LEGAL
Privacy Policy
Last updated: July 8, 2026
This policy explains what personal data HoneTrade (the trading-journal service at honetrade.com, operated from Vietnam— “we”, “us”) collects, how we use it, and the choices you have. While we complete a brand transition, parts of the product still display the name “TradeLora” — it is the same Service and the same operator.
1. Information we collect
- Account data. Your email address and password. Passwords are never stored in plain text — they are held in hashed form by our authentication provider (Supabase). If you sign in with Google instead, we receive your name, email address, and profile picture from Google.
- Profile data. A display name and an optional avatar image.
- Trading data you add. Trading accounts (broker, platform, account number, base currency, balance), trades (symbols, direction, volumes, prices, profit and loss, notes, tags, ratings), and journal entries (title, text, mood rating, tags, linked trades, and images you attach).
- Broker connection credentials (optional).If you connect a MetaTrader 5 account: the server name, login, and investor (read-only) password. These are encrypted with AES-256-GCM before storage, are never sent to or readable by your browser, and are used only on our servers to fetch your trade history. Disconnecting deletes them.
- Subscription data. Your plan tier. When paid billing launches, payments will be handled by a payment processor such as Stripe — we would store subscription identifiers, never your full card number.
- Technical data. The essential cookies described below, and standard infrastructure logs (IP address, browser user-agent, request timestamps) kept by our hosting providers for security and reliability.
2. What we don't do
- No third-party analytics or advertising trackers run on the site — no Google Analytics, no ad pixels.
- We do not sell or rent your personal data to anyone.
- We do not share your trading data with anyone except the service providers listed below, who process it on our behalf to run the Service.
3. How we use your information
- To provide the Service: store your trades and journals and compute your statistics and dashboards.
- To sync trade history from a broker account you chose to connect.
- To send transactional emails such as sign-up confirmation and password reset.
- To keep the Service secure and prevent abuse.
- To comply with legal obligations.
4. Cookies
We only use cookies that are strictly necessary: authentication cookies that keep you signed in (set by Supabase Auth) and a timezone cookie so times render in your local timezone. Because there are no advertising or analytics cookies, the site does not show a cookie-consent banner.
5. Where your data lives
These providers process data on our behalf to run the Service:
- Supabase — database, authentication, and file storage.
- Vercel — application hosting.
- Cloudflare — DNS, content delivery, and security.
- Amazon Web Services — the server that performs read-only MetaTrader sync.
- Google — only if you choose to sign in with Google.
Depending on where you live, this means your data may be stored and processed outside your country.
6. A note on journal images
Images you attach to journal entries are stored at long, unguessable URLs. They are not listed or indexed anywhere public, but anyone who has the exact link to an image could view it. Please avoid attaching images that contain sensitive personal information.
7. How long we keep data
We keep your data for as long as your account is active. If you ask us to delete your account, we remove your data from live systems promptly and from backups within about 30 days, keeping only minimal records where the law requires it.
8. Your rights
You can ask us to access, correct, export (in a machine-readable format), or delete your personal data at any time by emailing [email protected]. We may need to verify your identity, and we respond within 30 days. Depending on where you live, local law (such as the GDPR in the EU) may give you additional rights, including the right to complain to a supervisory authority.
9. Security
Data is encrypted in transit (TLS) and at rest. Broker credentials get an additional layer of AES-256-GCM encryption, and database row-level security ensures each user’s data is accessible only to them. No system is perfectly secure, but if a breach affects your personal data we will notify you as required by law.
10. Children
The Service is not directed at anyone under 18, and we do not knowingly collect data from them. If we learn that we have, we will delete it.
11. Changes to this policy
We may update this policy from time to time. The “Last updated” date above always reflects the current version, and we will notify you by email or in-app notice before material changes take effect.
12. Contact
Privacy questions or requests: [email protected]. See also our Terms of Use.