Legal

Privacy Policy

Effective date: April 20, 2026  ·  Last updated: April 20, 2026

In plain language. TradingBear collects the minimum data needed to run the app: the email and ID you sign up with, the content you post in community and journal, and basic device diagnostics. We do not sell your data. We do not run third-party advertising or tracking. You can delete your account at any time from Settings → Delete account.

1. Who we are

This Privacy Policy explains how TradingBear (“TradingBear,” “we,” “us”) — operator of the TradingBear iOS application and the tradingbear.app website (the “Service”) — collects, uses, shares, and protects your personal information.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, TradingBear is the data controller for information collected through the Service. Our contact details are in Section 15.

2. Data we collect

We collect only the data we need to run the Service. Categories of data are grouped below.

a. Account & identity data

  • Email address — for sign-up, sign-in, password recovery, and security notifications.
  • Display name / nickname — shown next to your messages in community channels.
  • Internal user ID — a pseudonymous identifier we assign to your account.
  • Authentication identifiers from Apple / Google if you sign in with those providers. We never receive your Apple or Google password.

b. Content you create

  • Community messages and images — messages, images, and reactions you post to community or direct-message channels.
  • Trade journal entries — strategy plans, notes, annotations, and review comments you save to your private journal.
  • Photos you attach — images you pick from your photo library to share in community, in your journal, or with the AI assistant. We only access photos you explicitly select; we do not scan your library.
  • Voice recordings — audio captured while you use the voice-input feature in the AI assistant. Audio is transcribed and, after transcription, is not retained on our servers unless you explicitly save it.

c. AI assistant interactions

  • Prompts, messages, and files you send to the AI assistant, together with the AI’s responses. We use this data to provide and improve the feature.
  • We do not use your individual AI conversations to train public foundation models without your express consent.

d. Device & diagnostic data

  • Device model, OS version, app version, language, time zone, approximate network type.
  • Crash logs, performance metrics, and non-personal feature usage statistics.
  • IP address — used transiently for security, rate-limiting, and fraud prevention.

e. Purchase data

  • If you subscribe or buy premium features, Apple processes the transaction. We receive a receipt / transaction ID so we can unlock entitlements on your account. We do not receive or store your payment card details.

f. Support communications

  • Any email, screenshot, or ticket you send to , plus metadata needed to respond.
We do not collect. We do not collect precise location, contacts, calendar, health/fitness data, biometric identifiers, or financial account credentials. We do not run the App Tracking Transparency (ATT) tracking flow and we do not integrate third-party advertising SDKs.

3. How we use your data

We use personal data for the following purposes:

  • Provide the Service — create and authenticate your account, deliver messages, sync your journal, and run the AI assistant.
  • Operate community & moderation — enforce the community rules, respond to reports, and protect users from abuse.
  • Security & fraud prevention — detect and mitigate abuse, spam, bot activity, and account takeovers.
  • Product improvement — diagnose bugs, monitor performance, and decide what to build next based on aggregate feature usage.
  • Support — reply to your questions and resolve issues.
  • Transactional communications — verify email, notify you of material policy changes, service interruptions, or security events. (We do not send marketing email without your opt-in.)
  • Legal compliance — comply with law, respond to valid legal requests, and enforce our Terms.

If you are in the European Economic Area or the United Kingdom, we process your data under one or more of these legal bases:

  • Performance of a contract — to provide the Service you asked us to provide (Art. 6(1)(b)).
  • Legitimate interests — product improvement, security, fraud prevention, and abuse moderation, balanced against your rights (Art. 6(1)(f)).
  • Consent — for any feature that explicitly asks your permission, such as microphone or photo library access (Art. 6(1)(a)). You can withdraw consent at any time in iOS settings.
  • Legal obligation — to comply with laws we are subject to (Art. 6(1)(c)).

5. Sharing & processors

We do not sell your personal data and we do not share it with advertisers. We share data only with service providers (processors) that are bound by contract to use it only for the purposes we direct.

The main processors we rely on:

  • Google LLC / Firebase — authentication, backend services, crash reporting. Data may be processed in the United States and other regions operated by Google Cloud.
  • Sendbird, Inc. — storage and delivery of community and direct messages, moderation primitives (report, block). Data is processed on Sendbird’s infrastructure.
  • Apple Inc. — Sign in with Apple, push notifications (APNs), App Store payment processing.
  • TradingView, Inc. — embedded price charts. TradingView may receive technical request data needed to render the chart.
  • Cloudflare, Inc. — content delivery, DDoS protection, and video/media streaming.
  • AI providers — large-language-model vendors we use to power the AI assistant. Prompts are sent over TLS and handled under the provider’s enterprise data-use terms, which prohibit the provider from using your prompts to train their public models.
  • Customer-support tooling — email and helpdesk systems we use to answer your questions.

We may also disclose personal data if we have a good-faith belief that doing so is required to comply with law, to enforce our Terms, or to protect the rights, safety, or property of users or the public.

6. International transfers

Because some of our processors are headquartered in the United States or other jurisdictions outside your own, your data may be transferred and stored in those jurisdictions. Where required by law — for example, for transfers out of the European Economic Area or the United Kingdom — we rely on the European Commission’s Standard Contractual Clauses (or the UK International Data Transfer Addendum) together with supplementary measures such as encryption in transit.

7. Retention

We keep data only as long as it is needed for the purposes listed above.

  • Account data — retained while your account is active, and for up to 90 days after deletion to complete backups and audit trails.
  • Community & journal content — retained while your account is active. After deletion, messages you posted become anonymized or are removed in line with Sendbird’s processor retention.
  • AI conversations — retained in your history so you can scroll back. Deleting a conversation removes it within 30 days from our backups.
  • Voice recordings — transcribed immediately and discarded; only the text transcript is retained, unless you explicitly saved the audio.
  • Support tickets — retained up to 24 months so we can handle follow-ups.
  • Diagnostics & security logs — retained up to 12 months for incident investigation.
  • Purchase records — retained as long as required by tax and consumer-protection law (typically 7 years).

8. Your rights

Subject to local law, you have the following rights over your personal data:

  • Access — request a copy of the data we hold about you.
  • Rectification — correct inaccurate data. Most fields can be edited in Settings → Profile.
  • Erasure — delete your account and associated data via Settings → Delete account, or by emailing us.
  • Restriction — ask us to pause certain processing.
  • Objection — object to processing based on legitimate interests.
  • Portability — receive your data in a structured, machine-readable format.
  • Withdraw consent — where processing is based on consent, withdraw it at any time (this does not affect processing already done).
  • Lodge a complaint — with your local data-protection authority. In Taiwan, this is the Ministry of the Interior; in the EU, your national DPA; in the UK, the Information Commissioner’s Office.

To exercise any of these rights, email . We may need to verify your identity before responding. We aim to reply within 30 days.

9. California (CCPA / CPRA) rights

If you are a California resident, in addition to the rights above you have the right to know what personal information we have collected in the past 12 months, to request deletion of that information, and to opt out of any “sale” or “sharing.” We do not sell or share personal information for cross-context behavioral advertising. We do not discriminate against users who exercise these rights.

Submit a request to . You may designate an authorized agent to act on your behalf.

10. Taiwan Personal Data Protection Act

If you are in Taiwan, you may — at any time — inquire about, request a copy of, correct, stop the collection/processing/use of, or request deletion of your personal data, in line with the Personal Data Protection Act (個人資料保護法). To exercise these rights, email .

11. Security

We protect your data with industry-standard measures, including:

  • TLS encryption in transit for all API calls;
  • Encryption at rest for our managed database and object storage;
  • Principle-of-least-privilege access controls and audit logging;
  • Authentication via trusted providers (Apple, Google, Firebase);
  • Regular dependency and vulnerability reviews.

No system is 100% secure. If you believe your account has been compromised, email us at immediately.

12. Children

The Service is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction, e.g., 16 in some EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email and we will delete it.

13. Tracking & analytics

We do not participate in third-party advertising networks and we do not present the App Tracking Transparency (ATT) prompt because we do not track you across apps and websites owned by other companies.

The website at tradingbear.app uses only functional cookies required to display the site and remember your theme preference. We do not run behavioral-advertising cookies or cross-site trackers.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be highlighted in-app and on this page, with at least 30 days’ advance notice. The “Last updated” date at the top indicates the latest revision.

15. Contact & data requests

If you have any questions about this Privacy Policy or want to exercise your rights, please contact us:

This Privacy Policy is provided in good faith and reflects our actual data practices. It is not legal advice. If you need a copy with your jurisdiction’s specific language (for example, DSA, KVKK, LGPD), email our privacy team and we will send one.