Privacy policy
Last updated: 12 June 2026
This policy explains what information Chartself ("we", "us") collects when you use the Chartself trading journal application (the "Service"), how it's used, and the choices you have. By using Chartself, you agree to the practices described here.
1. Information we collect
Account information. When you register, we collect your email address and a securely hashed password (via Supabase Auth). If you choose to add a display name, timezone, currency, or starting balance, we store those too.
Trade data. Everything you log — symbols, prices, quantities, notes, emotions, screenshots, tags, and any other journal entries — is stored so the app can function. This data is yours.
Payment information. Subscription payments are processed by Stripe. We never see or store your full card number. We retain your Stripe customer ID and subscription status to manage your plan.
AI provider keys (BYOK). If you choose to use AI-powered features, you supply your own API key for a third-party AI provider (OpenAI, Anthropic, Google, xAI, OpenRouter, Groq, DeepSeek, or Mistral). Your key is encrypted at rest. We do not use your key for any purpose other than making requests on your behalf when you trigger an AI feature, and we do not log the contents of those requests or responses on our servers.
Usage and technical data. We may automatically collect standard technical information such as IP address, browser type, device type, and pages visited, for security, debugging, and analytics purposes.
2. How we use your information
- To provide, operate, and maintain the Service (storing and displaying your trades, calculating analytics, etc.)
- To process subscription payments and manage your plan via Stripe
- To send you account-related emails (verification, password reset, billing receipts)
- To send optional notifications you've enabled (weekly AI reports, risk alerts) — these can be turned off in Settings at any time
- To detect, prevent, and address fraud, abuse, or security issues
- To improve and develop the Service
We do not sell your personal data or trade data to third parties, and we do not use your trade data to train AI models.
3. Third-party processors
We rely on the following third parties to operate Chartself. Each processes data under its own privacy policy:
- Supabase — database hosting and authentication (Singapore region)
- Stripe — payment processing and subscription billing
- Vercel — application hosting
- Your chosen AI provider — only if you enable BYOK AI features. Requests are sent directly using your API key; that provider's privacy policy governs how they handle the request
4. Data retention and deletion
Your data is retained for as long as your account is active. You can permanently delete your account and all associated data — trades, risk rules, AI settings, playbooks, and account records — at any time from Settings → Danger zone. This action is immediate, irreversible, and also cancels any active subscription. We may retain minimal billing records where required by law (e.g. tax/accounting obligations).
5. Your rights
Depending on your location, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise most of these rights directly within the app. For anything else, contact us using the details below.
6. Cookies
We use essential cookies/local storage required for authentication and session management. We do not use third-party advertising or tracking cookies.
7. Security
We use industry-standard measures — including encryption in transit (HTTPS), encrypted storage of sensitive fields such as AI API keys, and row-level security on our database — to protect your information. No system is 100% secure, and we cannot guarantee absolute security.
8. Children's privacy
Chartself is not directed at, and is not intended for use by, anyone under the age of 18. We do not knowingly collect information from children.
9. International data transfers
Your data may be processed in countries other than your own, including Singapore (Supabase) and the United States (Stripe, Vercel, and most AI providers). By using the Service, you consent to this transfer.
10. Changes to this policy
We may update this policy from time to time. If we make material changes, we'll notify you via email or an in-app notice. Continued use of the Service after changes take effect constitutes acceptance.