Skip to content
TradeConfidenceby Nefes Labs

Privacy Policy

How TradeConfidence collects, uses, and protects your data.

Effective date: May 25, 2026·Version 1.0

Our Privacy Commitment

TradeConfidence is a behavioral performance product built on a single principle: you should have no reason not to share your data with us. Your trading history, your emotional state, and your private conversations with the AI Mentor are some of the most sensitive information you possess. We treat them that way. We do not sell your data. We do not use your data to train external AI models. You own your data, you can export it at any time, and you can delete it completely. This document explains exactly how we handle every category of information you entrust to us.

The Short Version

  • We never sell your data — not aggregated, not anonymized, not ever.
  • Your conversations with the AI Mentor are not used to train external AI models.
  • We never store your broker password. OAuth tokens are encrypted at rest.
  • MT4/MT5 statement files are deleted after processing; only trade data is kept.
  • You can export all your data at any time.
  • Account deletion removes all your personal data from our servers within 30 days.
  • We do not provide financial advice, signals, or clinical mental-health treatment.

1. Who We Are

TradeConfidence (the "Service", "we", "us", "our") is operated by Nefes Labs (the "Company"). Nefes Labs is the data controller for personal information processed through the Service. References in this Policy to the "Service" include the tradeconfidence.ai website, any subdomains, the AI Mentor chat, the user dashboard, the Behavioral Journal, broker-integration features, and any related applications. Nefes Labs is a digital psychology holding company that also operates Nefes, an online psychology clinic. TradeConfidence is an independent product. Data collected through TradeConfidence is processed only for TradeConfidence — it is not combined with any data processed by Nefes or any other Nefes Labs product unless we obtain your explicit consent. For data protection questions, contact us at privacy@tradeconfidence.ai. For all other matters, contact hello@tradeconfidence.ai. Our registered legal entity name and postal address are listed under "Contact" at the end of this document.

2. Scope of This Policy

This Policy applies to personal data we collect when you visit the Service, create an account, use the platform, contact us, or interact with our communications. It does not apply to third-party websites, broker platforms, or services we do not control, even when linked from our Service. Those services are governed by their own privacy policies, which you should review separately.

3. Information We Collect

We collect only the information we need to operate the Service and to deliver the personalized mentoring experience you signed up for. Categories of data we may collect:

Account Information

  • Email address (required for sign-in and security notifications).
  • Display name and chosen mentor persona.
  • Hashed password (we never store passwords in plain text). If you sign in through a third-party identity provider, we receive only the identifiers that provider supplies.
  • Locale, time zone, and language preference.

Onboarding & Behavioral Profile

  • Answers to the 12–15 question onboarding personality assessment.
  • Derived behavioral archetype and Trader Profile, used to personalize AI Mentor messaging.
  • Self-reported trading experience, instruments traded, and goals.

Trading Data

  • Closed-trade history imported via cTrader OAuth (symbol, direction, entry/exit prices, size, timestamps, profit/loss, fees).
  • Trade history extracted from MT4/MT5 statement files you upload.
  • Manually-logged trades and journal entries (including the emotional state and rationale you record).
  • Derived metrics: discipline score, behavioral pattern detections, performance benchmarks against your own historical baseline.

AI Mentor Conversations

  • Messages you send to the AI Mentor and the responses generated.
  • Pre-trade consultation queries ("Should I enter now?") and the contextual data evaluated for each query.

Usage & Device Data

  • IP address (truncated for analytics where supported), browser user agent, operating system, device type, and screen size.
  • Pages viewed, features used, session duration, and approximate session location (country-level, derived from IP).
  • Diagnostic logs and crash reports.

Payment Data

  • Plan selected, billing currency, and billing history.
  • We do not see or store full payment-card numbers. Card details are collected directly by our payment processor (e.g., Stripe) which is PCI-DSS compliant. We receive only a tokenized reference and the last four digits.

Communications

  • Emails you send us, support tickets, and survey responses.
  • Preferences for marketing or product-update emails.

Cookies & Similar Technologies

  • Strictly-necessary cookies for sign-in sessions and security.
  • Functional cookies for locale, theme, and consent state.
  • Analytics cookies (only with your consent where required by law).

4. What We Never Collect or Store

We engineered the Service so that the most sensitive credentials never touch our systems.

  • We never store your broker username or password.
  • We never have the ability to place, modify, or cancel a trade in your broker account.
  • We never see your account balance, deposits, withdrawals, or banking details unless they appear inside a statement file you choose to upload — and we extract only the trade rows from that file.
  • We do not collect biometric data, government-issued ID numbers, or special-category personal data (such as health, religion, or political opinions) unless you voluntarily place it inside a journal entry, in which case you may delete it at any time.
  • We do not access your phone contacts, microphone, camera, or location beyond country-level inference from your IP address.

5. How We Use Your Information

We process personal data only for the purposes listed below.

  • Provide the Service: authenticate you, render your dashboard, run pattern detection, generate AI Mentor responses, store your journal entries, and produce your weekly behavioral report.
  • Personalize mentoring: tailor messaging, checklists, and interventions to your behavioral archetype and historical performance.
  • Detect destructive trading patterns (revenge, impulsive, over-risking, emotional escalation, dopamine chasing) and trigger the corresponding interventions.
  • Operate broker integrations and process statement uploads.
  • Send service messages (security alerts, billing receipts, important changes to the Service or this Policy).
  • Send marketing or product-update emails only if you have opted in, and only until you opt out.
  • Improve the Service through aggregate, de-identified analytics. We do not use your individual identifiable conversations or trade data to retrain general-purpose AI models.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations and enforce our Terms of Service.

6. Legal Bases for Processing

Where the GDPR, UK GDPR, Turkish KVKK, or a similar regime applies to you, we rely on the following legal bases:

  • Performance of a contract — to provide the Service you signed up for.
  • Legitimate interests — to secure the Service, prevent abuse, improve product quality through aggregate analytics, and communicate essential service information. We balance these interests against your rights and freedoms.
  • Consent — for optional marketing emails, non-essential cookies, and any processing of special-category data you voluntarily provide. You can withdraw consent at any time.
  • Legal obligation — to retain certain records (e.g., tax records, billing history) for the period required by applicable law.
  • Vital interests — only in narrow circumstances where processing is necessary to protect someone's life.

7. Who We Share Information With

We do not sell your personal data. We share information only with the categories of recipient listed below, and only to the extent necessary for the purpose described.

Sub-processors (vendors who help us operate the Service)

  • Cloud hosting and database providers, used to run the Service infrastructure.
  • AI model providers, used to generate AI Mentor responses. We instruct these providers to process inputs for the sole purpose of returning a response, not to retain content for model training. We also enforce this via contract where the provider supports it.
  • Payment processors (e.g., Stripe), used to handle subscription billing.
  • Email and notification providers, used for transactional and (where opted in) marketing messages.
  • Error monitoring and product analytics providers, configured to minimize personal data collection.

Broker and trading platforms

  • When you connect a broker via OAuth (e.g., cTrader), we exchange the data necessary to import your closed-trade history. The broker's privacy policy governs the data they hold about you.
  • If you upload an MT4/MT5 statement, the file is processed locally on our servers, trade rows are extracted, and the original file is deleted.

Legal and safety

  • We may disclose information when required by valid legal process (court order, subpoena, lawful regulatory request) or when necessary to protect the rights, safety, or property of TradeConfidence, our users, or the public. We will challenge requests we believe are overbroad and notify you where legally permitted.

Business transfers

  • If TradeConfidence is involved in a merger, acquisition, financing, or asset sale, personal data may be transferred as part of that transaction. The successor entity will be bound by terms at least as protective as this Policy, and we will notify you of any material change.

With your direction

  • We will share information with third parties when you explicitly direct us to (for example, exporting your data to a tool you choose).

8. AI Mentor & Behavioral Analysis

The AI Mentor uses large language models to generate responses to your messages. To do this, we send the model the content of your message together with relevant context from your account (your behavioral archetype, recent trading activity, and the conversation history of the current session). We do not send your real name, email address, or payment information to the model. Your conversations are stored so you can return to them. You can clear individual messages or your entire chat history from inside the Service. We do not use the content of your AI Mentor conversations or your individual trade history to train or fine-tune general-purpose AI models, and we contractually require our model providers to process inputs only to return a response. Weekly behavioral reports, pattern detections, and discipline scores are produced entirely from your own data and are visible only to you.

9. How Long We Keep Your Data

We keep personal data only as long as needed for the purposes described above.

  • Account data: for the lifetime of your account.
  • Journal entries, trade history, and AI Mentor conversations: for the lifetime of your account, unless you delete them earlier.
  • MT4/MT5 statement files: deleted automatically after trade data is extracted (no copy of the original file is retained).
  • Billing records: for the period required by applicable tax and accounting law (typically up to ten years in Türkiye).
  • Security and audit logs: typically up to 12 months, longer if required to investigate an incident.
  • Marketing preferences: until you opt out, then we keep a minimal suppression record to honor your opt-out.
  • On account deletion: all personal data is removed from production systems within 30 days. Encrypted backups containing residual data are retained on a rolling schedule and overwritten in the ordinary course; we do not restore deleted accounts from backups.

10. Security

We take reasonable and appropriate technical and organizational measures to protect your information.

  • All traffic between your browser and the Service is encrypted in transit (HTTPS / TLS).
  • Sensitive fields, including OAuth tokens, are encrypted at rest.
  • Broker passwords are never stored.
  • Access to production systems is restricted to a small number of authorized personnel and is logged.
  • We follow secure-development practices, run dependency audits, and respond to reported vulnerabilities promptly.
  • We will notify you and the relevant authority of a personal-data breach in line with applicable law.

11. International Data Transfers

TradeConfidence is operated from Türkiye and serves users in multiple regions. Some of our sub-processors are located outside your country of residence, including in the United States and the European Union. Where personal data is transferred internationally and a specific legal regime applies (for example, the EU/UK GDPR or KVKK), we put in place the safeguards required by that regime — which may include the European Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, KVKK-compliant transfer commitments, and additional technical measures such as encryption. You can request information about the safeguards in place for a specific transfer by contacting privacy@tradeconfidence.ai.

12. Your Rights

You have the following rights with respect to your personal data. We aim to honor these rights for every user wherever practicable. Some of the rights below are guaranteed by specific laws — such as the GDPR (EU/UK), KVKK (Türkiye), CCPA/CPRA (California), and LGPD (Brazil) — and apply to you if and to the extent that the relevant law applies.

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — ask us to delete your data (subject to limited legal-retention exceptions).
  • Portability — receive your data in a structured, machine-readable format, and request that we send it to another service.
  • Restriction — ask us to limit how we use your data while a request is being resolved.
  • Objection — object to processing based on legitimate interests, including direct marketing.
  • Withdraw consent — at any time, without affecting the lawfulness of processing carried out before withdrawal.
  • Complain — lodge a complaint with the data protection authority of your country (for Türkiye: the Personal Data Protection Authority — KVKK).
  • Automated decisions — request human review of any decision produced solely by automated processing that has a legal or similarly significant effect on you. The AI Mentor produces educational guidance only and does not take legally significant decisions about you.

To exercise any of these rights, email privacy@tradeconfidence.ai from the email address on your account or use the in-product Export / Delete controls. We respond within 30 days. We may need to verify your identity before acting.

13. Cookies & Similar Technologies

We use cookies and similar technologies for three purposes: to keep you signed in (strictly necessary), to remember your preferences (functional), and — only with your consent where required — to understand aggregate product usage (analytics). You can change your cookie preferences at any time from the cookie banner or your account settings. Blocking strictly-necessary cookies may prevent the Service from working.

14. Children

The Service is intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact privacy@tradeconfidence.ai and we will delete it.

15. Regional Notices

Türkiye (KVKK)

If you are located in Türkiye, you have the rights set out in Article 11 of Law No. 6698 on the Protection of Personal Data (KVKK), including the right to learn whether your personal data is processed, to request information, to learn the purpose of processing, to request correction or deletion, and to object to results produced by automated analysis. The Turkish-language version of this Policy will be published on this page as part of our localization roadmap; until then, the English text is the operative version for Turkish users, and you may contact privacy@tradeconfidence.ai in Turkish.

European Economic Area / United Kingdom

For users in the EEA or UK, Nefes Labs acts as data controller for personal data it processes through the Service. You may lodge a complaint with your local supervisory authority. Where we transfer personal data outside the EEA or UK to a country without an adequacy decision, our standard approach is to rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) together with additional technical and organizational safeguards.

California

California residents have the right to know what personal information we collect, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of the "sale" or "sharing" of personal information (we do not sell or share for cross-context behavioral advertising), and the right to non-discrimination.

16. Changes to This Policy

We may update this Policy from time to time. When we make a material change, we will notify you by email or through an in-product notice at least 14 days before the change takes effect, and we will update the "Effective date" at the top of this page. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

17. Contact

Privacy questions: privacy@tradeconfidence.ai General contact: hello@tradeconfidence.ai Data Controller: Nefes Labs Registered office: [Company legal name and registered address — to be confirmed before public launch.] If you do not receive a satisfactory response, you have the right to lodge a complaint with the data protection authority in your country of residence.