We do not sell your trading journal data.

Your journal is yours. We use your data only to provide, secure, support, and improve Jurnl-It.

1. Overview

Jurnl-It is a trading journal and analytics service operated from Portugal for users in Portugal, the European Union, and other countries. This Privacy Policy explains how we collect, use, disclose, protect, and retain personal data when you use our website, app, support channels, and paid Pro features.

For users in the European Economic Area, United Kingdom, and Switzerland, Jurnl-It acts as the data controller for account, billing, support, product usage, and journal data we process to provide the service. We process personal data under the GDPR and applicable Portuguese data protection rules.

2. Data we collect

Account data: name, display name, email address, timezone, language, plan status, billing email, account preferences, and authentication records handled by our auth provider, such as password hashes and sign-in events.

Journal data: trades, symbols, dates, entry and exit details, P/L, risk values, screenshots, notes, process reviews, tags, attachments, failed process item information, execution logs, review settings, and other information you choose to save in your trading journal.

Payment data: subscription plan, billing cycle, renewal date, invoice status, payment method metadata, and Stripe customer or subscription identifiers. We do not store full card numbers, CVC codes, or complete payment credentials.

Technical and security data: IP address, device and browser information, authentication events, session state, error logs, support messages, and security-related activity needed to protect the service.

Cookie and browser storage data: essential login/session storage, remember-me preference, cookie consent preference, and app settings such as theme, layout, and table preferences.

3. How we use data

We use personal data to create and secure accounts, authenticate users, store and display journal entries, calculate dashboards and insights, process subscriptions, respond to support requests, prevent abuse, troubleshoot issues, and maintain the reliability of the service.

We may use aggregated or anonymized information to understand product performance, improve features, and identify common usage patterns. We do not use journal content to provide financial advice, and we do not sell personal data.

5. Service providers and transfers

We use trusted service providers to operate Jurnl-It. Current providers include Supabase for authentication, database, storage, and server functions; Vercel for hosting, website analytics, and speed insights; Stripe for payment processing and billing; Resend for support email delivery; and Sentry for error monitoring and reliability diagnostics.

These providers process personal data on our behalf or as independent controllers where applicable. If personal data is transferred outside the EEA, we rely on appropriate safeguards such as adequacy decisions, standard contractual clauses, or equivalent transfer mechanisms.

6. Account security

We use authentication controls, HTTPS/TLS encrypted transport in production, access controls, database security rules, monitoring, and other safeguards designed to protect your personal data. Some journal content may also be protected by app-level encryption features where enabled.

We do not store plaintext passwords. Password login is handled through Supabase Auth, which stores one-way password hashes rather than reversible passwords.

You are responsible for using a strong password, keeping your credentials confidential, and promptly notifying us if you suspect unauthorized access to your account.

7. Data retention

We keep account and journal data while your account is active or as needed to provide Jurnl-It. If you delete your account, we will delete or anonymize personal data within a reasonable period, usually within 30 days, unless a longer period is required for billing, tax, security, fraud-prevention, dispute, or legal purposes.

Billing records may be retained for the period required by Portuguese and EU accounting and tax laws. Backups and logs may persist for a limited time before routine deletion.

8. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, object to processing, port your data, withdraw consent, and lodge a complaint with a supervisory authority. In Portugal, the supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD).

You can request privacy assistance by contacting us. We may need to verify your identity before fulfilling certain requests.

9. Contact us

For privacy questions, requests, or legal notices, contact us at support@jurnl-it.com.