Privacy Policy

PatternPilotAI ("we," "us," or "our") is an AI-powered chart analysis platform that helps traders identify patterns and generate trade plans. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

This policy covers all data collected through our website, application, and related services. We are committed to protecting your privacy and being transparent about our data practices.

By using PatternPilotAI, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

We collect the following types of information:

• Account Data: Your name, email address, and password (stored as a secure bcrypt hash, never in plain text).
• Chart Uploads: Images you upload for AI-powered chart analysis.
• Analysis Results: AI-generated trade plans and pattern detections stored in your account.
• Journal Data: Trade journal entries created by Pro subscribers.
• Usage Data: Features used, analysis counts, and session activity to help us improve the Service.
• Payment Data: Subscription and billing information processed by Stripe. We do not store your credit card numbers on our servers.
• Technical Data: IP address, browser type, device information, and operating system collected automatically when you access the Service.
• Contact Form Submissions: Any messages or inquiries you send through our contact form.

We use the information we collect to:

• Provide, maintain, and improve the AI chart analysis service
• Process payments and manage your subscription
• Send transactional emails such as account verification, payment receipts, and service alerts
• Respond to your support inquiries and contact form submissions
• Enforce our Terms of Service and prevent abuse
• Analyze usage patterns to improve the Service (in aggregate, not individually)

We do NOT use your data to train AI models. Your uploaded charts and analysis results are used solely to provide the Service to you.

We do NOT sell your data to third parties. Your personal information is never sold, rented, or traded to advertisers, data brokers, or any other third party.

Your data is stored on secure servers using industry-standard infrastructure. Our database is hosted on MongoDB via Northflank, and file storage for chart images uses Cloudflare R2.

We employ the following security measures:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Password Hashing: Passwords are hashed using bcrypt and are never stored in plain text.
• Access Controls: Authentication and authorization are required for all data access, both by users and internal systems.
• Regular Reviews: We regularly review our security practices to identify and address potential vulnerabilities.

While we take reasonable measures to protect your data, no system is completely secure. We cannot guarantee absolute security of your information.

We use a limited number of third-party services to operate PatternPilotAI. Each service only receives the data necessary for its specific function:

• Stripe: Payment processing for Pro subscriptions. Stripe handles all credit card data directly. See Stripe's Privacy Policy.
• SendGrid: Transactional email delivery for account verification, receipts, and notifications. See SendGrid's Privacy Policy.
• Cloudflare R2: Secure file storage for uploaded chart images. See Cloudflare Privacy Policy.
• AI Analysis Provider: Chart images are sent to our AI provider for analysis processing. Images are processed in real time and are not stored by the provider beyond the processing session.

We do not use advertising networks, and we do not employ analytics services beyond basic server logs.

PatternPilotAI uses a minimal approach to cookies and tracking:

• Essential Cookies: We use HTTP-only, secure session cookies for authentication and session management. These are strictly necessary for the Service to function.

We do not use:

• Advertising cookies
• Third-party tracking scripts
• Facebook Pixel or similar social media trackers
• Google Analytics (not implemented at launch)

If we introduce any optional analytics or tracking in the future, we will update this Privacy Policy and provide you with clear notice and the ability to opt out.

We retain your data for the following periods:

• Account Data: Retained while your account is active and for a reasonable period after account closure for legal compliance.
• Chart Uploads and Analysis: Retained while your account is active. Pro users have unlimited history. Free users can access 30 days of history, though older data may be retained on our servers.
• Journal Data: Retained while your account is active.
• Contact Form Submissions: Retained for 2 years.
• GDPR Requests: Retained for 5 years per compliance requirements.

After account deletion, all user data is permanently removed from our systems within 30 days, except where retention is required by law.

You have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of any inaccurate or incomplete data.
• Right to Deletion: Request permanent deletion of your personal data.
• Right to Export: Request a portable copy of your data, available through your account settings and via our GDPR form.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Object: Object to certain types of data processing.
• Right to Withdraw Consent: Withdraw your consent to data processing at any time where consent is the legal basis.

You can exercise these rights through your account settings or by submitting a request through our GDPR Data Request form. We will respond to all valid requests within 30 days.

PatternPilotAI processes personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Contract Performance: Processing necessary to provide the Service you have subscribed to.
• Legitimate Interest: Processing necessary to improve the Service, ensure security, and prevent fraud.
• Consent: Processing based on your explicit consent, where applicable (e.g., optional communications).

For data protection inquiries, you may contact us through our Contact page. To submit a formal data request, use our GDPR Data Request form. All requests are processed within 30 days.

Your data may be stored and processed in the United States, where our servers and infrastructure are located. If you are accessing PatternPilotAI from outside the United States, please be aware that your data may be transferred to, stored, and processed in a jurisdiction with different data protection laws than your own.

We implement appropriate safeguards for international data transfers to ensure your data receives an adequate level of protection regardless of where it is processed.

PatternPilotAI is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected data from a person under 18, we will take immediate steps to delete that information from our systems.

If you believe that a minor has provided us with personal information, please contact us through our Contact page so we can take appropriate action.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you via email and update the "Last Updated" date at the top of this page.

Your continued use of PatternPilotAI after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through our Contact page or reach out via email. We aim to respond to all inquiries within 24 business hours.

For GDPR-related data requests (access, export, or deletion), please use our dedicated GDPR Data Request form.

For general service questions or support, visit our Contact page.