Privacy Policy
Last Updated: 4 March 2026
Table of Contents
1. Data Controller
PegasusTrading, operated from the United Kingdom, is the data controller for the purposes of the UK GDPR and EU GDPR.
Contact: support@pegasustrading.com
2. Data We Collect
- Account data: email address, hashed password (managed by Supabase Auth)
- Trade data: all trade entries, journal data, notes, screenshots, custom metrics — voluntarily submitted by the user
- Usage data: pages visited, features used, interaction timestamps, feature usage frequency
- Payment data: processed entirely by Stripe — we store only a customer reference ID, never card details
- Technical data: browser type, device type, screen resolution, operating system, IP address
- Communication data: any messages sent to our support email
3. Legal Basis for Processing (UK GDPR / EU GDPR)
- Performance of contract: processing account data, trade data, and subscription data is necessary to provide the service
- Legitimate interests: usage analytics and technical data to maintain, secure, and improve the platform
- Consent: marketing communications (if ever implemented — strictly opt-in only)
- Legal obligation: retaining records required by law
4. How We Use Data
- To provide, maintain, and operate the trading journal service
- To calculate analytics and statistics from user-submitted trade data
- To process subscriptions and payments via Stripe
- To send transactional emails (account verification, password reset, subscription notifications)
- To detect and prevent fraud, abuse, and security incidents
- To improve the platform based on anonymised usage patterns
We do NOT:
- Sell, rent, or trade personal data to any third party
- Use individual trade data to train AI or machine learning models
- Use personal data for targeted advertising
5. Data Storage & Security
- Data is stored using Supabase infrastructure
- All data is encrypted in transit (TLS/SSL) and at rest
- Row Level Security (RLS) is enforced at the database level — users can only access their own data
- We implement regular security reviews and access controls
No security measure is 100% effective — while we take reasonable precautions, we cannot guarantee absolute security.
6. Data Retention
- Account and trade data is retained while the account is active
- Upon account deletion, all personal data and trade data is permanently deleted within 30 days
- Database backups that may contain deleted data are purged within 30 days of deletion
- Anonymised, aggregated analytics data may be retained indefinitely as it contains no personally identifiable information
- Records required by law (e.g. transaction records for tax purposes) are retained for the period required by applicable law
7. Data Sharing & Third Parties
- Supabase — data storage and authentication infrastructure
- Stripe — subscription payment processing
No third-party analytics tools are used at present. Each third-party service operates under their own privacy policy.
We will never sell personal data to advertisers or data brokers. We may disclose data if required by law, court order, or to protect the safety and rights of PegasusTrading or its users.
8. International Data Transfers
If user data is transferred outside the UK or European Economic Area (e.g. if Supabase infrastructure is hosted in the US), appropriate safeguards are in place: Standard Contractual Clauses (SCCs) or UK International Data Transfer Agreement (IDTA) as applicable.
The UK adequacy decision for relevant jurisdictions applies where available.
9. User Rights (UK GDPR / EU GDPR)
- Right of access — request a copy of all personal data we hold about you
- Right to rectification — correct any inaccurate or incomplete data (can be done directly in the app for trade data)
- Right to erasure (right to be forgotten) — delete your account and all associated data
- Right to data portability — receive your trade data in a commonly used, machine-readable format (export feature planned for post-launch)
- Right to restrict processing — request we limit how we use your data
- Right to object — object to processing based on legitimate interests
- Right to withdraw consent — withdraw consent for any consent-based processing at any time
To exercise any of these rights, contact support@pegasustrading.com. We will respond to all valid requests within 30 days as required by UK GDPR.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have been breached.
11. Age Requirements
- Users must be at least 18 years old to create an account on PegasusTrading
- PegasusTrading does not involve opening brokerage accounts, executing trades, or handling funds — it is a journaling and analytics tool for educational and self-improvement purposes
- A parent or legal guardian may create an account on their own behalf and permit their child (aged 13 or older) to use the platform under direct supervision, provided the account remains registered in the parent or guardian's name and the parent or guardian accepts full responsibility for the minor's use of the platform
- We do not knowingly collect personal data directly from anyone under 13 — if we become aware this has occurred, we will take immediate steps to delete the associated data
- The supervising parent or guardian is responsible for ensuring the minor's use complies with all applicable laws
12. Changes to Privacy Policy
We may update this policy to reflect changes in our practices or for legal, regulatory, or operational reasons. Material changes will be communicated to users via email or in-app notification.
The “Last Updated” date at the top will always reflect the most recent revision. Continued use of the platform after changes are communicated constitutes acceptance.
13. Contact & Data Protection Queries
For all privacy-related queries: support@pegasustrading.com