Privacy Policy

Effective Date: 2026-05-06 · Version 1.0 · Bridge Trading

    Plain-English Summary: We collect what we need to run the platform (your email, account settings, trade journal entries you enter). We don't sell your data. We don't store your card number — Stripe handles that. You can delete your account and all your data at any time.
  

1. Who This Applies To

This Privacy Policy describes how Bridge Trading ("Bridge," "we," "us," or "our") collects, uses, and handles information when you use the Bridge Trading platform at bridgetrading.ai. By creating an account, you agree to this policy.

2. What Data We Collect

Data Type	What We Collect	Why
Account	Email address, hashed password (Argon2id — never plaintext), subscription tier, account creation timestamp, ToS acceptance timestamp	Account creation, authentication, billing
Session & Technical	IP address (at login), user-agent string (browser/OS), session JWT tokens	Security, fraud prevention, rate limiting
Platform Usage	Watchlist tickers you add, trade journal entries you create (stored in trades.jsonl), AI chat message history with The Analyst, settings preferences	Platform functionality — to make the tools work for you
Billing	Stripe customer ID, subscription status, billing history	Subscription management. We never store card numbers. Stripe holds all payment data under their PCI-compliant systems.

3. What We Do NOT Collect

We do not collect your brokerage account credentials or positions — you enter trade data manually.
We do not collect credit card numbers, CVV codes, or full card details — Stripe handles payment processing.
We do not collect your real name, phone number, or address (unless you voluntarily provide them to support).
We do not build advertising profiles or sell your data to third parties.
We do not use tracking pixels or cross-site advertising cookies.

4. How We Use Your Data

Account operation: Authenticate you, manage your subscription, display your trade journal and settings.
AI features: Your watchlist tickers and market context are sent to The Analyst AI (via Anthropic's API) to generate educational analysis. Anthropic processes this data per their API data processing agreement. Message history is stored on our servers to maintain your conversation context.
Security: IP addresses and user-agent strings are used to detect suspicious login activity and enforce rate limits.
Communication: We send transactional emails (account verification, password reset, billing receipts). We do not send marketing emails without your opt-in.
Product improvement: Aggregated, anonymized usage patterns (e.g., which tabs are most used) may be analyzed to improve the platform. This is never at the individual-user level.

5. Who We Share Data With

We do not sell your personal data. We share data only with the service providers necessary to run the platform:

Anthropic — Receives your AI chat messages and market context data to power The Analyst AI feature. Governed by Anthropic's API data processing terms.
Stripe — Receives your email and billing info to process payments. Stripe is PCI Level 1 certified.
Hosting provider — The servers your data lives on. Infrastructure-level access only; no data processing.

We may disclose your data if required by law, valid legal process, or to protect the rights and safety of Bridge or its users.

6. Data Retention

Active accounts: Your data is retained as long as your account is active.
After deletion request: When you delete your account, we initiate a soft delete — your account is deactivated immediately and your data is marked for deletion. Hard deletion (permanent removal from all systems) occurs within 30 days.
Trade journal & AI history: Deleted with your account. We do not retain trade data after hard deletion.
Billing records: Stripe retains transaction records per their retention policy (typically 7 years) for legal and tax compliance. We retain invoices for the same period.
Server logs: IP and access logs are retained for up to 90 days for security purposes, then deleted.

7. Your Rights — Deletion, Access, and Opt-Out

Delete your account: You can delete your account at any time via Settings → Account → Delete Account. All your data (trade journal, watchlist, AI history, profile) will be permanently deleted within 30 days.

Request a copy of your data: Email [email protected] with subject "Data Export Request." We will provide a copy of your stored data within 30 days.

CCPA (California residents): You have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise your rights, email [email protected] with subject "CCPA Request."

GDPR (EU/EEA residents): We do not currently offer the platform to EU residents. If you are in the EU, you should not create an account. If you believe you have GDPR rights with respect to data we hold, email [email protected] with subject "GDPR Request." We will respond within 30 days.

General opt-out / contact: For any privacy question or request: [email protected]

8. Security

We take reasonable measures to protect your data:

Passwords are hashed with Argon2id — never stored in plaintext.
All connections use HTTPS/TLS encryption.
JWTs use short expiry windows and refresh rotation to limit token theft blast radius.
User data is fully isolated — one user cannot access another user's data.
Login endpoints are rate-limited to prevent brute-force attacks.

No system is 100% secure. In the event of a data breach affecting your personal information, we will notify you by email within 72 hours of discovery (to the extent legally required).

9. Cookies

Bridge uses only essential cookies: session authentication tokens (JWT stored in a secure, httpOnly cookie or localStorage). We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Children's Privacy

Bridge is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe we have collected data from a minor, contact us at [email protected] and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy. We will notify you by email or platform notice of material changes. Continued use after the effective date constitutes acceptance of the updated policy.

12. Contact

Privacy questions and requests:
[email protected]
Subject line: "Privacy Request"