Privacy Policy

Last updated: 2026-06-14

This Privacy Policy explains what personal information TradeByBar ("we", "us", "the Service") collects, why, who we share it with, and the rights you have over it. It includes specific disclosures for residents of the European Economic Area (EEA), the United Kingdom, and Switzerland under the General Data Protection Regulation (GDPR and UK GDPR), and for residents of California under the California Consumer Privacy Act as amended by the CPRA (collectively, "CCPA"). If you have any privacy question, email support@tradebybar.com.

Who is responsible for your data

The data controller (and "business" under the CCPA) is TradeByBar, an online-only business with no physical storefront. The best way to reach us about your data is by email:

EU / UK representative (GDPR Article 27)

Where Article 27 of the EU GDPR or UK GDPR requires a controller outside the EEA/UK that offers goods or services to, or monitors, individuals in those regions to appoint a representative there, that representative acts as a local point of contact for data subjects and supervisory authorities. Our representative details are:

EEA and UK users may also reach us directly at support@tradebybar.com for any data-protection matter.

What we collect

We do not intentionally collect special-category data (such as health, race, religion, or biometric data) and ask that you not submit it. We do not knowingly collect data from anyone under 18; the Service is not directed to minors.

Why we collect it, and our legal bases

For users protected by the GDPR, we rely on the following legal bases (GDPR Art. 6):

Where we rely on legitimate interests, you have the right to object (see "Your rights"). Where we rely on consent, you may withdraw it at any time without affecting prior processing.

Who we share it with

We share data with the following categories of service providers ("processors"), each only with the data they need to perform their function for us:

We may also disclose data where required by law, to enforce our Terms, or in connection with a merger, acquisition, or sale of assets (you will be notified of any such change). We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

International data transfers

We are based in the United States, and your data is stored and processed there. If you are in the EEA, UK, or Switzerland, your personal data is transferred to a country that may not provide the same level of protection as your own. Where we transfer such data, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses (and the UK Addendum) with our processors. You may request a copy of the relevant safeguard by emailing support@tradebybar.com.

Retention

We keep your data for as long as your account is active. When you delete your account, we remove personal data within 30 days, except where retention is required by law (e.g. tax and accounting records, typically up to 7 years) or is necessary for fraud prevention, security, or the establishment or defense of legal claims. Aggregated or anonymized data that can no longer identify you may be retained indefinitely.

Security

Broker secrets are encrypted at rest with AES-256-GCM. Sessions are stored server-side in Postgres. Passwords are hashed with bcrypt. The Service runs over HTTPS. We recommend you enable two-factor authentication on the Account Settings page. No system is perfectly secure. If we determine a personal-data breach is likely to result in a risk to your rights, we will notify affected users and the relevant supervisory authority as required by law, and within 72 hours of becoming aware where GDPR Article 33 applies and feasible.

Automated decision-making

The Service executes trades automatically based on rules you define. This is automation you configure and control; we do not make automated decisions that produce legal or similarly significant effects about you within the meaning of GDPR Article 22, and we do not use your data for profiling or to evaluate you as a person.

Your rights

Depending on where you live, you may have some or all of the following rights:

To exercise any right, email support@tradebybar.com. We will respond within 30 days (CCPA: within 45 days, extendable once). We may need to verify your identity before acting. You may use an authorized agent to submit a request on your behalf with proof of authorization. There is no fee unless your request is excessive or repetitive.

If you are in the EEA or UK and believe we have mishandled your data, you may lodge a complaint with your local data protection authority, though we ask that you contact us first so we can try to resolve it.

California disclosures (CCPA / CPRA)

In the past 12 months we have collected the following statutory categories of personal information: identifiers (e.g. name, username, email, IP address, Google/Discord identifiers); commercial information (subscription and billing records); financial information (broker connection data and account balances reported by your broker; we treat broker credentials and financial-account access as sensitive personal information); and internet/network activity (usage and log data). We collect this from you directly, from your connected broker and integrations, and automatically as you use the Service. We use it for the purposes described above.

Shine the Light (Cal. Civ. Code § 1798.83): we do not disclose personal information to third parties for their own direct-marketing purposes.

Cookies and tracking

Details of the cookies and analytics we use, and how to control them, are in our Cookie Policy.

Changes

Material changes will be announced via email and on this page. The "Last updated" date at the top tracks the current version.

Contact

Privacy questions and rights requests: support@tradebybar.com.