Privacy Policy

Journaira ("we", "our", or "us") is committed to protecting your privacy. This policy explains how we collect, use, and safeguard your information when you use our trading journal platform.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you sign in with Google OAuth, we receive your name and email from Google.

Trading Data

When you import trades via CSV or PDF, we process and store your trade records including symbols, dates, quantities, prices, and broker information. This data is used solely to provide you with journal analytics, tax calculations, and performance tracking.

Usage Data

We collect anonymised usage data such as page views, feature usage patterns, and performance metrics to improve our service.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Journaira trading journal service
• Calculate capital gains tax estimates under Nigerian tax law
• Generate inflation-adjusted performance analytics
• Process subscription payments via Paystack
• Send essential service communications (account verification, billing)
• Improve our platform based on aggregated, anonymised usage patterns

3. Data Sharing

We do not sell your personal or financial data. We share data only with:

• Paystack -- for payment processing (they receive only payment-related information)
• Google -- if you use Google OAuth for authentication
• Resend -- for transactional email delivery

4. Data Security

We implement industry-standard security measures including:

• Encrypted connections (HTTPS/TLS) for all data in transit
• Encrypted database storage for sensitive data at rest
• JWT-based authentication with httpOnly cookies
• Rate limiting to prevent abuse
• Regular security audits and dependency updates

5. Nigerian Data Protection (NDPR Compliance)

We comply with the Nigeria Data Protection Regulation (NDPR) issued by the National Information Technology Development Agency (NITDA). Under the NDPR, you have the right to:

• Access your personal data held by Journaira
• Request correction of inaccurate data
• Request deletion of your data (subject to legal retention requirements)
• Object to processing of your data for marketing purposes
• Receive your data in a portable format

Your financial data is stored on servers located in Germany (Hetzner Cloud) and is processed in accordance with both NDPR and GDPR standards.

6. Data Retention

We retain your account and trading data for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

7. Cookies

We use essential cookies for authentication and session management. We do not use third-party advertising cookies.

8. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by email or through a notice on our platform.

9. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at [email protected].