LEGAL

Privacy Policy

Last updated: April 2026

1. Controller

PsychEdge is operated by [LEGAL ENTITY NAME], [address], Germany.

Privacy contact: privacy@psychedge.xyz

2. Data We Collect

Account data: email address, name, authentication data (via Supabase Auth / Google OAuth).

Psychological assessment data: responses to our 62-question trading psychology test. This data reveals aspects of your behavioral and psychological profile in financial contexts. Under GDPR Art. 9 this may qualify as sensitive personal data and is treated with heightened protection accordingly.

Trading history data: trade records uploaded via CSV: symbols, position sizes, P&L figures, entry/exit timestamps, exchange names, leverage.

AI-generated content: Action Plans, Post-Trade Debriefs, Weekly Reviews generated based on your profile and trading data.

Technical data: IP address, browser type, device type, session data, error logs.

3. Legal Bases

Processing ActivityLegal Basis
Account creation and core serviceArt. 6(1)(b) GDPR: contract performance
Psychological assessmentArt. 6(1)(a) + Art. 9(2)(a) GDPR: explicit consent
Trading data storage and analysisArt. 6(1)(b) GDPR: contract performance
AI-generated contentArt. 6(1)(b) GDPR: contract performance
Product improvement (anonymized/pseudonymized data only)Art. 6(1)(f) GDPR: legitimate interest
Security and fraud preventionArt. 6(1)(f) GDPR: legitimate interest
Legal complianceArt. 6(1)(c) GDPR: legal obligation

Regarding psychological assessment data: before beginning the assessment, we obtain your explicit, freely given, specific, and informed consent via a dedicated consent action, separate from and prior to general Terms acceptance. You may withdraw this consent at any time by deleting your assessment results in your account settings or by contacting privacy@psychedge.xyz. Withdrawal does not affect the lawfulness of prior processing but will result in deletion of your psychological profile and derived AI content.

4. How We Use Your Data

Core service: We process your account data, psychological profile, and trading history to generate personalized behavioral analytics, Action Plans, Debriefs, and Reviews.

AI processing via Anthropic: We use Anthropic's Claude API for content generation. Your psychological profile and relevant trading metrics are transmitted to Anthropic's API as part of this process. Anthropic acts as a data processor under a Data Processing Agreement. Data is processed in the United States under Standard Contractual Clauses (Art. 46(2)(c) GDPR). Anthropic's privacy policy: anthropic.com/privacy

Product improvement: We use aggregated, anonymized or pseudonymized data to improve our algorithms and develop new features. We will not use your identifiable personal data for AI model training without separate explicit consent.

5. Sub-processors

All sub-processors are bound by Data Processing Agreements:

ProcessorPurposeLocationSafeguard
Supabase Inc.Database and authenticationEU / USDPA + SCCs
Anthropic PBCAI content generationUnited StatesDPA + SCCs
DigitalOcean LLCServer hostingEU (Frankfurt)DPA + SCCs
[Email provider]Transactional email[Location]DPA + SCCs

We do not sell your data. We do not share your data with advertisers.

6. Retention Periods

Data CategoryRetention Period
Account dataDuration of account + 30 days after deletion
Psychological assessment dataUntil consent withdrawn or account deleted
Trading history dataDuration of account + 30 days after deletion
AI-generated contentDuration of account + 30 days after deletion
Server and technical logs90 days
Support communications3 years (statutory limitation periods)
Billing data (when applicable)10 years (§147 AO German tax law)

7. Your Rights

You have the following rights under GDPR. We respond within 30 days (Art. 12 GDPR):

Access (Art. 15)
Obtain a copy of all personal data we hold about you
Rectification (Art. 16)
Correct inaccurate data
Erasure (Art. 17)
Request deletion of your data
Restriction (Art. 18)
Restrict processing in certain circumstances
Portability (Art. 20)
Receive your data in machine-readable format (JSON/CSV)
Objection (Art. 21)
Object to processing based on legitimate interests
Withdraw consent (Art. 7(3))
At any time, without affecting prior lawful processing

To exercise any right: privacy@psychedge.xyz

Right to lodge a complaint: You may complain to your national data protection authority. In Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), bfdi.bund.de. UK users: Information Commissioner's Office (ICO), ico.org.uk.

8. Cookies

We use only technically necessary cookies for session management and authentication. No advertising cookies, no third-party tracking pixels, no behavioral analytics.

9. Children

PsychEdge is not directed at persons under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us immediately.

10. Security

We implement appropriate technical and organizational measures under Art. 32 GDPR including TLS encryption in transit, encryption at rest for sensitive data, AES-256-GCM encryption for API credentials, and strict access controls. In the event of a personal data breach affecting your rights, we will notify you and the competent supervisory authority as required under Art. 33/34 GDPR.

11. Beta Notice

The Service is in public Beta. Data processing operations are functional but carry a higher operational risk than production systems. We recommend maintaining your own records of any trade data or insights you consider important. This notice does not limit our obligations under GDPR.

12. Changes to This Policy

We will notify registered users by email of material changes at least 14 days before they take effect. Continued use of the Service after that date constitutes acceptance.

Contact: privacy@psychedge.xyz