1. Information we collect
When you use Ai Nora Trading, we collect the following categories of information:
- Account information. Name, email address and authentication state, all managed by Clerk. We do not store your password.
- Subscription and payment information. Processed by Stripe (and PayPal where used). We store a customer ID and subscription status only, never your full card number.
- Tool usage data. AI chart analysis submissions and results, Masaniello sessions, prop-firm challenge configurations and trade history, daily quota counters, gamification state (XP, streaks, badges).
- Uploaded files. Chart screenshots you submit to AI Chart Analysis are stored in Supabase Storage and associated with your account.
- Technical data. IP address, browser fingerprint, device type, language, and the cookies described in section 7. Used for fraud prevention and aggregate analytics.
2. How we use your information
- To provide, secure and maintain the platform.
- To process payments, manage subscriptions, and apply tier limits (Free, Pro, Elite).
- To send transactional emails: sign-up confirmation, payment receipts, refund confirmations, security alerts. We do not send marketing email unless you explicitly opt in.
- To detect and prevent fraud, abuse, automated scraping, and unauthorised access.
- To improve the product through aggregated, de-identified analytics. Individual usage is never shared externally.
3. AI processing & training
AI Chart Analysis sends the chart you upload (or live chart snapshot we render server-side) to Anthropic (Claude API) for analysis. Two important points:
- No training on your data. Per Anthropic's commercial API terms, prompts and uploads sent through the API are not used to train their models.
- Limited retention at provider. Anthropic retains API data only as long as needed to operate the service and meet abuse / safety obligations. See Anthropic's privacy policy for current details.
On our side, we keep the analysis result (and its inputs) tied to your account so you can review your history. You can delete any analysis from your dashboard.
4. Third-party services (sub-processors)
We rely on the following providers to operate the platform. Each is bound by a Data Processing Agreement where required.
- Clerk: authentication and user management.
- Stripe and PayPal: payment processing and subscription billing.
- Supabase: PostgreSQL database and storage for your account data, sessions and uploaded charts.
- Anthropic: AI chart analysis (Claude models).
- Twelve Data and Binance: market-data feeds for live forex and crypto charts (no personal data is sent).
- Inngest: background job processing (webhooks, AI calls, scheduled tasks).
- Resend: transactional email delivery.
- Vercel and Cloudflare: hosting, edge network and DDoS protection.
5. Data retention
We retain your account and usage data for as long as your account is active. If you delete your account, we permanently erase personal information within 30 days, except where we are legally required to keep records (typical example: financial records for 7 years for tax purposes).
- Uploaded chart images: deleted within 30 days of account deletion.
- AI analysis history: deleted within 30 days of account deletion.
- Stripe / PayPal records: retained as required by tax and payment regulations.
6. Your rights (GDPR / CCPA)
Depending on where you live, you have some or all of the following rights:
- Access: request a copy of the data we hold about you.
- Rectification: correct inaccurate data.
- Erasure: request deletion of your account and associated data.
- Portability: request your data in a machine-readable format.
- Objection: object to processing for direct marketing (we don't do any) or other lawful bases.
- Do-not-sell (CCPA): we do not sell personal information; this right is informational only.
To exercise any of these rights, email privacy@ainoratrading.com. We respond within 30 days.
7. Cookies
We use a small number of strictly necessary cookies and local storage entries:
- Authentication: set by Clerk to keep you signed in.
- Session preferences: theme (light or dark), sound mute state, last selected billing interval.
- Security: CSRF tokens and rate-limit keys.
We do not use third-party advertising, tracking, or profiling cookies. There is no cross-site tracking pixel.
8. Security
Data is encrypted in transit (TLS 1.2+) and at rest. Database access is gated through Drizzle ORM with parameterised queries and row-level security on user-owned tables. Payment data never touches our servers. Stripe and PayPal handle it directly.
Found a vulnerability? Please disclose it responsibly to privacy@ainoratrading.com. We acknowledge security reports within 72 hours.
9. Children
Ai Nora Trading is not directed to children under 18, and trading carries financial risk that is unsuitable for minors. We do not knowingly collect personal information from anyone under 18. If you believe we have, contact us and we will delete the data.
10. Changes to this policy
We may update this policy from time to time. Material changes, anything that expands the categories of data we collect or changes a sub-processor, are communicated via email at least 30 days before they take effect, and reflected here with a new "Last updated" date.
11. Contact
For privacy questions, data requests, or to exercise any of the rights above, email privacy@ainoratrading.com. We respond within 30 days.