Privacy Policy
Last updated: 17 May 2026
1. Introduction
This Privacy Policy describes how Tradevis (“Tradevis”, the “app”, “we”, “us”) collects, uses, and shares personal data when you use the Tradevis mobile application on iOS.
By creating an account or using Tradevis, you agree to the practices described here. If you do not agree, do not use the app.
2. What we collect
We collect only what is necessary to provide the app’s functionality. The categories are:
| Category | Examples | Source |
|---|---|---|
| Account information | Email address, password (stored as a salted hash, never in plaintext) | You provide it at sign-up |
| Trading profile | Methodology preference (SMC/ICT, ORB, etc.), preferred timeframes, risk percentage, trading sessions, self-identified weaknesses | You provide it during onboarding and in Settings |
| Chat content | Messages you send to the in-app AI coach (Tradevis Chat), including any text you write | You write it in the app |
| Trade and account data | Open positions, pending orders, trade history, account balance and equity, broker name and account number | Read from your MetaTrader 4/5 broker via MetaApi after you connect a broker account |
| Subscription status | Whether you have an active Tradevis Pro subscription, anonymized RevenueCat user identifier | From Apple App Store via RevenueCat |
| Saved coaching memory | Short text snippets you ask Tradevis to remember (e.g. lessons, rules) and a vector representation of those snippets used to retrieve them in future conversations | You write it in the app and choose to save it |
| Trade journal entries | Optional emotion tags you attach to trades (e.g. “planned”, “revenge”, “fomo”), free-text notes, and AI-generated post-trade analysis | You provide it in the journal section of the app |
| Push notification tokens | A device-level identifier issued by Apple (APNs) used solely to deliver Tradevis notifications about scanner signals and resolved setups. Subscribers’ tokens are queried on each cron tick so we can fan out a shared signal to everyone on a paid tier. Not used for tracking and not shared with advertisers. | Issued by your device’s OS when you allow notifications |
| Voice (text-to-speech) audio | When you enable voice mode, the text the AI generates in reply to you is sent to OpenAI’s text-to-speech service and the returned audio is played back on your device. The audio is not stored on our servers; it is streamed and discarded after playback. | Generated by the AI from your chat content; you control whether voice mode is on |
| Technical data | Device type, iOS version, app version, IP address (used transiently for request routing), timestamps of activity | Collected automatically when you use the app |
We do not collect: precise location, contacts, photos or camera content, microphone audio, health data, browsing history outside the app, or advertising identifiers (IDFA). We do not run third-party analytics or advertising SDKs.
3. How we use it
- Provide the service. Authenticate you, deliver AI chat responses, sync your strategy profile across devices, display your trades and account state.
- Personalize coaching. Pass your trading profile and recent trades to the AI so it can tailor its analysis to your stated strategy and risk preferences.
- Manage your subscription. Verify entitlement to Pro features and restore purchases.
- Run the scanner and deliver notifications. Our server-side scanner runs on a fixed schedule (every 15 minutes during the New York and Asia sessions on weekdays) and looks for trading setups on a small set of validated instruments. When it finds one, it inserts a shared signal row (not tied to any individual user) and pushes a notification to all subscribers’ devices via Apple’s push service. The scanner itself does not see your personal trade history; only your push notification token is used at the delivery step.
- Maintain security and integrity. Detect abuse, enforce rate limits, prevent unauthorized access.
- Comply with law. Respond to lawful requests from competent authorities.
Our legal bases under the GDPR are: performance of a contract with you (delivering the app you requested), our legitimate interests (security, abuse prevention), and your consent (where applicable, e.g. for optional features you enable).
4. Service providers (sub-processors)
We use the following third-party services to operate Tradevis. Each receives only the minimum data needed for its role:
| Provider | What it sees | Purpose |
|---|---|---|
| Supabase (United States) | Email, password hash, trading profile, chat messages, trade history, broker connection metadata, subscription status | Authentication, database, edge function backend |
| OpenAI (United States) | Your chat messages and the trading-context blocks we send with them (current pair, recent trades, strategy). When voice mode is on, the text of AI replies is also sent to OpenAI’s text-to-speech endpoint to generate spoken audio. | Generates AI coaching responses and optional spoken text-to-speech audio. We use the OpenAI API; per OpenAI’s policy, API content is not used to train their models. |
| MetaApi (operated by Agilium Labs LLC) | Your MetaTrader 4/5 broker server, login, and read-only investor password (never your master password); your trades and account state | Connects securely to your broker to read positions and place trades you initiate in the app |
| RevenueCat (United States) | Anonymized user identifier, App Store transaction receipts, subscription status | Subscription management and restore purchases |
| Finnhub (United States) | Symbol queries (e.g. “EURUSD”), date ranges; no personal account data | Economic calendar and market news lookups. Also used by the server-side scanner and by the in-app news-window gate (if you enable that rule in your trading checklist) to suppress signals and block order placement around high-impact economic events. |
| Expo (United States) | Your device push token and the contents of notifications we send (e.g. “EURUSD long signal resolved”) | Relays push notifications from our backend to Apple’s push service so they reach your device |
| Yahoo Finance (United States) | Instrument symbols (e.g. “EURUSD”) and date ranges; no personal account data | Public market candles when you have not connected a broker, so charts still load |
| Apple | App Store purchase information for in-app subscriptions | Subscription billing through App Store; we do not see your payment card |
We do not sell your personal data to anyone. We do not share your data with advertisers or data brokers.
5. Data retention
- Account and profile data: retained while your account is active. Deleted within 30 days of account deletion.
- Chat messages and saved coaching memory: retained until you delete your account or remove the entry from Settings. Locally cached chat on your device is cleared when you sign out or uninstall the app.
- Trade history mirror: retained for the lifetime of your connected broker account; deleted on broker disconnect or account deletion.
- Server logs: retained up to 30 days for operational and security purposes.
- Subscription records: retained as required by tax and accounting law (typically 6 years in the EU).
You can delete your account at any time from Settings → Delete Account. This triggers a cascade deletion across all systems we control.
6. Your rights (GDPR)
If you are in the European Economic Area, the United Kingdom, or another jurisdiction granting equivalent rights, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — correct inaccurate data (most fields are editable directly in the app).
- Erasure — have your data deleted (the in-app Delete Account button does this).
- Restriction — ask us to stop processing while a complaint is investigated.
- Portability — receive your data in a machine-readable format.
- Object — to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent.
- Lodge a complaint — with your supervisory authority. In Croatia this is the Croatian Personal Data Protection Agency (AZOP).
To exercise any of these rights, email tradevis@proton.me. We will respond within 30 days.
7. Security
We use industry-standard measures to protect your data: TLS for all network communication, password hashing with secure algorithms, row-level security policies on the database so users can only access their own rows, and least-privilege access controls for our backend.
No system is perfectly secure. If we become aware of a breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33.
8. International data transfers
Some of our service providers (Supabase, OpenAI, MetaApi, RevenueCat, Finnhub, Expo, Yahoo Finance) are based in or operate from the United States. When your data is transferred outside the European Economic Area, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures consistent with the Schrems II ruling.
9. Children
Tradevis is not directed to children. The app is rated 17+ on the App Store and discusses financial-trading concepts that are unsuitable for minors. We do not knowingly collect data from anyone under 17. If you believe a child has provided data to us, contact us and we will delete the account.
10. Tracking and advertising
Tradevis does not track you across other companies’ apps or websites. We do not use the AppTrackingTransparency framework because we do not engage in tracking as Apple defines it. We display no advertising. We do not use third-party analytics SDKs.
11. Changes to this policy
We may update this policy as the app evolves or as legal requirements change. The “Last updated” date at the top will reflect the most recent revision. Material changes will be communicated in-app before they take effect. Continued use after a change constitutes acceptance.
12. Contact
Questions, requests, or complaints regarding privacy:
Email: tradevis@proton.me
Tradevis is operated by Roko Pavelic, an individual based in Croatia, acting as the data controller for the purposes of the GDPR.