Last updated: April 2026
Account Information: Email address, name, and authentication credentials when you create an account.
Trading Data: Trade records you import via CSV or brokerage API connections, including symbols, prices, sizes, P&L, and timestamps.
Behavioral Data: Journal entries, behavioral tags, execution scores, mental game responses, and session reflections you create within the Service.
Wearable & Biometric Data: If you choose to connect a wearable device (WHOOP, Oura, or similar), we receive and store data the device vendor makes available via their OAuth API, which may include heart-rate variability (HRV), resting heart rate, sleep score / sleep performance, sleep stages, recovery score, respiratory rate, SpO₂, and workout summaries. We receive this data only after you explicitly authorize the connection in Settings, and only while the connection remains active.
Usage Data: Pages visited, features used, and interaction patterns to improve the Service.
Payment Information: Processed by Stripe. We do not store credit card numbers, CVVs, or full payment details on our servers.
Data collected: HRV, resting heart rate, sleep score, sleep stages, recovery score, respiratory rate, SpO₂, and workout summaries provided by your connected wearable vendor's API.
Why we collect it: To surface the relationship between your biology (recovery, sleep, stress) and your trading performance, exclusively inside your own account, and to power features like the red-day risk advisor, performance-zone calibration, and the Physical Readiness sub-driver of your BRI score.
How it's stored: Biometric data is stored in our Cloudflare D1 database, which is encrypted at rest. Access is gated by your authentication session. OAuth access and refresh tokens are stored in the same database and used only to retrieve data on your behalf.
Who sees it: Only you. We do not share, sell, license, or disclose biometric data to third parties, advertisers, insurers, employers, or data brokers. AI coaching features may process your biometric data together with your trading data to generate personalized feedback visible only to you; the AI provider does not retain this data beyond the generation request.
How long we keep it: For as long as you maintain an active connection, plus up to 30 days after disconnection to support account history features. You can request immediate deletion at any time (see section 7).
How to disconnect or delete: You can revoke the integration at any time via Settings → Devices → Disconnect, or by revoking authorization directly in your WHOOP / Oura account. On revocation we stop syncing new data immediately; to also delete historical biometric data, email us at the address in section 9.
We do NOT sell your personal data or trading data to third parties.
We share data only with these service providers, solely to operate the Service:
Access: You can view all your data within the Service at any time.
Export: You can export your trading data in CSV format (available on Core plan and above).
Deletion: You can request complete account deletion by contacting support@tradercoach.app. All data will be permanently removed within 30 days.
Correction: You can edit or delete individual trades, sessions, and journal entries at any time.
GDPR (EU users): You have the right to data portability, erasure, and to object to processing. Contact support@tradercoach.app for GDPR requests.
CCPA (California users): You have the right to know what data we collect, request deletion, and opt out of data sales (we do not sell data).
Mettle uses essential cookies for authentication (session cookies via better-auth). We use browser localStorage for UI preferences (sidebar state, tour completion) that do not contain personal or trading data. We do not use advertising or tracking cookies.
We may update this policy from time to time. Material changes will be communicated via email. Continued use of the Service after changes constitutes acceptance.
For privacy-related questions or requests, contact us at support@tradercoach.app.