Privacy Policy

1. Who We Are

Sydnical is an educational paper trading platform. This privacy policy explains how we collect, use, and protect your personal data when you use our service.

2. What We Collect

We collect the minimum data necessary to provide the service:

• Account data: email address, display name, hashed password (or Google OAuth token)
• Portfolio data: simulated trades, positions, discipline scores (all virtual, no real financial data)
• Usage data: pages visited, features used, timestamps (for improving the product)
• Device data: browser type, screen size, IP address (for security and analytics)

3. What We Do NOT Collect

• Real bank account or brokerage information
• Payment card details (we use Stripe for any future paid features — they handle card data, not us)
• Government-issued identification
• Location data beyond country selection

4. How We Use Your Data

• To provide and maintain your account and simulated portfolio
• To generate AI Coach reviews and discipline scores
• To display leaderboard rankings (using your display name only)
• To enable the friends feature (friend code, display name, simulated performance)
• To send important account notifications
• To improve the product based on aggregate usage patterns

5. Data Sharing

We do not sell your personal data. We may share limited data with:

• Infrastructure providers: Railway (hosting), Vercel (frontend hosting) — to run the service
• Analytics: anonymized, aggregate usage data only
• Legal obligations: if required by law or court order

6. Leaderboard & Social Visibility

When you use the leaderboard or friends features, other users can see:

• Your display name (not your email)
• Your discipline score and investor rating
• Your simulated portfolio performance (returns, not specific holdings)
• Your country selection
• Your friend code (if shared)

Your email address, password, and specific trade details are never visible to other users.

7. Data Storage & Security

• Passwords are hashed with bcrypt (industry standard, irreversible)
• All data transmitted over HTTPS (encrypted in transit)
• Database hosted on Railway with encryption at rest
• JWT tokens expire after 30 days

8. Your Rights (GDPR / UK GDPR)

If you are in the UK or EU, you have the right to:

• Access: request a copy of all data we hold about you
• Rectification: correct any inaccurate data
• Erasure: delete your account and all associated data
• Portability: receive your data in a machine-readable format
• Objection: object to processing of your data

To exercise any of these rights, contact privacy@sydnical.com. We will respond within 30 days.

9. Cookies

Sydnical uses only essential cookies and localStorage for authentication (JWT token). We do not use tracking cookies or third-party advertising cookies.

10. Children

Sydnical is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

11. Changes

We may update this policy. We will notify registered users of significant changes via email. Continued use after changes constitutes acceptance.

12. Contact

Questions about privacy? Contact us at privacy@sydnical.com.

See also: Terms of Service