Skip to content

Privacy Policy

Effective date: 12 April 2026

PnLPulse ("we", "us", "the Company") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data. By using PnLPulse you consent to the practices described below.

1. Data we collect

Account information: When you sign up we collect your name, email address, and a securely hashed password. If you upgrade to Pro, our payment processor (Stripe) collects your billing details directly — we do not see or store your full card number.

Trading data: Trade histories you import from connected platforms (MetaTrader 5, cTrader, or CSV uploads), including instrument symbols, entry/exit prices, timestamps, profit/loss, commissions, and swap fees. This data is used solely to generate your analytics.

Account configuration: Account type, risk rules, starting balance, and other profile settings you configure within PnLPulse.

Connection metadata: Platform type, account identifiers, connection status, and sync timestamps. For MT5 connections, encrypted credentials are stored server-side for sync purposes and can be deleted at any time by removing the account. For cTrader connections, OAuth tokens are stored and can be revoked.

Usage data: Pages viewed, features used, and interaction patterns to improve the product. We do not use third-party behavioural advertising trackers.

Technical data: IP address (used for region detection and security, not tracked), browser type, operating system, and device information transmitted automatically by your browser.

2. How we use your data

We use your data to:

  • Provide, operate, and maintain PnLPulse, including generating your analytics, diagnosis, rules, plans, and strategy suggestions.
  • Process payments and manage your subscription via Stripe.
  • Send transactional communications (account confirmation, billing receipts, subscription changes, security notices).
  • Detect and prevent fraud, abuse, and security threats.
  • Improve the service using aggregated, anonymised usage patterns.
  • Comply with legal obligations and respond to lawful requests.

3. What we do not do with your data

We do not sell your personal data or trading data to anyone. We do not share your individual trading history with other users or third parties. We do not use your individual data to train AI models that serve other users. We do not use third-party advertising trackers.

4. Legal basis for processing

We process your data on the following bases: (a) Contract performance — processing necessary to provide the service you signed up for; (b) Legitimate interest — improving and securing the service, fraud prevention; (c) Consent — where you have given specific consent (e.g., marketing communications); (d) Legal obligation — where we are required to process data by law.

5. Third-party data processors

We use a limited number of trusted third-party services to operate PnLPulse:

  • Supabase (database and authentication) — hosted on AWS infrastructure. Stores your account and trading data with row-level security.
  • Stripe (payments) — processes subscription payments. Stripe's own privacy policy governs payment data.
  • Vercel (hosting) — serves the web application. May process IP addresses and request metadata.
  • Resend (transactional email) — delivers account and billing emails.
  • OpenAI (AI analysis) — used to generate diagnosis and improvement suggestions. Only structured analytics summaries are sent — never raw trade data, account credentials, or personally identifiable information.

We may also disclose data where required by law, regulation, legal process, or enforceable government request.

6. Data storage and security

Your data is stored in Supabase (AWS-hosted) with row-level security policies ensuring you can only access your own data. All connections are encrypted in transit (TLS 1.2+). MT5 credentials are encrypted at rest using AES-256. Authentication uses industry-standard practices via Supabase Auth with secure session management.

While we implement reasonable security measures, no system is completely secure. We cannot guarantee absolute security of your data and you acknowledge and accept this risk.

7. Data retention

We retain your data for as long as your account is active or as needed to provide the service. When you delete a trading account, all associated trade data is permanently deleted. When you close your PnLPulse account, all your data is deleted within 30 days, except where we are required to retain records for legal, tax, or regulatory purposes.

Aggregated, anonymised data that can no longer identify you may be retained indefinitely for product improvement.

8. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate personal data.
  • Erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interest.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at contact@pnlpulse.ai. We will respond within 30 days.

9. International data transfers

Your data may be transferred to and processed in countries other than your own, including the United States (where our infrastructure providers operate). We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable.

10. Cookies

PnLPulse uses essential cookies for authentication, session management, and security. These are strictly necessary for the service to function and cannot be disabled. We do not use third-party advertising or tracking cookies.

11. Children's privacy

PnLPulse is not intended for anyone under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before they take effect. The "Effective date" at the top indicates when this version became active.

13. Contact

For privacy-related questions, data requests, or complaints, contact us at contact@pnlpulse.ai.

If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.