Privacy Policy

Last updated: March 21, 2026  ·  TradingSuite Pro  ·  tradingsuite.app

01 Introduction

TradingSuite Pro ("TradingSuite," "we," "us," or "our") operates the futures trading automation platform available at https://tradingsuite.app (the "Service"). This Privacy Policy explains what personal information we collect when you use our Service, how we use and protect that information, with whom we share it, and what rights you have over it.

This policy applies to all users of TradingSuite Pro, including visitors to our website, registered account holders, and paying subscribers. By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

We are committed to handling your data with transparency and care. Because TradingSuite connects to your live brokerage accounts and processes trading data on your behalf, we take privacy and security especially seriously. We only collect the information necessary to provide the Service, and we never sell your personal data to third parties.

If you have questions or concerns about this policy, please contact us at [email protected].

02 Information We Collect

We collect the following categories of personal information in the course of providing and improving the Service:

a. Account Registration Data

When you create a TradingSuite Pro account, we collect your full name, email address, and a password. Passwords are never stored in plaintext — they are hashed using bcrypt with a strong work factor before being saved to our database. If you register using Google OAuth, we receive a Google account identifier and your email address in lieu of a password; no Google password is ever shared with us.

b. Phone Number

We collect your phone number solely for the purpose of enabling SMS-based two-factor authentication (2FA) via Twilio. Providing a phone number is required to activate SMS 2FA, but 2FA itself may be optional depending on your account configuration. Your phone number is not used for marketing or sold to third parties.

c. Broker API Credentials

To connect your brokerage accounts (Tradovate, Topstep, or compatible brokers), you provide API tokens, API keys, or login credentials specific to those platforms. These credentials are encrypted at rest in our database using AES-256 encryption before storage. They are decrypted only in memory at the moment they are needed to fulfill your instructions — such as syncing your positions or submitting a trade you have configured. We do not log decrypted credentials, and they are never exposed in plaintext in any log files or administrative interfaces.

d. Trading & Account Data

When your broker accounts are connected, TradingSuite syncs data including your open positions, trade history, profit and loss (P&L) figures, and account balances. This is your own financial data, retrieved from your broker on your behalf and displayed within the platform. We store this data to power your dashboard, analytics, and risk management features. We do not analyze this data for our own commercial purposes or share it with third parties beyond what is necessary to operate the Service.

e. Usage & Analytics Data

We collect certain technical and behavioral information when you visit or use the Service in order to understand traffic patterns and improve platform performance. This includes:

This data is used exclusively for internal analytics. We do not use third-party analytics services such as Google Analytics.

f. Payment & Subscription Information

Billing is handled by Stripe, a PCI DSS Level 1-compliant payment processor. TradingSuite never receives, processes, or stores your credit card number, card verification code, or bank account details. Stripe handles all payment data directly between your browser and their servers. We store only the information Stripe provides to us as a result of a successful transaction: your Stripe customer ID, subscription ID, current plan name, subscription status (active, trialing, canceled, etc.), and billing period. This is the minimum data necessary to manage your subscription and grant or revoke access to the Service.

g. Communications

If you contact us via email or through a support channel, we retain the content of those communications and your contact information in order to respond to you and maintain a record of our correspondence. We do not use support communications for advertising purposes.

h. Affiliate & Referral Data

If you participate in our affiliate or referral program, we collect and store referral codes, referral relationships (which account referred another), and conversion data. This information is used solely to calculate and pay referral commissions and to prevent fraud in the affiliate program.

03 How We Use Your Information

We use the personal information we collect for the following purposes:

Providing and Operating the Service

The core function of TradingSuite requires us to use your account data, broker credentials, and trading data to authenticate you, connect to your brokerage accounts, sync positions, execute automated trading instructions you configure, and display your dashboard. Without this processing, the Service cannot function.

Payment Processing and Subscription Management

We use your email address, name, and Stripe subscription data to manage your subscription lifecycle — including processing payments, issuing receipts, sending renewal reminders, handling plan upgrades or downgrades, and managing cancellations.

Transactional Communications

We send emails for account-related events including email address verification upon registration, password reset requests, subscription confirmation and receipts, upcoming renewal reminders, and important security notifications such as new device logins. These emails are transactional in nature and are not marketing communications. You may not opt out of security-related transactional emails while your account is active.

Two-Factor Authentication

Your phone number is used exclusively to deliver SMS one-time passcodes via Twilio when you authenticate with 2FA enabled. No other SMS messages are sent to your phone number.

Platform Analytics and Improvement

Hashed IP addresses, user agent strings, pages visited, referrer URLs, UTM parameters, and country data are used in aggregate to understand how users navigate the Service, which features are most used, where traffic originates, and how to prioritize improvements. This analysis is performed internally and does not involve profiling individual users for advertising purposes.

Fraud Prevention and Security

We use account activity data and session information to detect suspicious behavior, prevent unauthorized access to accounts, and enforce our Terms of Service.

Affiliate Program

Referral codes and relationship data are used to attribute sign-ups to the correct affiliate, track conversions, and calculate commissions owed.

04 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes — ever.

We share personal data only with the following categories of service providers, and only to the extent necessary to deliver the Service:

Stripe — Payment Processing

When you subscribe or update your billing information, your browser communicates directly with Stripe's servers. Stripe receives and processes your payment card data under their own privacy policy and PCI DSS compliance program. We share your name and email address with Stripe to create and manage your billing account. Stripe's privacy policy is available at stripe.com/privacy.

Twilio — SMS Delivery

To deliver SMS 2FA codes, we pass your phone number and the one-time passcode to Twilio's API. Twilio acts as a data processor on our behalf. They do not retain your phone number beyond the requirements of their own data retention policies. Twilio's privacy policy is available at twilio.com.

Email Service Provider — Transactional Email

We use a third-party email delivery service to send transactional emails (verification, receipts, reminders). Your email address and the content of those emails are transmitted to this provider for delivery. The provider acts as a data processor and does not use your email address for its own purposes.

Google — OAuth Authentication

If you choose to register or log in using "Sign in with Google," Google receives a request from our application and authenticates you. We receive your Google account ID and email address from Google upon successful authentication. If you do not use Google login, no data is shared with Google through our Service.

Tradovate and Topstep — Broker API Integrations

To sync your trading data and execute orders on your behalf, we communicate with Tradovate's and Topstep's APIs using the credentials you have provided. These communications are initiated by you through your use of the Service. The data exchanged with these brokers (positions, orders, account details) is your own data held by those institutions. Please refer to your broker's own privacy policies for information about how they handle your data.

Legal Obligations and Safety

We may disclose personal data when required by law, court order, or valid legal process, or when we have a good-faith belief that disclosure is necessary to prevent fraud, protect the rights or safety of TradingSuite, our users, or the public, or enforce our Terms of Service.

Business Transfers

In the event of a merger, acquisition, asset sale, or bankruptcy proceeding involving TradingSuite, personal data may be transferred as part of that transaction. We will notify affected users via email and/or a prominent notice on our website if such a transfer occurs and if it results in a material change to how your data is handled.

05 Broker Credentials Security

Because broker API credentials grant access to live trading accounts, we treat them with the highest level of care of any data category we hold.

Broker credentials you enter into TradingSuite are encrypted at rest using AES-256 symmetric encryption before being written to our database. The encryption keys are managed separately from the database and are not stored alongside the encrypted credentials. Credentials are only decrypted in application memory at the moment the Service needs to act on your behalf — for example, when polling your account balance or submitting a trade you have configured — and are never written to logs, caches, error reports, or any other persistent storage in decrypted form.

Crucially, TradingSuite cannot and does not initiate trades independently or outside the scope of your explicit instructions. The automation rules, webhooks, and trade copier configurations you set up in the platform define the only conditions under which the Service will interact with your broker. We have no financial incentive to trade your account, and our system architecture does not include any mechanism for staff or automated processes to place unsolicited orders.

We recommend that you use API credentials with the minimum permissions necessary (e.g., trading only, without withdrawal permissions where your broker supports such restrictions), and that you rotate your API credentials periodically. If you suspect your credentials have been compromised, you should revoke them at your broker immediately and update them in TradingSuite.

06 Cookies & Local Storage

TradingSuite uses a minimal approach to client-side data storage focused solely on what is necessary for authentication and session management.

Authentication Tokens (JWT)

Upon login, we issue a JSON Web Token (JWT) to authenticate your session. This token is stored in your browser's localStorage or as an HTTP cookie depending on your session configuration. The token contains your user ID and session metadata and is used to verify your identity on each request to our API. It does not contain sensitive personal information such as your password or broker credentials. Tokens expire automatically and are invalidated upon logout.

No Third-Party Tracking Cookies

We do not use third-party tracking cookies, advertising cookies, or any cookies that follow you across websites. Google Analytics is not installed on TradingSuite. No advertising networks or data brokers have access to information about your use of our platform through cookies placed by TradingSuite.

Strictly Necessary Cookies

Any cookies set by TradingSuite are strictly necessary for the operation of the Service (authentication and session management). These cookies cannot be disabled without preventing you from using the Service.

07 Data Retention

We retain personal data for as long as necessary to provide the Service and comply with our legal obligations, and no longer than is justified by the purposes described in this policy.

Account Data

Your account data — including name, email, hashed password, phone number, broker credentials, subscription records, and trading data — is retained for as long as your account is active. Upon account deletion, we initiate a process to permanently delete your data within 30 days. Some data may be retained beyond this period if required by applicable law or to resolve outstanding disputes or enforce our agreements.

Visit Analytics Data

Usage and analytics data (hashed IP, user agent, pages visited, country, referrer, UTM parameters) is retained for 90 days from the date of collection, after which it is automatically purged from our database. Because raw IP addresses are never stored — only a one-way hash — there is no risk of re-identifying visitors from this data after the fact.

Trading Data

Trading data synced from your brokerage accounts (positions, trade history, P&L) is retained according to your account settings and is available in your dashboard for the duration of your active subscription. Upon account deletion, trading data is deleted along with the rest of your account data within 30 days.

Communications

Support correspondence is retained for a reasonable period to maintain a history of customer interactions and improve our support processes, and is deleted when no longer necessary.

08 Your Rights (GDPR / CCPA)

Depending on where you live, you may have specific legal rights regarding your personal data. We are committed to honoring these rights regardless of your jurisdiction.

Right of Access

You have the right to request a copy of the personal data we hold about you, including information about how it is being used and with whom it has been shared.

Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can update most account information directly in your account settings; for other corrections, please contact us.

Right to Deletion

You have the right to request that we delete your personal data. You may delete your account directly from your account settings, which will initiate deletion of your data within 30 days. For specific deletion requests that do not involve full account deletion, please contact us at [email protected].

Right to Data Portability

You have the right to receive a machine-readable copy of the personal data you have provided to us. To request a data export, please contact us at [email protected].

Right to Opt Out of Sale (CCPA)

California residents have the right to opt out of the "sale" of their personal information. As stated in this policy, TradingSuite does not sell personal data, so this right is not applicable in practice. California residents may still submit opt-out requests, and we will confirm that no sale has occurred.

Right to Restrict Processing (GDPR)

In certain circumstances, EU/UK residents have the right to request that we restrict the processing of their personal data — for example, while the accuracy of data is being contested.

Right to Object

EU/UK residents may have the right to object to processing of their personal data carried out on the basis of legitimate interest, including for analytics purposes.

Legal Basis for Processing (EU/UK)

For users in the European Union and United Kingdom, our legal bases for processing personal data are as follows: account data and broker credentials are processed on the basis of contract performance (processing is necessary to provide the Service you have requested); usage analytics, affiliate tracking, and security monitoring are conducted on the basis of our legitimate interests in operating and improving a safe, functional platform; where required by law, we will seek your consent before processing. You may withdraw consent at any time where consent is the basis for processing.

How to Exercise Your Rights

To exercise any of the rights described above, please email us at [email protected] from the email address associated with your account. We will respond within 30 days (or within the timeframe required by applicable law). We may ask you to verify your identity before fulfilling a request.

If you are an EU/UK resident and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection authority.

09 Children's Privacy

TradingSuite Pro is a financial services platform intended exclusively for adults. The Service is not directed at, and is not intended for use by, individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age. Futures trading involves significant financial risk, and applicable financial regulations in most jurisdictions require traders to be legal adults.

If you believe a minor has created an account or submitted personal information to us, please contact us immediately at [email protected] and we will take prompt steps to delete that information and close the account.

10 International Data Transfers

TradingSuite Pro is operated from and stores data in the United States. If you are accessing the Service from outside the United States — including from the European Union, United Kingdom, or other jurisdictions — please be aware that your personal data will be transferred to, processed, and stored in the United States.

Data protection laws in the United States may differ from those in your country. For transfers of personal data from the EU or UK to the United States, we rely on applicable legal transfer mechanisms, which may include Standard Contractual Clauses approved by the European Commission or equivalent transfer frameworks. By using the Service, you consent to the transfer of your information to the United States as described in this policy.

Our third-party service providers (Stripe, Twilio, and our email provider) also process data in the United States and in other jurisdictions. These providers maintain their own data transfer compliance programs; please refer to their respective privacy policies for details.

11 Security

Protecting your data is central to what TradingSuite does. We implement a range of technical and organizational measures designed to protect your personal information against unauthorized access, disclosure, alteration, and destruction:

Despite our efforts, no security system is impenetrable. We cannot guarantee the absolute security of your data, and we encourage you to use strong unique passwords and enable 2FA on your account. If you believe your account has been compromised, please contact us immediately at [email protected].

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make changes, we will update the "Last updated" date at the top of this page.

For material changes — meaning changes that significantly affect how we collect, use, or share your personal data — we will provide at least 30 days' advance notice by email (sent to the address on your account) and/or by posting a prominent notice on the TradingSuite platform. Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the updated terms.

We encourage you to review this page periodically. Previous versions of this Privacy Policy are available upon request.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please reach out to us. We are committed to resolving privacy inquiries promptly and thoroughly.

TradingSuite Pro — Privacy Inquiries

Email: [email protected]

Website: https://tradingsuite.app

For EU/UK residents exercising GDPR rights, please include "GDPR Request" in the subject line of your email. For California residents exercising CCPA rights, please include "CCPA Request." We aim to respond to all privacy-related inquiries within 30 days.