Privacy Policy

1. What we collect

From you directly:

• Account info: email address, password (hashed, never stored in plaintext)
• Profile info: display name, optional handle, trading style, preferred contracts, time zone, TradingView username
• Journal content: daily rituals, trade logs, notes, and anything else you enter into Vigil
• Payment info: handled directly by Stripe — we do not see or store your card number; we receive only a customer reference (a Stripe customer ID) and subscription status

Collected automatically:

• Standard server logs from our hosting providers (IP address, browser type, request timing). These exist for security and reliability monitoring.
• Browser local storage used to keep you signed in and cache Vigil data offline.

We do not currently run third-party analytics, advertising trackers, or session-recording tools on the site or in Vigil.

2. Where it's stored

Account data, profile data, and journal content live in Supabase (a managed Postgres service) in their US-East-1 region. Payment processing and card data are handled by Stripe (US). The marketing pages and Vigil itself are served via Cloudflare Pages (global CDN).

We do not currently transfer your data to any other third party for marketing, profiling, or resale. Operationally we share data only with the providers needed to run the service (Supabase, Stripe, Cloudflare).

3. How we use it

• To run the service: authenticating you, storing your journal, processing your subscription
• To grant TradingView access: we use the TradingView username you provide to manually invite you to the Sphinx indicators
• To communicate: emails about your account, subscription, or material service changes
• To improve the product: aggregate, non-identifying patterns of usage may inform what we build next

We do not sell your data, ever. We do not use journal content for advertising, model training, or anything other than rendering it back to you.

4. How long we keep it

Account data is kept while your account is active and for a reasonable period after cancellation (in case you reactivate). If you request deletion, we remove your journal data and personally identifying profile information; we retain transactional records (billing history) as long as required by tax and accounting obligations.

5. Your choices

• Access: you can see your profile and journal content directly in Vigil
• Export: contact us and we'll provide a copy of your data
• Correction: you can edit profile fields in Vigil settings
• Deletion: email [email protected] to request account deletion
• Cancellation: in Vigil settings, or via the Stripe customer portal

6. Security

Passwords are hashed by Supabase Auth (industry-standard bcrypt). Connections to the site and to Vigil are encrypted in transit (HTTPS). Payment data is handled by Stripe and never touches our servers. We try to follow reasonable security practices, but no online service is invulnerable — see also the limitation of liability in our Terms.

7. Cookies and local storage

We use browser local storage to remember that you're signed in and to cache Vigil's interface for performance. We do not currently set tracking cookies or third-party analytics cookies. If that changes in a future version, we'll update this policy and announce the change.

8. Children

Hermetic Trader is not intended for use by anyone under 18. We do not knowingly collect data from minors. If we learn that we have, we will delete it.

9. Changes

This policy will be updated when the service changes meaningfully or when a more formal version is reviewed by counsel. Material changes will be communicated to active subscribers.

10. Contact

Privacy questions, data access or deletion requests, or anything else: [email protected].