Privacy Policy

1. Information We Collect

• Account information— email address, full name, and hashed password when you register.
• Broker connection data— trading account identifiers and OAuth tokens required to connect your brokerage accounts.
• Trading data— positions, orders, fills, and profit/loss data processed in real time for trade copying and risk management.
• Usage and diagnostics— page views, feature usage, and error reports collected through PostHog (analytics) and Sentry (error monitoring).
• Billing information— payment details processed securely by Stripe. We do not store credit card numbers on our servers.

2. Credential Security

Broker OAuth tokens are encrypted at rest using AES-256-GCM. We never see, store, or have access to your broker passwords. OAuth tokens are used exclusively to maintain authenticated connections with your trading accounts and are revocable at any time from your dashboard.

3. How We Use Your Data

• Authenticate your identity and manage your account.
• Execute trade copy operations between your connected accounts.
• Enforce risk management rules and position limits you configure.
• Monitor platform health, diagnose errors, and improve the service.
• Process subscription payments and manage billing.
• Communicate service updates, security notices, and support responses.

4. Third-Party Services

• Stripe— payment processing and subscription management.
• Sentry— error monitoring and crash reporting.
• PostHog— product analytics and feature usage tracking.

Each third-party processor operates under its own privacy policy and data processing agreements.

5. Data Storage and Location

Application data is stored on Fly.io servers located in the United States (Chicago region). Data may be transmitted through encrypted channels to broker APIs located in other regions as required for trade execution.

6. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data is shared only with the third-party service providers listed above, as required by law, or to protect the security and integrity of the platform.

7. Cookies

MimikTrader uses session cookies to maintain your authenticated session. We do not use advertising or cross-site tracking cookies. PostHog may set a first-party analytics cookie to understand feature usage across sessions.

8. Your Rights

• You may request a copy of the personal data we hold about you.
• You may request deletion of your account and associated data by contacting support. Deletion requests are processed within 30 days.
• You may disconnect broker accounts and revoke OAuth tokens at any time from the dashboard.

9. Changes to This Policy

We may update this policy as our data practices evolve. Material changes will be communicated via email or an in-app notice. Continued use of the platform after changes take effect constitutes acceptance of the revised policy.

10. Data Retention

Data associated with active accounts is retained for as long as your account remains active. If you delete your account, your trading data is retained for 12 months after deletion for regulatory and compliance purposes, after which it is permanently deleted. Non-trading account data (e.g. email, name) is deleted within 30 days of account deletion unless retention is required by law.

11. Your Privacy Rights (GDPR/CCPA)

Depending on your location, you may have additional rights regarding your personal data:

• Right to access— request a copy of the personal data we hold about you.
• Right to portability— receive your data in a structured, commonly used format.
• Right to correction— request correction of inaccurate personal data.
• Right to deletion— request deletion of your personal data, subject to legal retention requirements.
• Right to object— object to certain types of data processing.

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of the sale of personal information. We do not sell your personal information.

EU residents (GDPR): You have the rights outlined above under the General Data Protection Regulation, including the right to lodge a complaint with your local supervisory authority.

To exercise any of these rights, contact us at support@mimiktrader.com.