive operations
• Regular encrypted backups with tested restore procedures

Data Retention

• Active accounts: data retained indefinitely while the account is active
• Inactive accounts: data retained for 12 months after last login, then scheduled for deletion
• Deleted accounts: all data permanently removed within 30 days of deletion request

Data Sharing

• Your data is never sold to third parties
• AI processing is handled via the OpenAI API under a data processing agreement
• Only anonymized, aggregated statistics may be shared (e.g., platform-wide trading trends)
• We may disclose data if required by law or valid legal process
• In the event of a business transfer (acquisition, merger), users will be notified in advance and given the option to delete their data

Your Rights

Data Access

• Export all your data at any time (CSV and JSON formats)
• API access to your own data
• Full transparency on what data we hold about you

Data Control

• Delete individual trades, journal entries, or your entire account
• Request correction of inaccurate data
• Data portability — take your data with you if you leave

Privacy Controls

• Profile visibility settings (public, private, followers-only)
• Communication preferences and notification controls
• Limits on data processing (e.g., opt out of AI features)

File Uploads

• Supported image formats: PNG, JPG, JPEG, WebP, GIF
• Maximum file size: 5 MB per image
• No automated analysis or scanning of image content
• Access control enforced per user — only you can see your uploads
• Images are permanently deleted when the associated content is removed

Contact & Requests

• Privacy inquiries: privacy@bt4t.com
• Response time: within 72 hours for standard requests
• Complex requests (full data export, account deletion): completed within 30 days

When this policy is updated, we will notify all registered users by email. Changes take effect 30 days after notification.

Compliance

• Security practices aligned with the NIST Cybersecurity Framework
• Data minimization — we only collect what is necessary for the service
• Purpose limitation — data is used only for the purposes described above
• GDPR compliant (EU users): right to access, rectification, erasure, portability, and objection
• CCPA compliant (California users): right to know, delete, and opt out of sale (we do not sell data)
• Data residency information available on request