1. Data Controller

The data controller is Jan Benda, ID 23112158, with headquarters at U Švehlova altánu 1588/5, Prague 10 – Hostivař.

Email: support@mindtrader.cz

2. What Data We Process

• Identification: name, email address
• Technical: IP address, device, cookies
• User data: journal results, scores, AI interaction data, trading statistics
• Payment data: processed by Stripe Inc., 354 Oyster Point Blvd, San Francisco, CA USA
• Analytics data: access logs (Vercel), API logs (OpenAI)
• Profile data: trading style, experience, risk profile, traded markets

3. Purpose of Processing

• Providing and improving the MindTrader service
• Analysis of user behavior (anonymized data)
• Payment processing and billing
• Customer communication and user support
• Providing Team Club and mentoring features

4. Legal Basis

Processing is based on:

• contract performance (service provision),
• user consent,
• legitimate interest (security, improvement).

5. Data Retention

We retain data for the duration of the account and a maximum of 12 months after its deletion. Payment records are retained according to accounting law for 10 years.

6. Team Club and Data Sharing Between Users

The Team Club feature allows users to share selected data with other group members. By registering for Team Club, the user agrees to share the following data:

• Username or nickname
• Trading statistics (win rate, average profit/loss, winning/losing streaks)
• Psychological readiness score and mental metrics
• Rankings position and earned badges
• Public posts and comments

Users can leave Team Club at any time and thus stop sharing their data with other members. Historical leaderboard data may remain in anonymized form.

7. Admin Panel and Administrator Access

The service operator (owner) and authorized mentors have access through the Admin Panel to extended user data for the purpose of:

• Providing personalized mentoring and feedback
• Monitoring user progress and identifying areas for improvement
• Resolving technical issues and user support
• Ensuring security and preventing service abuse

What data administrators can access:

• Complete trading statistics and trade history
• Journal entries and reflections
• Psychological readiness data and mental metrics
• Application activity (logins, feature usage)
• Loss Reset records and progress
• User settings and preferences

All administrators and mentors are bound by confidentiality and must not share user data with third parties or use it for any purpose other than providing the MindTrader service.

8. Data Sharing with Third Parties

Data may be processed by the following entities:

• Stripe, Inc. (payments)
• Vercel Inc. (application hosting)
• Supabase Inc. (database and authentication)
• OpenAI LLC (AI features)
• Google LLC / Apple Inc. (if user enables health data integration)

All partners comply with GDPR requirements.

9. User Rights

Users have the right to:

• access their data,
• correct or delete,
• restrict processing,
• data portability,
• withdraw consent to data sharing in Team Club,
• file a complaint with the Data Protection Authority.

Send requests to support@mindtrader.cz.

10. Cookies

The application uses cookies for login, analytics, and security. By using the website, the user consents to this.

11. Data Security

All data is encrypted in transit (TLS/SSL) and at rest. Admin Panel access is protected by multi-factor authentication and logged for audit purposes.