Disciplined

Privacy Policy

Last updated: March 5, 2026

1. Introduction

Disciplined ("we", "us", "our") operates the website disciplined.me, the Disciplined iOS app, and the Disciplined Android app (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

Disciplined is the data controller responsible for your personal data. If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@disciplined.me.

3. Information We Collect

We collect the following categories of personal information:

  • Account information: Full name, email address, and password (hashed) when you register.
  • Trading data: Trade entries, notes, setup tags, and performance metrics you input into the Service. This data is private by default and only visible to you.
  • Payment information: When you subscribe to a paid plan, payment is processed by Stripe. We store your Stripe customer ID and subscription status but never store your credit card number, CVV, or full payment details.
  • Usage data: Pages visited, features used, device type, browser type, IP address, and general location (country level) for analytics and service improvement.
  • Device information: Operating system, app version, and device identifiers for the iOS and Android apps.
  • Communications: If you contact us via email or support, we retain the correspondence to resolve your inquiry.

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you signed up for (account management, trade tracking, analytics).
  • Legitimate interests: Analytics and service improvement, fraud prevention, and security.
  • Consent: Marketing communications (you can opt out at any time).
  • Legal obligation: Compliance with applicable laws, such as responding to lawful requests from authorities.

5. How We Use Your Information

We use your personal information for the following purposes:

  • To provide, operate, and maintain the Service.
  • To process your subscription and payments via Stripe.
  • To personalize your experience and provide performance analytics based on your trade data.
  • To communicate with you about your account, updates, and (with your consent) marketing.
  • To detect, prevent, and address technical issues, fraud, or abuse.
  • To comply with legal obligations.

6. Data Sharing and Third Parties

We do not sell your personal data. We share data only with the following categories of service providers, strictly as needed to operate the Service:

  • Supabase: Database hosting and authentication (EU/US regions).
  • Stripe: Payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
  • Vercel: Web application hosting.
  • Render: API server hosting.
  • Resend: Transactional emails (password reset, account notifications).
  • Apple / Google: App distribution via App Store and Google Play. In-app purchases, if applicable, are processed by the respective platform.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or transfers to countries with an adequate level of data protection.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, accounting, or audit purposes. Payment records may be retained for up to 7 years as required by applicable tax and financial regulations.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Request restriction of processing of your data.
  • Portability: Request a machine-readable copy of your data.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, you can withdraw it at any time.

10. Data Security

We implement industry-standard security measures to protect your personal data, including encryption in transit (TLS/SSL), encrypted storage for sensitive data, secure authentication, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

11. Cookies and Tracking

The Service uses essential cookies for authentication and session management. We do not use third-party advertising cookies or trackers. Analytics data is collected in aggregate form and does not include third-party tracking pixels.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will take steps to delete such information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, your data, or wish to exercise your rights, please contact us at privacy@disciplined.me. If you are located in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.