Pendulum Trader
Legal · Privacy

Privacy Policy.

What we collect, why we collect it, and the controls you have over your data.

Last updated: April 8, 2026

Pendulum Trader (“Pendulum Trader,” “we,” “us,” or “our”) operates the website at pendulumtrader.com and the associated AI trading psychology platform (together, the “Service”). This Privacy Policy explains what personal data we process, the legal basis for doing so, how we share it, and the rights you have under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other applicable privacy laws.

If you do not agree with this Privacy Policy, please do not use the Service.

1. Who is the data controller

The data controller for personal data processed through the Service is Dhawal Patel, operating Pendulum Trader as a sole proprietorship based in New Jersey, United States. You can contact the data controller at any time at support@pendulumtrader.com. A formal postal address will be published here once finalized; until then, please use the email address above for all privacy requests, including Data Subject Access Requests under GDPR, CCPA, or other applicable privacy laws.

2. Data we collect

We collect the following categories of personal data, grouped by source:

2.1 Data you give us directly

  • Account information: name, email address, hashed password, and any profile details you provide at signup.
  • Trading journal content: trades you import or enter manually, session logs, emotional incidents, body check-ins, daily reflections, beliefs, values, journal entries, and any free-text notes you write inside the Service.
  • AI coach conversations: messages you send to the AI coach and the coach's responses, stored to provide conversation history and personalize future sessions.
  • Payment information: if you subscribe to a paid plan, billing is handled by Stripe. We do not store full card numbers — Stripe returns a tokenized customer ID and the last four digits.
  • Communications: the contents of emails you send us and any support tickets you file.

2.2 Data we collect automatically

  • Usage data: pages visited, features used, approximate timestamps, and interaction patterns inside the authenticated app.
  • Device and log data: IP address, browser type, operating system, referring URL, and error logs. Logs are retained for a limited period for security and debugging.
  • Cookies and similar technologies: see our Cookie Policy for the full list.

2.3 Data from third parties

  • Broker imports: if you connect or upload data from a broker or trading platform, we process the trade data you import. We do not receive credentials for your brokerage account.
  • Auth providers: if you sign in with an OAuth provider, we receive your email, name, and a provider-issued user ID.

3. How we use your data

We use personal data for the following purposes, under the following legal bases under GDPR Article 6:

  • Providing the Service (contract, Art. 6(1)(b)): authenticating you, storing your trading data, running the AI coach, generating insights, and processing payments.
  • Improving the Service (legitimate interests, Art. 6(1)(f)): aggregate analytics, debugging, security monitoring, and usability research. We never train third-party AI models on your private trading data.
  • Communicating with you (contract + legitimate interests): transactional emails (account, billing, password resets), and responding to your support requests.
  • Marketing emails (consent, Art. 6(1)(a)): if you opted in to our newsletter or educational dispatches. You can withdraw consent at any time via the unsubscribe link in every marketing email or at pendulumtrader.com/unsubscribe.
  • Legal compliance (legal obligation, Art. 6(1)(c)): fraud prevention, tax records, responding to lawful requests from authorities.

4. How we share your data

We do not sell your personal data. We do not share your trading journal, AI coach conversations, or emotional data with advertisers. We share limited personal data only with the following categories of service providers (“sub-processors”) who process it on our behalf under contract:

  • Supabase — authentication and primary database hosting.
  • Vercel — application hosting and edge delivery.
  • Stripe — payment processing and subscription billing.
  • Resend — transactional and marketing email delivery.
  • Anthropic — the AI model provider powering the coach. Coach prompts are processed under Anthropic's zero-retention agreement where available; conversations are not used to train models.
  • Plausible Analytics — privacy-preserving, cookieless web analytics for the marketing site.
  • Google Analytics 4 — additional marketing-site analytics. GA4 is only loaded after you grant cookie consent.

A current sub-processor list is available on request at support@pendulumtrader.com.

5. International transfers

Some of our sub-processors are located in the United States. When we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to the U.S., we rely on the Standard Contractual Clauses (SCCs) adopted by the European Commission and, where applicable, the EU-U.S. Data Privacy Framework. You can request a copy of the safeguards in place by emailing support@pendulumtrader.com.

6. How long we retain your data

  • Account data: retained for as long as your account is active. If you delete your account, we remove or anonymize account data within 30 days, except where longer retention is required by law.
  • Trading journal content: retained for the life of the account. Deleted entries are purged from backups within 30 days.
  • Billing records: retained for up to seven (7) years to comply with tax and financial record-keeping obligations.
  • Marketing list entries: retained until you unsubscribe or for 24 months of inactivity, whichever comes first.
  • Server logs: rotated and deleted within 90 days.

7. Your rights under GDPR

If you are in the European Economic Area, United Kingdom, or Switzerland, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Rectify inaccurate or incomplete data (Art. 16).
  • Erase your data (“right to be forgotten”, Art. 17).
  • Restrict processing (Art. 18).
  • Portability — receive your data in a machine-readable format (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent at any time for consent-based processing.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email support@pendulumtrader.com. We will respond within 30 days. We do not charge a fee for reasonable requests.

8. Your rights under CCPA / CPRA (California residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, and — we never sell or share personal information for cross-context behavioral advertising.
  • Access and receive a copy of your personal information.
  • Delete your personal information.
  • Correct inaccurate personal information.
  • Limit the use of “sensitive personal information” (we do not use sensitive personal information for secondary purposes).
  • Be free from discrimination for exercising these rights.

Do Not Sell or Share My Personal Information: Pendulum Trader does not sell personal information and does not share it for cross-context behavioral advertising. If this changes, we will update this policy and provide a dedicated opt-out link. To make a CCPA request, email support@pendulumtrader.com with the subject line “CCPA Request”.

9. Security

We use industry-standard safeguards including TLS in transit, encryption at rest via our hosting providers, hashed passwords, role-based access controls, and least-privilege database access. No online service can guarantee absolute security; you are responsible for keeping your password confidential and using a strong, unique password.

10. Children's privacy

The Service is not directed to individuals under 18. We do not knowingly collect personal data from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Automated decision-making

The Service includes automated analysis of your trading journal and emotional data (e.g., tilt risk scoring, shadow trader personas). These analyses are provided for informational and educational purposes and do not produce legal or similarly significant effects on you within the meaning of GDPR Article 22. You can disable specific features in your account settings.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and posted here with an updated “Last updated” date. Continued use of the Service after a change constitutes acceptance.

13. Contact us

Questions or complaints about this Privacy Policy? Email support@pendulumtrader.com. Every message reaches a real person.

Privacy PolicyTerms of ServiceRisk DisclaimerCookie Policy← Back to home