Skip to content
v3 redesign is live — welcome to the trading cockpit.
Market updates, stock news, and futures insights — 3x/week, freeSubscribe free
Skip to content
nexural
Start free
build.logtraders.online=2,166trades.60s=74swings.ranked=308edge.latency_ms=42ms
// privacy

Plain-English data policy. No dark patterns.

What we collect, why, who we share it with, and how to delete it. GDPR + CCPA aligned. Bulk-export your journal anytime, paid or not. 18-month default retention. Same-hour deletion on request.
document
version
v3.0
updated
May 8, 2026
sections
10
governing
Massachusetts, USA
signed · in production
01Who this covers02What we collect03Why we use it04Who we share with05Your rights06How long we keep it07Security posture08International transfers09Children10Changes to this policy
01

Who this covers

This policy explains how Nexural ("we", "us", "our") collects, uses, stores, and shares personal data when you visit nexural.io, create an account, subscribe to a paid plan, read the book, use the AI copilot, or interact with any of our public surfaces (changelog, status page, research notes, GitHub repos, Discord).

The data controller is Nexural, operated by Jason Teixeira, a sole proprietor based in Massachusetts, USA. You can reach the data controller at privacy@nexural.io. This is a real inbox; expect a reply within 24 hours on weekdays.

02

What we collect

We collect the minimum data needed to run the platform you signed up for. The categories below cover everything we touch.

Account data

  • Email address, display name, and password hash.
  • Country of residence (for VAT/sales-tax determination).
  • OAuth provider IDs (Google, GitHub) if you sign in via SSO.

Billing data

  • Stripe customer ID, subscription tier, billing cycle, and invoice history. Card numbers and bank details are stored by Stripe — we never see them.
  • VAT / GST identifiers if you provided one at checkout.

Trading data

  • Trade entries (instrument, side, size, fill price, time, tags) you upload, log via the journal UI, or import from your broker.
  • Notes, screenshots, and Sage AI conversations attached to those trades.
  • Watchlists, alert configurations, and saved scans.

Usage telemetry

  • Pages visited, features used, and approximate timing data via privacy-respecting first-party analytics. No third-party session-replay tools.
  • IP address (truncated after 30 days), browser user agent, and device class. Used for rate-limiting, fraud prevention, and aggregate analytics.

Support data

  • Email correspondence, contact-form submissions, and Discord DMs you initiate with the team.
We do not collect: precise geolocation, biometrics, your contact list, your microphone or camera, or any social-graph data beyond what you explicitly publish (e.g. a public journal entry).
03

Why we use it

  • Provide the service — run your account, render the journal, generate AI replies, send alerts. (lawful basis: contract performance)
  • Process payments — charge cards, issue invoices, handle refunds, comply with tax law. (lawful basis: contract + legal obligation)
  • Improve the platform — debug, ship features, run aggregate analytics. We aggregate and pseudonymize before any analytics review. (lawful basis: legitimate interest)
  • Communicate — send transactional email (receipts, password resets), product updates if you opted in, and reply to your support messages. (lawful basis: contract + consent for marketing)
  • Protect the platform — rate-limit abuse, detect fraud, comply with KYC/AML where applicable. (lawful basis: legitimate interest + legal obligation)
  • Legal compliance — respond to lawful requests, retain records where required. (lawful basis: legal obligation)
We do not use your trading data to train public AI models, sell ads, or share with third-party data brokers. Period.
04

Who we share with

We use the following subprocessors to operate the platform. Each handles a single, scoped purpose and is bound by a data processing agreement.

  • Supabase (USA) — primary database and authentication. Hosts your account record, journal entries, and indicator configurations.
  • Vercel (USA) — edge hosting and CDN. Sees IP and user-agent for HTTP requests; does not see decrypted journal data.
  • Stripe (USA) — payment processing, tax calculation, invoicing. PCI-DSS Level 1.
  • Resend (USA) — transactional and marketing email delivery. Sees only the address and the message body we send.
  • OpenAI / Anthropic — large-language-model providers that power Sage AI. We redact direct identifiers from prompts where possible and never include billing data. Providers are bound by zero-data- retention agreements; queries are not used to train base models.
  • Sentry (USA) — crash and error reporting. Sees stack traces; we scrub personally identifiable strings before transmission.
  • PostHog (self-hosted) — product analytics. Aggregated event counts only; no session replay.

Outside this list we do not share personal data with anyone except to comply with valid legal process, to protect the rights or safety of users and the public, or with your prior consent. We will challenge overbroad requests where appropriate.

05

Your rights

Whether GDPR, CCPA, or another framework applies to you, we honor the same rights for everyone:

  • Access — see every row of data we hold about you. Request via /account/data or by email.
  • Export — bulk- download your journal, indicators, and Sage AI history as JSON or CSV. Available anytime, paid or not, from /account/data.
  • Delete — request deletion of your account and all associated data. Processed within 7 days; same-hour for urgent cases. Some financial records (invoices, tax documents) are retained as required by law for up to 7 years.
  • Correct — fix any inaccurate data via your account settings or by emailing privacy@.
  • Port — receive your data in a portable, machine-readable format (JSON).
  • Object — opt out of marketing email at any time via the unsubscribe link in every message.
To exercise any right, write to privacy@nexural.io from the email on your account. We will not require you to create a ticket, sign up for a portal, or call a phone number.
06

How long we keep it

  • Active accounts — we keep data as long as your account exists.
  • After cancellation — read-only access for 90 days, then hard-delete on a rolling basis. You may request immediate deletion any time.
  • Support email — 18 months for continuity, then deleted.
  • Financial records — invoices, tax records, and chargeback evidence retained per applicable law (typically 7 years).
  • Telemetry — IP addresses truncated after 30 days; aggregated metrics retained indefinitely without identifiers.
07

Security posture

  • All traffic over HTTPS / TLS 1.2+. Strict transport security enforced.
  • Database encryption at rest (AES-256). Backups encrypted with separate keys.
  • Single-sign-on for the team. Production secrets stored in a hardware-backed secret manager.
  • Principle of least privilege. Two-person review on any production database access.
  • Public security disclosures via /status and a 72-hour breach-notification SLA where required.
08

International transfers

Our infrastructure is primarily US-based. Where personal data of EU/UK residents is transferred to the US or other third countries, transfers are covered by Standard Contractual Clauses (SCCs) approved by the European Commission, the UK International Data Transfer Addendum, or an equivalent adequacy mechanism. Contact us for a copy of the relevant agreements.

09

Children

Nexural is intended for adults who can legally trade futures and options in their jurisdiction. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have data on a minor, contact us and we will delete it immediately.

10

Changes to this policy

We may update this policy as the platform evolves. Material changes (anything that expands what we collect, share, or retain) will be announced 30 days in advance via email and posted to /changelog. The version number and last-updated date at the top of this page reflect the most recent change.

Questions?

Email privacy@nexural.io. If you are not satisfied with our reply, you may lodge a complaint with your local data-protection authority.