Privacy Policy

Version: 1

Last Updated: 5/12/2026

1. Data Controller

The Data Controller for the processing of personal data is: Project Marubozu.
Contact Email: info@marubozu.trade


2. Types of Data Collected

We collect only the data strictly necessary for the operation and security of the Service:


Data Provided by the User:

  • Account Information: Email address, username.
  • Authentication Data: Credentials provided via Google OAuth or account passwords (which are never stored in plain text).
  • User Content: Content voluntarily entered into the platform (trading journals, logs, and notes).
  • Media: Screenshots and images uploaded by the user.

Technical Data:

  • Access Logs: IP addresses, browser type, and timestamps.
  • Authentication Tokens: Secure tokens generated by our backend for session management.

3. Purpose of Data Processing

Data is processed to:

  • Manage user authentication and secure access to the platform.
  • Enable the storage and visualization of your trading journals.
  • Ensure platform security and prevent unauthorized access.
  • Send essential service-related emails.

4. Legal Basis

The processing of your data is based on:

  • Performance of a Contract: Providing the SaaS features you signed up for.
  • Explicit Consent: Given during the login or registration process (via Google Auth or email/password).

5. Data Retention

  • Data is stored for the duration of your active account.
  • Upon account deletion, all records in our database and all stored images will be permanently deleted.

6. Third-Party Services and Data Location

We utilize the following specialized infrastructure to ensure a secure and high-performance experience:

  • Supabase: For database management (PostgreSQL).
  • Render: For backend infrastructure and microservices (handling business logic and token generation).
  • Vercel: For frontend hosting and delivery.
  • Cloudflare: For domain management and secure storage of user-uploaded screenshots.
  • Google: For identity verification via Google OAuth.

7. Security Measures

We protect your data through industry-standard technical measures:

  • HTTPS Encryption: All traffic is encrypted in transit.
  • Secure Authentication: We use a combination of Google OAuth and proprietary Token-based Authentication.
  • Cryptographic Protection: All internal authentication tokens and sensitive credentials are processed and secured using SHA-256 hashing protocols.
  • Cloud Security: Leveraging the native security layers of our infrastructure providers (Vercel, Render, Supabase).

8. User Rights (GDPR)

Under the GDPR, you have the right to:

  • Access and Export: Obtain a copy of your data.
  • Rectification: Correct inaccurate information.
  • Erasure: Request the permanent deletion of your account.
  • Object: Oppose certain types of processing.

To exercise these rights, contact us at: info@marubozu.trade


9. Changes to this Policy

We may update this Privacy Policy to reflect changes in our service or legal requirements. Users will be notified of significant changes via the platform.


10. Contact Us

For any privacy-related questions: 📧 info@marubozu.trade