1 Who We Are
Toastlytics (“we”, “us”, “our”) is an AI-powered trading journal platform operated as a privately held company. Our service is accessible at toastlytics.com.
For any privacy-related queries, contact us at hello@toastlytics.com.
2 Data We Collect
Account information
When you register, we collect your name, email address, and a hashed password. If you sign in via Google OAuth, we receive your name and email from Google — we never see your Google password.
Trade data
All trade entries, notes, emotion tags, chart screenshots, and analytics you create are stored on our servers and associated with your account. This is the core data the product runs on.
Broker connection credentials
If you connect a broker (e.g. IBKR Flex Query token), your credentials are encrypted at rest using AES-256 and are never transmitted to third parties or logged.
Usage data
We collect anonymised usage events (e.g. page views, feature interactions) to understand how the product is used and improve it. This data is never sold.
Payment data
Payments are processed by Stripe. We never see or store your card number, CVV, or billing details. We only receive a Stripe customer ID and subscription status.
We do not sell your data. Toastlytics has no advertising business and never will. Your trading data is yours.
3 How We Use Your Data
We use your data solely to provide and improve the Toastlytics service:
- To operate your account and deliver the trading journal features
- To generate AI Coach insights using your trade history as context
- To send transactional emails (account verification, password reset, subscription receipts)
- To send the weekly AI report if you are a Pro subscriber and have not opted out
- To detect and prevent fraud, abuse, or violations of our Terms
- To improve product features using aggregated, anonymised analytics
We will never use your data to train external AI models, sell to data brokers, or share with advertisers.
4 Storage & Security
Your data is stored on Supabase (PostgreSQL), hosted on infrastructure in the Singapore (SG) region to minimise latency for our primary user base in Asia.
- All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Row Level Security is enforced at the database level — your data is isolated from other users at the query level, not just the application layer
- Broker credentials are encrypted with user-specific keys
- Authentication tokens are stored in httpOnly cookies, never in localStorage
- We conduct regular security reviews and apply patches promptly
Despite our best efforts, no system is perfectly secure. If you discover a security vulnerability, please report it to hello@toastlytics.com before disclosing it publicly.
5 Third Parties
We use a small number of trusted third-party services to run Toastlytics. Each receives only the minimum data needed to perform their function:
- Supabase — database, authentication, file storage
- Anthropic — AI inference for the AI Coach feature. Your trade summary is sent as a prompt. Anthropic’s data handling is governed by their API usage policy
- Stripe — payment processing. We share only what Stripe requires to create a subscription
- Vercel — hosting and edge delivery
- Cloudflare R2 — chart screenshot file storage
- Resend — transactional email delivery
- Polygon.io — historical market data for trade replay and MAE/MFE analysis. We send only symbol names and date ranges
We do not share your data with any other third parties. We do not use advertising networks, tracking pixels, or social media SDKs.
6 AI Features & Data
The AI Coach feature sends a structured summary of your trade history (statistics, recent trade details, emotional patterns) to an AI inference API to generate insights.
- We never send your raw personal details (name, email, payment info) to the AI API
- We never send broker credentials to the AI API
- The AI is instructed not to give specific financial advice and to analyse only your past behaviour
- AI-generated responses are not stored permanently — conversation history is retained for 30 days then deleted
Important: The AI Coach is a performance analysis tool, not a financial advisor. Nothing it says constitutes investment advice.
7 Your Rights
You have the following rights over your data at any time:
- Access — request a copy of all data we hold about you
- Export — download your full trade history as CSV from the Settings page at any time, with no frequency limit
- Correction — update or correct any inaccurate data directly in the app
- Deletion — delete your account and all associated data from Settings. Deletion is permanent and processed within 24 hours. Stripe billing data is subject to Stripe’s own retention requirements
- Opt-out — unsubscribe from the weekly AI report at any time from your account settings
- Portability — your CSV export contains all fields in a standard format you can import elsewhere
To exercise any right not available directly in the app, email hello@toastlytics.com. We will respond within 5 business days.
8 Cookies
We use a minimal number of cookies, all strictly necessary to operate the service:
- Authentication cookie — httpOnly, secure, SameSite=Strict. Stores your session JWT. Expires after 1 hour; refreshed automatically while you’re active
- Stripe cookies — set by Stripe during checkout for fraud prevention
We use Google Analytics 4 (GA4) to understand how our visitors interact with the website. This helps us improve the user experience and product features. All data is anonymized, and we do not use advertising or third-party tracking cookies for marketing purposes.
9 Children
Toastlytics is not directed at children under 18. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, please contact us at hello@toastlytics.com and we will delete the account promptly.
10 Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address on your account) and update the “Last updated” date at the top of this page.
Continued use of Toastlytics after a policy update constitutes acceptance of the revised policy. If you disagree with a change, you may delete your account at any time.
11 Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: hello@toastlytics.com
Website: www.toastlytics.com
We aim to respond to all privacy queries within 5 business days.