Privacy Policy
Last updated July 3, 2026
This policy explains what we collect, why, and your choices. We aim to collect only what the Service needs to work. The data controller is QuantForge, established in Spain.
1. Information we collect
Account information — your name and email address, and a securely hashed password (we never store your password in plain text).
Content you create — journal entries, portfolio holdings, watchlists, followed models, and saved strategies. This is yours, scoped to your account.
Notification data — your alert preferences and, if you enable push on the mobile app, a device push token used solely to deliver your notifications.
Usage & technical data — basic logs (IP address, timestamps, error reports) needed to operate, secure, and debug the Service.
We do not connect to your brokerage or access your real positions or funds.
2. How we use it & legal bases
To provide and maintain the Service; authenticate you and keep your account secure; compute your personal analytics (e.g. journal discipline, portfolio metrics); deliver the notifications you opt into; send transactional emails (verification, password reset, account notices); and improve reliability and prevent abuse.
Where the GDPR applies, our legal bases are: performance of a contract (providing the Service you signed up for), legitimate interests (security, abuse-prevention, reliability), consent (optional push notifications, which you can withdraw at any time), and legal obligation where applicable.
3. Cookies & sessions
We use a secure session cookie to keep you signed in (via NextAuth). It is essential to the Service. We do not use it to track you across other websites.
4. Third parties we rely on
We share the minimum necessary with infrastructure providers that process data on our behalf, such as our hosting provider, managed database, and email-delivery provider. Market and economic data are fetched from public/third-party data sources; we do not send them your personal data.
We do not sell your personal data.
5. Data security
Passwords are hashed (bcrypt), traffic is encrypted in transit (HTTPS), and access is restricted. No system is perfectly secure, but we take reasonable measures to protect your data.
6. Data retention
We retain your account and content while your account is active. When you delete your account, we delete or anonymize your personal data within a reasonable period, except where retention is required by law.
7. Your rights
You can access and update your account information in Account settings, edit or delete your journal/portfolio entries, and permanently delete your account and all associated data at any time — via Account settings → Delete account on the web, or Account → Delete account in the mobile app.
Under the GDPR (and comparable laws) you also have the right to access, rectify, erase, restrict, and port your data, to object to processing, and to withdraw consent for optional processing (e.g. push notifications). To exercise these, use the in-app controls or contact us. You also have the right to lodge a complaint with your local data-protection supervisory authority.
8. Children
The Service is not directed to anyone under 18, and we do not knowingly collect data from children.
9. Changes to this policy
We may update this policy; material changes will be reflected in the “Last updated” date above and communicated where appropriate.
10. Contact
Questions about privacy? Contact privacy@quantforge.io.