MindGuard Privacy Policy

1. Who we are

MindGuard is an independent software product operated by a solo founder, providing an AI-powered trading psychology coach through a Chrome browser extension and web services.

Website: https://mindguardai.io
Contact: legal@mindguardai.io

For the purposes of GDPR and CCPA, MindGuard acts as the "data controller" for personal data processed about users of the service.

2. What this policy covers

This Privacy Policy applies when you install or use the MindGuard Chrome extension, create or access a MindGuard account, use the AI coach, visit the website, or otherwise interact with MindGuard services.

MindGuard connects to supported trading platforms (currently Tradovate; NinjaTrader and additional platforms coming soon) to observe your trading activity. This policy does not apply to the trading platforms themselves — Tradovate, NinjaTrader, your broker, or other connected services have their own privacy policies that govern their data handling.

3. Data we collect

3.1 Account and contact data

• Name (if provided during registration or profile setup)
• Email address (required for account creation, login, and communication)

3.2 Broker platform data

• Trading activity from your connected broker platform (currently Tradovate; NinjaTrader and others coming soon): entries, exits, position size, timestamps, P&L
• Behavioral metadata: frequency and velocity of clicks, scrolling, and keystrokes within the Tradovate trading interface — used solely for emotional pattern detection. MindGuard does NOT record or store the content of keystrokes (no keylogging). Only timing metadata (speed, frequency, hesitation) is measured.
• WebSocket network data: The extension uses the Chrome Debugger API (CDP) to intercept WebSocket frames sent between your browser and Tradovate. This is used exclusively to extract your Tradovate session token and real-time order/position events for psychology analysis. MindGuard does not store raw WebSocket payloads — only the structured trade data derived from them. Chrome will display a "MindGuard started debugging this browser" banner continuously while the extension is actively monitoring trades; this is a standard Chrome notification for extensions using this API and does not indicate any security issue.

3.3 Psychological and profiling data Sensitive Information

• Answers to onboarding questionnaires about trading habits, goals, and risk tolerance
• Self-reported emotional and mental state data (mood check-ins, stress levels, session notes)
• Daily Mental Score (0–100): A composite score calculated from your trading activity, bias violations, emotional indicators, and behavioral patterns. This score measures psychological discipline — not trading profitability. The score and its component breakdowns are stored in your account for the duration of your subscription.
• Inferred psychological patterns (e.g., emotional bias tendencies, stress response indicators) derived from trading behavior and self-reports

Important: MindGuard is a behavioral productivity tool, not a clinical mental health service. The "mental" data we collect describes trading psychology and discipline — not clinical diagnoses, medical conditions, or mental illness. If you are experiencing mental health difficulties, please consult a qualified healthcare professional.

3.4 AI coach interaction data

• Chat conversation history with the AI coach, including your messages and generated responses
• Feedback you provide on AI responses

3.5 Technical and usage data

• Browser type, extension version, language settings, operating system, approximate region
• Log data: timestamps of logins, API calls, and errors associated with your account
• IP address and user agent: Your IP address and browser user-agent are recorded at login, logout, and password change events for security auditing (detecting unauthorized access) and fraud prevention. IP addresses are automatically purged after 30 days and are never used for advertising, profiling, or sold to third parties.

4. How we use your data

• Authenticating you and maintaining your MindGuard account
• Detecting psychological bias patterns (revenge trading, FOMO, overconfidence) and generating personalized insights
• Powering the AI coach for post-trade debriefs and mental performance coaching
• Sending transactional emails (welcome, password reset) via our email provider
• Maintaining security, preventing fraud, and improving the service
• Complying with legal obligations

MindGuard does not sell your personal data and does not share your data with Tradovate, your broker, or other trading platforms.

5. Legal bases for processing (GDPR)

• Contract: To provide the MindGuard service you requested
• Legitimate interests: To maintain, improve security, and develop new features
• Consent: For optional questionnaires and mental health disclosures — withdrawable at any time
• Legal obligation: To comply with applicable laws

6. Third-party services

6.1 Core service infrastructure

• Anthropic Claude API: AI processing for coach responses and trade debrief analysis. Relevant conversation context and trade data may be sent to Anthropic as a data processor under a Data Processing Agreement (DPA). Anthropic processes this data solely to provide the API service and does not use your data to train its models. Anthropic's data processing commitments and sub-processor list are documented at anthropic.com/privacy.
• Neon.tech (via Vercel Storage): PostgreSQL database hosting for account data, trading features, and conversation metadata. Provisioned through Vercel's Storage marketplace with Neon as the underlying provider.
• Upstash Redis: In-memory cache used for rate limiting, JWT access-token revocation (logout/password change), and short-lived application caches. Stores hashed token fingerprints and request counters keyed by user ID or IP — never raw tokens or message content.
• Resend: Transactional email delivery (verification, welcome, password reset, daily/weekly summaries, trade debrief emails).
• Paddle: Payment processing for subscription billing. Paddle acts as the Merchant of Record and processes your payment details directly — MindGuard does not store credit card numbers.
• Render: Cloud infrastructure hosting for the backend API.
• Vercel: Static website hosting, deployment, and managed database provisioning (Neon).
• Sentry: Error monitoring and crash reporting. Sentry receives server error details (HTTP status codes, error messages, request paths, stack traces). Sensitive fields (passwords, tokens, API keys, encrypted credentials, authorization headers) are automatically redacted before transmission.
• Databento: Historical futures market data provider (OHLCV bars) used to power the Trade Replay and backtesting features. Only instrument symbols and timeframes are sent — no account identifiers, user IDs, or personal data.
• AWS KMS (production only): Envelope encryption for broker credentials when KMS_KEY_ID is configured. A per-user data-encryption key (DEK) is generated locally, used to encrypt broker fields with AES-256-GCM, and the DEK itself is wrapped with KMS. The plaintext DEK exists only briefly in memory during a read operation.
• Google Chrome: Extension distribution and runtime platform.

6.2 Analytics and marketing (opt-in only)

The following services are loaded only after you accept the cookie banner on the website. If you decline, none of them run and no data is sent. These services do not run inside the Chrome extension.

• Google Analytics 4: Aggregate website traffic and conversion measurement. IP anonymization is enabled (anonymize_ip: true). No trading data or email addresses are sent.
• PostHog: Product analytics for dashboard feature usage. After login we send a distinct_id (your user ID), your email, and your subscription plan so we can segment feature usage. No trading data or AI conversation content is sent. You can opt out at any time by clearing cookies or asking us to disable your profile.
• TikTok Pixel: Conversion tracking for marketing campaigns. Receives pageview events only — no account identifiers, trading data, or email addresses.

All vendors are contractually limited to using your data only to provide services to MindGuard. Analytics vendors are loaded exclusively after cookie consent.

7. Data sharing

MindGuard may share your data only with:

• Service providers performing services on our behalf (under written agreements)
• Professional advisors (lawyers, accountants) where necessary
• Authorities when required by valid legal process
• Acquirers in connection with a merger or sale of assets (with prior notice)

8. Data retention

• Account and profile data: Retained while your account is active. When you request account deletion, your account enters a 7-day cooling-off period during which you can cancel the request by logging back in. After the 7 days elapse, a daily job permanently removes your account and all linked records (trades, alerts, mental scores, conversations, broker credentials, goals, debriefs, bias profiles, refresh tokens). Encrypted platform-level backups (managed by our database provider) may retain copies for up to 30 days for disaster recovery purposes only and are inaccessible to MindGuard staff.
• Trading data and mental scores: Retained for the entire duration of your subscription. The historical window shown in the dashboard is tier-limited (Free: 7 days, Pro: 90 days, Elite: unlimited) — data outside that window is not displayed but may remain in the database for internal integrity, export-on-request, and restoration if you upgrade. All trading data is permanently removed on account deletion.
• AI conversation history: Retained while your account is active. Permanently deleted upon account deletion.
• Refresh tokens: Issued with a 30-day TTL. Expired tokens are purged by a daily cleanup job. Logging out, changing your password, or deleting your account revokes all active refresh tokens immediately.
• IP address and login event logs: Login-event records (which include IP and user-agent) are retained for 30 days for security monitoring and unauthorized-access detection, then purged by a daily cleanup job. The IP and user-agent attached to an active refresh token are removed when that token expires or is revoked (at most 30 days from issuance). IPs are never used for advertising, profiling, or sold to third parties.
• Server logs: Application logs are streamed to our infrastructure providers (Render for backend, Vercel for website) and to Sentry for error traces. Retention is governed by those providers' default policies (typically 7–30 days for hosting logs, 30–90 days for Sentry error events). MindGuard does not persist raw logs in its own database.

When data is no longer needed, MindGuard deletes or anonymizes it.

9. Cookies, chrome.storage, and tracking pixels

9.1 Chrome extension

The extension does not set browser cookies. It uses chrome.storage.local to store settings, cached trade data, and your Tradovate session token locally on your device. It also uses the Chrome Debugger Protocol (chrome.debugger) to intercept WebSocket frames — this causes Chrome to show a debugging banner while monitoring is active. You can clear locally stored data through your browser settings or by uninstalling the extension.

9.2 Website cookies and analytics

The marketing website uses a cookie consent banner. Until you accept, no analytics or marketing scripts load. If you accept, we load:

• Google Analytics 4 with anonymize_ip: true — aggregate pageview and conversion measurement.
• PostHog — product analytics for logged-in dashboard users. After you log in we send your user ID, email, and subscription plan to PostHog so we can understand which features you use.
• TikTok Pixel — conversion attribution for marketing campaigns (pageview-level events only).

The essential session cookie used for authentication (mg_cookie_consent in localStorage, and the JWT cookies used after login) is strictly necessary to operate the service and is set without a consent prompt, in line with GDPR/ePrivacy guidance on strictly necessary cookies.

You can revoke consent at any time by clearing your browser's site data for mindguardai.io — the banner will re-appear on your next visit.

10. Your rights

GDPR (EU/UK/EEA users)

• Access, rectification, erasure, restriction, portability, and objection
• Right not to be subject to solely automated decision-making with significant effects
• Right to withdraw consent and to lodge a complaint with your local data protection authority

CCPA/CPRA (California residents)

Do Not Sell or Share My Personal Information: MindGuard does not sell, rent, or share your personal information with third parties for cross-context behavioral advertising. There is nothing to opt out of. If this changes, we will update this policy and provide an explicit opt-out mechanism before doing so.

• Right to know, access, delete, and correct personal information
• Right to opt-out of sale or sharing — MindGuard does not sell or share personal data
• Right to limit use of sensitive personal information
• Right to non-discrimination for exercising privacy rights

To exercise any CCPA right, email legal@mindguardai.io with subject "CCPA Request". We will respond within 45 days.

How to delete your account and data

You can request account deletion directly from Dashboard → Settings → Security → Delete Account — no email required. After you confirm with your password, your account enters a 7-day cooling-off period during which you can cancel the deletion by logging back in (useful protection against unauthorized deletions or accidental clicks). Once the 7 days elapse, a daily job permanently deletes your account, trading data, AI conversation history, psychological profile, broker credentials, and all linked records. You can also request immediate deletion (bypassing the cooling-off period) or manual deletion by emailing legal@mindguardai.io with the subject line "Account Deletion Request". Local data stored by the Chrome extension can be cleared immediately by uninstalling the extension.

To exercise any other right, email legal@mindguardai.io.

11. Security

MindGuard applies application-level AES-256-GCM encryption to the most sensitive fields — broker API keys and secrets, broker account identifiers, Tradovate OAuth tokens, and TOTP (2FA) seeds — so these values are unreadable even with direct database access. The remainder of the database (trade records, mental scores, bias profiles, chat history) is protected by provider-level encryption at rest supplied by our database host (Neon) and infrastructure providers. Data in transit is secured with TLS 1.2+. Passwords are never stored — only bcrypt hashes (cost 12). Additional controls include JWT access-token rotation with an Upstash-backed revocation list, fully parameterized SQL queries, a strict CORS allowlist (no wildcard origins), multi-tier rate limiting, and login-attempt lockouts. The Chrome extension follows Manifest V3 requirements with no remote code execution. No security practice can guarantee complete protection; we will notify you and relevant authorities of breaches where required by law.

For a full technical description of our security controls, see our Security Whitepaper.

12. Children's privacy

MindGuard is intended for adults engaged in trading and is not directed to children under 16. We do not knowingly collect data from children under 16.

13. International data transfers

MindGuard's servers and third-party processors may be located outside your country of residence (including the United States). Where data is transferred outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards as required by applicable data protection law.

14. Chrome Web Store Limited Use Disclosure

MindGuard's use and transfer of information received from Google APIs and Chrome extension permissions adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Specifically:

• MindGuard only requests permissions necessary to provide trading psychology analysis
• Data obtained through Chrome APIs is used solely to provide and improve MindGuard's core functionality
• Data is not sold to third parties, used for advertising, or used for creditworthiness determinations
• Data is not transferred to third parties except as necessary to provide the service, comply with law, or as part of a merger/acquisition with adequate user notice
• Human access to user data is limited to debugging, support responses, or legal obligations

15. AI and automated processing

MindGuard uses AI (powered by Anthropic Claude) to analyze your trading patterns, detect cognitive biases, and generate coaching insights. This processing is automated but does not make binding decisions about you — all alerts, scores, and recommendations are informational only. You are always free to disregard them.

AI processing involves sending relevant context (trade data, behavioral signals, conversation history) to Anthropic's API. Anthropic processes this data as a sub-processor and does not retain it for model training. Full details: Anthropic Privacy Policy.

16. Data Processing Agreements (DPA)

Where required by applicable law (including GDPR Article 28), MindGuard maintains Data Processing Agreements with third-party processors that handle personal data on our behalf. Key processors and their DPA status:

• Anthropic: DPA in place. Anthropic processes conversation context and trade data solely to provide API responses. Anthropic does not train models on your data. Anthropic Privacy Policy
• Neon.tech (via Vercel): DPA in place (Neon is SOC 2 Type II certified). Processes account, trading, and conversation data as our primary database provider. Data is hosted in the United States.
• Resend: DPA in place. Processes email addresses and email body content solely to deliver transactional emails.
• Upstash: DPA in place. Processes short-lived cache entries (hashed token fingerprints, rate-limit counters) as our Redis provider.
• Sentry: DPA in place. Processes redacted error traces for debugging.
• Paddle: Operates as Merchant of Record — Paddle is an independent controller for payment data, not a processor. Paddle's privacy policy governs their handling of payment information.
• Render / Vercel: Infrastructure providers acting as processors. Data is hosted on servers in the United States with appropriate SCCs for EU/UK data transfers.
• Databento: Market data provider. Acts as an independent controller for public market data; no personal data is sent.
• AWS KMS (production only): Sub-processor for key management when envelope encryption is enabled. Processes only wrapped encryption keys — no user data.
• Google Analytics 4, PostHog, TikTok: Loaded on the marketing website after cookie consent. Each operates under its own DPA / privacy policy. See Section 9.2.

To request a copy of a specific DPA or processor sub-agreement, contact legal@mindguardai.io.

17. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Effective date" above and may be communicated via email or in-app notice.

18. Contact

Email: legal@mindguardai.io
Website: https://mindguardai.io