TradeControlTradeControlLog in
Back to home

Privacy Policy

Last updated: March 28, 2026

1. Introduction

TradeControl (“we,” “our,” or “us”) operates the TradeControl platform at app.tradecontrol.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

  • Email address and name (provided during registration)
  • Encrypted password (hashed with bcrypt; we never store plaintext passwords)
  • Timezone preference

Trading Account Data

  • Tradovate account credentials (encrypted at rest using AES-256-GCM)
  • Tradovate OAuth access tokens (encrypted at rest)
  • Account balances, positions, and order data retrieved from Tradovate APIs
  • Risk rule configurations you set within TradeControl

Automatically Collected Data

  • IP address and browser user-agent (for security and abuse prevention)
  • Browser fingerprint data (for fraud prevention only; not used for tracking)
  • Login timestamps and session data

3. How We Use Your Information

  • Provide, operate, and maintain the TradeControl service
  • Connect to your Tradovate accounts via API or OAuth to monitor positions and enforce risk rules
  • Send transactional emails (password resets, event alerts, system notifications)
  • Detect and prevent fraud, abuse, and unauthorized access
  • Improve our platform based on aggregated, anonymized usage patterns

4. Tradovate Integration

When you connect a Tradovate account via OAuth, TradeControl requests permission to access:

  • Contract Library — to identify traded instruments
  • Orders — to monitor and manage open orders
  • Positions — to monitor open positions and enforce risk rules
  • Account Information — to retrieve account balances and equity data
  • Your User Information — to identify your Tradovate username
  • Account Risk Settings — to read platform-level risk parameters

We only access data necessary to provide risk management services. We do not sell, share, or transfer your trading data to any third parties. OAuth tokens are encrypted at rest and can be revoked at any time from your Tradovate account settings.

5. Data Security

  • All Tradovate credentials and OAuth tokens are encrypted using AES-256-GCM before storage
  • Passwords are hashed with bcrypt (cost factor 12)
  • All data in transit is encrypted via TLS/HTTPS
  • Multi-factor authentication (TOTP) and passkey/WebAuthn support
  • Rate limiting, bot detection, and IP-based abuse prevention on all authentication endpoints
  • Regular security audits via our internal audit trail system

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention audit logs may be retained for up to 12 months).

7. Third-Party Services

We use the following third-party services:

  • Tradovate — trading platform API integration
  • Stripe — payment processing (we never store card details)
  • Google — optional SSO authentication
  • Have I Been Pwned — password breach checking (only password hash prefixes are sent; your password never leaves our server)

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your account and associated data
  • Revoke Tradovate OAuth access at any time via your Tradovate account settings
  • Export your risk rule configurations

9. Cookies

We use essential cookies for authentication and session management only. We do not use advertising or tracking cookies. Session cookies are encrypted and expire when you log out or after a period of inactivity.

10. Children's Privacy

TradeControl is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our platform. Your continued use of TradeControl after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us through the support ticket system in your TradeControl dashboard or email us at [email protected].