T
TradeLeader
Last updated April 26, 2026

Privacy Policy

TradeLeader ("we," "us," "our") provides portfolio intelligence software for self-directed investors. This Privacy Policy explains what we collect, why we collect it, how we use it, and your rights regarding your data.

1. Summary

  • We collect only what we need to operate the product — your account info, the brokerage data you connect, and basic usage telemetry.
  • We never see your brokerage password. SnapTrade handles that.
  • We don't sell your data. Ever.
  • We don't use your data to train third-party AI models.
  • You can export or delete everything any time, in-app.

2. Data we collect

2.1 Account information

  • Name, email address, password (stored as a bcrypt hash).
  • MFA secret if you enable two-factor authentication.
  • Subscription and billing information (managed by Stripe — we never see your card number).
  • Tax filing context you provide (filing status, state, bracket) used solely to compute estimated tax for your account.

2.2 Brokerage and financial data

  • Holdings, transactions, tax lots, dividend history, cash balances — pulled via SnapTrade for the brokerage accounts you choose to connect.
  • Manually entered positions (e.g., 401(k), RSUs) you add directly.
  • Connection tokens issued by SnapTrade. These tokens are read-only by default and cannot move money.

We do not collect Social Security numbers, bank account or routing numbers, brokerage credentials, or any other secrets. SnapTrade handles brokerage authentication; we receive only the data tokens authorize.

2.3 Usage telemetry

  • Pages viewed, features used, error reports — used to improve the product and diagnose issues.
  • IP address and user-agent string for fraud prevention and abuse mitigation.
  • We do not embed third-party advertising trackers, fingerprinting libraries, or session-replay tools.

3. How we use your data

  • To operate, maintain, and improve TradeLeader.
  • To generate the analytics, alerts, briefs, and recommendations the product provides — all derived from your own data.
  • To communicate with you about your account, security, billing, and product updates.
  • To comply with legal and regulatory obligations.

4. Who we share data with

We share data only with sub-processors required to deliver the service:

  • Vercel — application hosting (US-based, SOC 2 Type II).
  • Supabase — primary database (US-based, SOC 2 Type II).
  • SnapTrade — brokerage connectivity (Canadian, SOC 2 Type II).
  • Polygon.io — market data (we send symbols only; no PII).
  • Resend — transactional email delivery.
  • Stripe — payment processing.

The full sub-processor list and any updates are published on our Security page.

We do not sell your data. We do not share it with advertisers, data brokers, or marketing partners. We do not use your portfolio data to train any third-party AI models.

We may disclose data when legally required (subpoena, court order) or to protect TradeLeader's rights, users, or safety. We will notify affected users unless legally prohibited.

5. Where data lives

Primary data is stored in the United States. Brokerage connection tokens are managed by SnapTrade in Canada. Backups are encrypted and retained for 7 days.

6. Security

TLS 1.3 in transit; AES-256 at rest. MFA available. Secrets stored in encrypted environment variables. See our Security page for complete details, including our compliance roadmap.

7. Your rights

You can, at any time:

  • Access — view all data we hold about you, in-app.
  • Export — download your data in JSON or CSV.
  • Correct — edit account info and manual entries.
  • Delete — permanently remove your account and associated data. We confirm deletion within 30 days.
  • Disconnect — revoke any brokerage connection from your settings, your broker, or SnapTrade directly.

If you are a California resident, you have rights under the CCPA/CPRA. If you are in the EU/UK, you have rights under GDPR. To exercise these rights, contact privacy@tradeleader.io.

8. Cookies and similar technologies

We use first-party cookies for authentication and session management only. We do not use advertising cookies. We do not respect Do Not Track headers because we do not track users for advertising in the first place.

9. Children

TradeLeader is not intended for users under 18. We do not knowingly collect data from children under 18. If you believe a child has provided us data, contact privacy@tradeleader.io and we will delete it.

10. Retention

We retain your data while your account is active. After deletion, we keep necessary records (billing, tax) for up to 7 years to satisfy legal obligations, then delete them. Backups are purged on a 7-day rolling cycle.

11. Changes to this policy

If we make material changes, we will notify users by email at least 14 days before the change takes effect. The current version is always available at this URL. The "Last updated" date at the top reflects the most recent change.

12. Contact

Questions, concerns, or requests:
privacy@tradeleader.io

Effective date: April 26, 2026. We may update this policy from time to time; material changes will be communicated by email at least 14 days before they take effect.