Privacy Policy

Vorthly is an AI-powered trading journal for traders who want to track performance, study behavior, and review trades with data-driven feedback.

Vorthly is currently operated as a personal project and does not yet have a registered company entity. For GDPR purposes, the data controller is the operator of Vorthly. You can contact us at support@vorthly.com.

• Account information, including email, hashed password, display name, username, bio, and avatar.
• Profile data, including trading style, favorite markets, years trading, and trading goals.
• Trading data, including trades, accounts, brokers, P&L, dates, symbols, direction, and related metrics.
• Broker credentials, encrypted with AES-256-GCM. We strongly recommend using investor-password or read-only access where available.
• Journal entries, including trade thesis, lessons, emotion, tags, notes, and screenshots.
• AI-generated content, including trade analysis and account insights.
• Technical data, including IP address, browser type, device information, and usage logs.
• Cookies and local preferences, including session and preference data. See the Cookie Policy for details.

• To provide and maintain the trading journal service.
• To sync trades from your broker through MetaApi integration.
• To generate AI insights using Google Gemini.
• To process payments in the future through Stripe.
• To send essential service emails, such as account verification and password reset messages.

We do not use your trading data to train AI models. We do not sell your data to third parties.

• Supabase for database, authentication, and storage. Data is hosted in the EU, currently Stockholm.
• Google Gemini API for AI analysis. Data is sent for analysis only and is not retained according to Google's API terms.
• MetaApi for broker sync. Broker credentials are encrypted before transmission.
• Vercel for application hosting.
• Cloudflare for domain and DNS services.
• Stripe for future payment processing.

• Contract: processing necessary to provide the Vorthly service you request.
• Consent: marketing emails and optional communications, where you opt in.
• Legitimate interest: service improvement, security, abuse prevention, and fraud prevention.

• Right to access: download your data anytime via Settings -> Data.
• Right to rectification: edit your profile, journal, and settings data anytime.
• Right to erasure: delete your account in Settings -> Account.
• Right to portability: export your data as JSON anytime.
• Right to object: opt out of non-essential processing where applicable.
• Right to lodge a complaint with your data protection authority.
• For EU users, you may contact Datatilsynet, the Norwegian Data Protection Authority, or your local data protection authority.

• Active accounts: data is retained while your account remains active.
• Deleted accounts: data is deleted within 30 days.
• Backups: data may persist for up to 90 days in encrypted backups.
• Anonymous analytics or aggregated technical data may be retained for service improvement.

• Data is encrypted in transit using TLS and stored with encryption at rest where supported by our providers.
• Broker credentials are encrypted with AES-256-GCM.
• Passwords are hashed and managed through Supabase authentication.
• Database access is protected by Row Level Security policies.
• We recommend using investor-password or read-only broker access when connecting brokers.

Primary data storage is hosted through Supabase in EU-North-1, Stockholm. Some services, including Google AI and Vercel, may process or transfer data outside the EU under appropriate safeguards such as Standard Contractual Clauses.

Vorthly is not intended for users under 18. We do not knowingly collect personal data from minors.

We may update this Privacy Policy as Vorthly develops. Material changes will be notified by email where appropriate. Continued use after notification constitutes acceptance of the updated policy.

For privacy questions or data subject requests, contact support@vorthly.com.