Last updated: April 2026
PsychEdge is operated by [LEGAL ENTITY NAME], [address], Germany.
Privacy contact: privacy@psychedge.xyz
Account data: email address, name, authentication data (via Supabase Auth / Google OAuth).
Psychological assessment data: responses to our 62-question trading psychology test. This data reveals aspects of your behavioral and psychological profile in financial contexts. Under GDPR Art. 9 this may qualify as sensitive personal data and is treated with heightened protection accordingly.
Trading history data: trade records uploaded via CSV: symbols, position sizes, P&L figures, entry/exit timestamps, exchange names, leverage.
AI-generated content: Action Plans, Post-Trade Debriefs, Weekly Reviews generated based on your profile and trading data.
Technical data: IP address, browser type, device type, session data, error logs.
| Processing Activity | Legal Basis |
|---|---|
| Account creation and core service | Art. 6(1)(b) GDPR: contract performance |
| Psychological assessment | Art. 6(1)(a) + Art. 9(2)(a) GDPR: explicit consent |
| Trading data storage and analysis | Art. 6(1)(b) GDPR: contract performance |
| AI-generated content | Art. 6(1)(b) GDPR: contract performance |
| Product improvement (anonymized/pseudonymized data only) | Art. 6(1)(f) GDPR: legitimate interest |
| Security and fraud prevention | Art. 6(1)(f) GDPR: legitimate interest |
| Legal compliance | Art. 6(1)(c) GDPR: legal obligation |
Regarding psychological assessment data: before beginning the assessment, we obtain your explicit, freely given, specific, and informed consent via a dedicated consent action, separate from and prior to general Terms acceptance. You may withdraw this consent at any time by deleting your assessment results in your account settings or by contacting privacy@psychedge.xyz. Withdrawal does not affect the lawfulness of prior processing but will result in deletion of your psychological profile and derived AI content.
Core service: We process your account data, psychological profile, and trading history to generate personalized behavioral analytics, Action Plans, Debriefs, and Reviews.
AI processing via Anthropic: We use Anthropic's Claude API for content generation. Your psychological profile and relevant trading metrics are transmitted to Anthropic's API as part of this process. Anthropic acts as a data processor under a Data Processing Agreement. Data is processed in the United States under Standard Contractual Clauses (Art. 46(2)(c) GDPR). Anthropic's privacy policy: anthropic.com/privacy
Product improvement: We use aggregated, anonymized or pseudonymized data to improve our algorithms and develop new features. We will not use your identifiable personal data for AI model training without separate explicit consent.
All sub-processors are bound by Data Processing Agreements:
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Supabase Inc. | Database and authentication | EU / US | DPA + SCCs |
| Anthropic PBC | AI content generation | United States | DPA + SCCs |
| DigitalOcean LLC | Server hosting | EU (Frankfurt) | DPA + SCCs |
| [Email provider] | Transactional email | [Location] | DPA + SCCs |
We do not sell your data. We do not share your data with advertisers.
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 30 days after deletion |
| Psychological assessment data | Until consent withdrawn or account deleted |
| Trading history data | Duration of account + 30 days after deletion |
| AI-generated content | Duration of account + 30 days after deletion |
| Server and technical logs | 90 days |
| Support communications | 3 years (statutory limitation periods) |
| Billing data (when applicable) | 10 years (§147 AO German tax law) |
You have the following rights under GDPR. We respond within 30 days (Art. 12 GDPR):
To exercise any right: privacy@psychedge.xyz
Right to lodge a complaint: You may complain to your national data protection authority. In Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), bfdi.bund.de. UK users: Information Commissioner's Office (ICO), ico.org.uk.
We use only technically necessary cookies for session management and authentication. No advertising cookies, no third-party tracking pixels, no behavioral analytics.
PsychEdge is not directed at persons under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.
We implement appropriate technical and organizational measures under Art. 32 GDPR including TLS encryption in transit, encryption at rest for sensitive data, AES-256-GCM encryption for API credentials, and strict access controls. In the event of a personal data breach affecting your rights, we will notify you and the competent supervisory authority as required under Art. 33/34 GDPR.
The Service is in public Beta. Data processing operations are functional but carry a higher operational risk than production systems. We recommend maintaining your own records of any trade data or insights you consider important. This notice does not limit our obligations under GDPR.
We will notify registered users by email of material changes at least 14 days before they take effect. Continued use of the Service after that date constitutes acceptance.