Privacy Policy
MADA Marketing Management LLC ("we", "us", "our"), a company registered in Dubai, United Arab Emirates, operates Tradeways (tradeways.app). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our trading journal and analytics platform, including our website, mobile applications, and API. By using Tradeways, you consent to the practices described in this policy.
Last updated: April 2026
1. Information We Collect
We collect the following categories of information when you use the Service: • Account information: name, email address, username, phone number, profile image • Authentication data: hashed passwords, two-factor authentication secrets, passkey credentials, API keys • Trading data: trades, executions, stop-loss and take-profit levels, trade images and screenshots • Trading accounts: account name, currency, traded symbols, demo/live status • Financial records: deposits, withdrawals, fees, commission rates • Journal and notebook content: rich text entries, images, templates, version history • Strategy data: trading strategies, rules, manual compliance checks • Mentor data: mentor-student relationships, permissions, feedback, feedback images • Dashboard and visualization data: custom dashboards, widgets, chart drawings, custom columns, tags • Device and usage data: IP address, user agent string, browser type, session tokens • Billing data: subscription plan, billing interval, payment status (payment details are processed directly by Stripe and never stored on our servers) • Attribution data: how you discovered Tradeways (referral source, partner, affiliate)
2. How We Collect Information
We collect information through the following means: • Direct provision: information you provide during registration, data entry, file uploads, journal writing, and other interactions with the Service • Automated collection: device information, IP address, session data, and usage patterns collected automatically through PostHog analytics • Third-party sign-in: when you sign in via Apple Sign-In or Google Sign-In (on mobile), we receive your name, email address, and profile image from the respective provider • Broker imports: trading data contained in CSV files you upload from your trading broker • Mentor features: data shared between users through mentor-student relationships as configured by the student's permission settings
3. Purposes of Processing
We process your personal data for the following purposes: • Service delivery and core functionality: providing and operating the trading journal and analytics platform • AI-powered trade analysis and journal feedback: processing your data through AI features when you initiate them • Product analytics and service improvement: understanding how the Service is used to identify issues and improve features • Subscription billing and payment processing: managing your subscription and processing payments through Stripe • Mentor and coaching feature operation: facilitating data sharing and communication between mentors and students • Transactional email communication: sending account verification, password reset, and notification emails • Account security and fraud prevention: detecting and preventing unauthorized access and abuse • Legal compliance and dispute resolution: fulfilling legal obligations and resolving disputes
4. Legal Basis for Processing (GDPR)
Data processing is conducted in compliance with the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL) and, where applicable to users in the European Economic Area, the General Data Protection Regulation (GDPR). Contract performance (GDPR Art. 6(1)(b) / PDPL Art. 5): Processing necessary to operate your account, manage trades, process subscription billing, and store your data as part of the service you subscribed to. Legitimate interest (GDPR Art. 6(1)(f) / PDPL Art. 5): Product analytics and service improvement, security monitoring and fraud prevention, maintaining service reliability. Consent (GDPR Art. 6(1)(a) / PDPL Art. 4): AI feature usage (you initiate each analysis request), marketing communications, sharing data with mentors through the coaching feature. Legal obligation (GDPR Art. 6(1)(c) / PDPL Art. 5): Retention of tax and billing records, responding to lawful legal requests, regulatory compliance. No automated decision-making or profiling that produces legal effects or similarly significantly affects you takes place on our platform.
5. Sharing and Third-Party Services
We do not sell your personal data to any third party. We share data with the following service providers, strictly limited to what is necessary for their function: • Stripe (stripe.com): payment processing. Data shared: email address, name, subscription events. Stripe is PCI-DSS certified and processes payments in accordance with its own privacy policy. • PostHog (eu.i.posthog.com, EU-hosted): product analytics. Data shared: anonymized user ID, session data, feature usage events. PostHog processes all analytics data within the European Union. • OpenRouter (openrouter.ai): AI model routing. Data shared: excerpts of your trading data, journal content, or strategy rules as part of AI feature prompts that you initiate. See Section 6 for further details. • Microsoft Azure Communication Services: transactional email delivery. Data shared: email address and message content for account verification, password reset, and notification emails. • Cloudflare R2: file storage. Data shared: trade images, journal images, mentor feedback images, and broker import files. Access to stored files is controlled via server-signed URLs with expiration; files are not publicly accessible. • Convex (convex.dev): backend database and real-time infrastructure. All application data is stored and processed in Convex. When you use mentor features, your trading data may be shared with your designated mentor according to the granular permissions you configure. You retain full control over which data is shared with mentors at all times.
6. AI-Powered Features
When you use AI features within Tradeways, selected data from your account is sent to third-party large language model (LLM) providers via OpenRouter as an intermediary. The specific data sent depends on the feature you use and may include trade details, journal entries, strategy rules, or performance statistics. Data sent is always limited to what is relevant to the specific analysis you request. We log AI interactions for service operation, billing, and quality monitoring. Logged information includes: the feature identifier, the AI model used, input and output content, token usage, processing cost, and processing duration. We do not use your data to train AI models. AI features are opt-in — your data is sent to AI providers only when you actively initiate an analysis or request feedback. You may provide feedback on AI responses through positive or negative ratings, which we use to improve the quality and relevance of the Service. AI features may be modified, improved, or discontinued at any time.
7. Cookies, Tracking, and Local Storage
We use the following cookies and browser storage mechanisms: • Session cookies: authentication session managed by our auth system, containing a session token. These cookies are strictly necessary for the Service to function and cannot be disabled. • Locale cookie: stores your language preference (English or German) to deliver the Service in your chosen language. • Local storage: visual theme preference and display preset selection, stored in your browser for a consistent user experience. For analytics, we use PostHog, hosted on EU infrastructure (eu.i.posthog.com). PostHog uses person profiles to associate usage events with your account for product analytics purposes. Analytics requests are routed through our own domain. We do not use third-party advertising cookies, tracking pixels, or any form of cross-site advertising technology. You may disable non-essential cookies through your browser settings, though this may affect certain features of the Service.
8. International Data Transfers
Our company is registered in the United Arab Emirates. Your data may be transferred to and processed in the following locations: • Convex: United States • Cloudflare R2: global infrastructure • Microsoft Azure: deployment region may vary for email communication • PostHog: European Union (eu.i.posthog.com) • OpenRouter: United States • Stripe: United States (with global infrastructure) For transfers of personal data to countries that have not been recognized as providing an adequate level of data protection, we implement appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, data processing agreements with all service providers, and verification that our vendors maintain compliance with recognized security frameworks. We ensure that all service providers with access to personal data maintain appropriate technical and organizational safeguards consistent with applicable data protection requirements.
9. Data Retention
We retain your personal data for as long as your account is active and necessary to provide the Service. Specific retention periods are as follows: • Account and trading data: retained while your account is active • Session data: automatically expires after 30 days • Server and access logs: 30 days • Payment and billing records: 10 years (as required by commercial and tax law) • AI interaction logs: retained while your account is active • Newsletter consent records: until you unsubscribe When you delete your account, we promptly delete your personal data. This includes anonymization of your account (email address is masked, display name is replaced, profile picture is removed, and active sessions are terminated), deletion of your trading data, journals, images, strategies, and all associated content. AI interaction logs are deleted together with your account data. We may retain anonymized, aggregated data that cannot identify you for statistical purposes. We may retain specific data where required by law (e.g., tax or billing records) for the legally mandated retention period.
10. Data Security
We implement technical and organizational measures designed to protect your personal data, including: • Encryption in transit: all connections to the Service use TLS/HTTPS encryption • Secure authentication: support for two-factor authentication (TOTP), passkeys (WebAuthn), and strong password requirements • Server-signed URLs with expiration for file access: uploaded images and files are not publicly accessible and can only be accessed through time-limited, server-signed URLs • Access controls and the principle of least privilege for internal systems • Regular security reviews of our infrastructure and application code While we take reasonable precautions to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify affected users and relevant supervisory authorities promptly in accordance with applicable law.
11. Your Rights
Under the General Data Protection Regulation (GDPR) and other applicable privacy laws, you have the following rights regarding your personal data: • Right of access: request a copy of the personal data we hold about you • Right to rectification: request correction of inaccurate or incomplete data • Right to erasure: request deletion of your personal data • Right to data portability: request your data in a structured, commonly used, machine-readable format • Right to restriction of processing: request that we limit how we process your data in certain circumstances • Right to object: object to processing based on our legitimate interests • Right to withdraw consent: withdraw your consent at any time for processing activities based on consent, without affecting the lawfulness of processing prior to withdrawal • Right regarding automated decisions: you have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects on you To exercise any of these rights, contact us at support@tradeways.app. We will acknowledge your request and respond within 30 days. If your request is particularly complex, we may extend this period by up to an additional 60 days, and we will inform you of the extension. If you believe your data protection rights have been violated, you have the right to lodge a complaint with a data protection supervisory authority in your country of residence, place of work, or place of the alleged infringement. No automated decision-making or profiling that produces legal effects or similarly significantly affects you takes place on our platform. AI-powered features provide informational outputs only and do not make decisions about your access to services or any other matter with legal significance.
12. Children's Privacy
Tradeways is not intended for individuals under the age of 16. We do not knowingly collect, solicit, or process personal data from children under the age of 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take steps to delete that data promptly. If you believe that a child under 16 has provided us with personal data, please contact us immediately at support@tradeways.app so that we can take appropriate action.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal and regulatory requirements. Material changes will be communicated to you via email to your registered address or through a prominent notice within the Service at least 30 days before they take effect. Your continued use of Tradeways after the effective date of the updated policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
14. Contact Information
If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal data, contact us at: MADA Marketing Management LLC BIN DASMAL BUILDING, Office 1-432 Al Goze Industrial First Dubai, United Arab Emirates Email: support@tradeways.app Represented by: Dennis Jahn