Privacy Policy

• Your trading data — trades, fills, P&L, account balances, net liquidity — stays in a database on your own computer. We never receive it.
• If you create an IAG Journal account for Pro features, we store your email address and your subscription/entitlement status.
• Payments are processed by Stripe. We never see or store your full card number.
• We don't sell your data and we don't use third-party advertising or analytics trackers on the website.

The desktop app keeps your imported trades and everything derived from them — positions, P&L, account balances, net liquidity, charts — in a local database on your machine. CSV files you import are processed locally. If you connect a brokerage API (a Pro feature), the credentials you enter are stored in your operating system's secure keychain on your machine, and the transaction data fetched with them is written to that same local database. None of this is transmitted to us.

If you create an IAG Journal account (required only for Pro features):

• Email address — for passwordless (magic link) sign-in and account-related email.
• Account & entitlement records — your subscription tier and status, trial/period dates, and (if applicable) identifiers linking you to your Stripe customer and subscription.
• Linked-device metadata — when you sign in from the desktop app we store a non-identifying device id, an optional label (e.g. the computer name), and a last-seen timestamp, so we can enforce the per-account device limit and let you sign out a device.
• Authentication tokens — short-lived session and refresh tokens needed to keep you signed in.

Payment information. When you start a subscription, Stripe collects and processes your payment details directly. We receive only limited information from Stripe (such as the last four digits of your card, billing country, and subscription state) — never the full card number.

Server logs. Our hosting provider records standard request logs (IP address, timestamp, request path, user agent) for security and reliability. These are retained for a limited period.

Feedback. If you submit feedback from the desktop app, the message you write (plus your app version and platform) is forwarded to our issue tracker.

We do not use cookies for advertising, and we do not embed third-party analytics or ad trackers on the website. The website uses only the cookies necessary to keep you signed in.

• To authenticate you and keep you signed in.
• To provide and manage Pro features, your subscription, and billing.
• To send transactional email — magic links, receipts, and important account or service notices.
• To operate, secure, and debug the service.
• To respond to your feedback or support requests.

We do not sell your personal information or share it for cross-context behavioral advertising.

We rely on a small set of processors that handle data on our behalf:

• Supabase — authentication and the account/subscription database.
• Stripe — payment processing and subscription management.
• Vercel — website and API hosting.
• Resend — delivery of transactional email.
• GitHub — hosting the desktop app installers you download.

Each processes data only as needed to provide its service to us. Some may process data outside your country; where required, appropriate safeguards apply.

We keep your account data for as long as your account exists. If you ask us to delete your account, we delete your account and entitlement records and ask Stripe to delete the associated customer record, subject to information we're required to retain for legal, tax, or fraud-prevention reasons. Server logs are kept only for a limited period.

You can request access to, correction of, or deletion of the personal data we hold about you by emailing support@iagjournal.com. Depending on where you live, you may have additional rights under laws such as the GDPR or the CCPA/CPRA; we honor those requests. You can stop all account-related processing by deleting your IAG Journal account — the desktop app continues to work on the free tier without one.

IAG Journal is not directed to anyone under 18, and we do not knowingly collect personal information from children.

We may update this policy from time to time. When we do, we'll revise the “Last updated” date above, and for material changes we'll provide additional notice where appropriate.

Questions about this policy or your data? Email support@iagjournal.com.