LEGAL

Privacy Policy

Effective Date: March 22, 2026 · Version 1.0.0

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address, display name, and authentication credentials (stored securely via Supabase Auth). We do not store passwords in plain text.

1.2 Trading Data

When you connect a broker account, we collect trade history, account balance, equity, leverage, and open positions via the MetaAPI service. This data is used solely to provide analytics, journaling, and copy trading features.

1.3 Usage Data

We automatically collect information about your interactions with the Platform, including pages visited, features used, and timestamps. This data helps us improve the Platform experience.

1.4 Legal Consent Data

When you sign legal documents or consent agreements, we capture and store your IP address, browser user-agent string, a hardware identifier hash (derived from non-identifying browser properties), and the timestamp of signing. This data serves as an electronic signature audit trail.

2. How We Use Your Information

  • Provide, maintain, and improve the Platform's features and services.
  • Process and manage your subscription and payments.
  • Display your trading analytics, journal entries, and performance metrics.
  • Enable social features (Agora feed, messaging, leaderboard).
  • Facilitate copy trading between signal providers and subscribers.
  • Send you important notices about your account or the Platform.
  • Detect, prevent, and address fraud, abuse, and security issues.
  • Comply with legal obligations and enforce our Terms of Service.

3. Data Sharing

We do not sell your personal data. We may share data with:

  • Supabase: Our backend-as-a-service provider for authentication and data storage.
  • MetaAPI: For broker connectivity and trade data synchronization.
  • Payment processors: For subscription billing (Stripe or similar).
  • Law enforcement: When required by applicable law, regulation, or legal process.

4. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law (e.g., legal consent audit records, which are retained for 7 years).

5. Data Security

We implement industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, secure authentication via Supabase Auth with row-level security (RLS), and regular security audits. However, no method of electronic transmission or storage is 100% secure.

6. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate personal data.
  • Delete your personal data ("right to be forgotten").
  • Export your data in a machine-readable format (data portability).
  • Object to or restrict certain processing of your data.
  • Withdraw consent at any time.

To exercise these rights, contact us at privacy@gora.trade.

7. Cookies

The Platform uses essential cookies for authentication and session management. We do not use third-party tracking cookies. Analytics data is collected server-side without client-side tracking scripts.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top. Your continued use of the Platform after any changes constitutes your acceptance of the revised policy.

9. Contact

For privacy-related inquiries, contact our Data Protection Officer at privacy@gora.trade.