metamorph
metamorph
  • Features
  • How it works
  • Pricing
  • Roadmap
  • Docs
Sign inStart free
Founding Member Slots Available
Legal

Privacy Policy

Effective date: March 2026 · Last updated: March 2026 · Version 1.0
Your data belongs to you

Metamorph collects only what is necessary to provide the Service. We do not sell your personal data, your trade data, or your journal content to any third party. Ever.

Section 01

Introduction

Metamorph ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use the Metamorph platform, including the website at metamorph.trade and all associated applications and services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this Privacy Policy. This Policy should be read alongside our Terms of Service.

We will notify you of any material changes to this Policy by updating the "Last updated" date at the top of this document and, where appropriate, by email notification. Your continued use of the Service after any changes constitutes acceptance of the revised Policy.

Section 02

Information We Collect

We collect the information reasonably necessary to provide, maintain, and improve the Service. The categories of information we collect are as follows:

Information You Provide Directly

Data TypeExamplesPurpose
Account informationEmail address, OAuth provider account data, account profile informationAccount creation, authentication, and communication
Trade dataSymbol, direction, contracts, entry/exit price, commissions, datesCore Service functionality — P&L calculation, analytics, calendar
Journal contentNotes, text entries, journal entriesCore Service functionality — journaling and session review
Account configurationAccount names, account typesMulti-account management and filtering
Payment informationBilling details and payment method information processed by Stripe; billing status metadata (for example, Stripe customer/subscription identifiers)Subscription management and billing support — full card details are handled by Stripe

Information Collected Automatically

Data TypeExamplesPurpose
Usage dataPages visited, features used, session duration, click eventsProduct improvement and understanding how the Service is used
Device and technical dataBrowser type, operating system, screen resolutionEnsuring compatibility and diagnosing technical issues
Log dataIP address, access timestamps, error logsSecurity monitoring, fraud prevention, and debugging

Information We Do Not Collect

We do not intentionally collect:

  • Brokerage account credentials or login information for any trading platform
  • Real-time market data or live trading positions
  • Social security numbers, government IDs, or financial account numbers
  • Sensitive personal characteristics such as race, religion, or health information
  • Personal information from minors under the age of 18 without required consent
Section 03

How We Use Your Information

We use the information we collect for the following purposes:

  • Providing the Service — processing your trade data, rendering analytics and charts, storing your journal entries, and delivering all core functionality
  • Account management — creating and maintaining your account, authenticating your identity, and managing your subscription
  • Payment processing — facilitating subscription billing through Stripe and managing your subscription status
  • Service improvement — understanding how users interact with the Service to inform product decisions and prioritize features
  • Communications — sending transactional emails such as account confirmations, log-in verifications, and billing notifications
  • Security and fraud prevention — monitoring for unauthorized access, abuse, and technical issues
  • Legal compliance — complying with applicable laws, regulations, and legal processes
Section 04

How We Share Your Information

We share your information only in the limited circumstances described below:

Service Providers

We share information with trusted third-party service providers who assist us in operating the Service. These providers are contractually required to use your information only as directed by us and in accordance with this Privacy Policy.

ProviderPurposeData Shared
StripePayment processing and subscription managementBilling name, email, payment details
VercelApplication hosting and infrastructureRequest logs, IP addresses
SupabaseDatabase and authenticationService database records and authentication data (encrypted at rest per Supabase platform controls)
ResendTransactional email deliveryEmail address, email content

Legal Requirements

We may disclose your information if required to do so by law or in response to a valid legal process, such as a subpoena, court order, or government request. Where permitted, we will notify you before disclosing your information in response to such a request.

Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transfer, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

Section 05

Data Security

We implement and maintain technical and organizational safeguards designed to protect your information against unauthorized access, loss, destruction, or alteration. Security practices for the Service include:

No method of transmission over the internet or method of electronic storage is completely secure, and we cannot guarantee absolute security.

  • Encryption in transit via HTTPS/TLS for connections between your browser, our application infrastructure, and third-party providers
  • Encryption at rest provided by our infrastructure and payment vendors (including Supabase and Stripe) according to their platform security controls
  • Authentication handled through Supabase Auth using magic links and Google OAuth; we do not provide password-based sign-in in the app
  • Payment card details processed by Stripe; we do not store full card numbers, CVC, or expiration dates on our servers
  • Storage of limited billing metadata (such as Stripe customer and subscription identifiers) to manage subscription state and account access
  • Access controls including authenticated server-side checks and row-level database policies to limit user access to their own records
  • Endpoint protections such as request validation, rate limiting on sensitive routes, and webhook signature verification for billing events
  • Periodic review and updates of security controls as the product, infrastructure, and threat landscape evolve
Section 06

Data Retention

We retain your information for as long as needed to provide and secure the Service, comply with legal obligations, and resolve disputes. Retention periods vary based on data type and legal requirements. In general:

  • Account, trade, and journal data are retained while your account is active and for a limited period thereafter as needed for service operations and support.
  • If you request deletion, we delete or de-identify personal data within a reasonable period, subject to technical constraints (such as backups) and legal obligations.
  • Billing and transaction records may be retained for accounting, tax, fraud prevention, and legal compliance purposes.
  • Operational and security logs are retained for limited periods appropriate to security, reliability, debugging, and abuse prevention.
Section 07

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use are:

  • Strictly necessary cookies — required for the Service to function, including session authentication and security. These cannot be disabled.
  • Functional cookies — remember your preferences such as theme selection (dark/light mode) and account settings
  • Analytics cookies — help us understand how users interact with the Service in aggregate. We use privacy-preserving analytics that do not track you across other websites
Section 08

Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information. We may need to verify your identity before fulfilling certain requests:

Rights Available to All Users

  • Access — request information about the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete personal information
  • Deletion — request deletion of your personal information, subject to legal and operational retention requirements
  • Portability — request an export of data we make available for export
  • Communications preferences — opt out of non-essential or marketing communications

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@metamorph.trade.

European Users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing of, and object to the processing of your personal data. You also have the right to lodge a complaint with your local data protection authority.

Our legal basis for processing your personal data is primarily the performance of our contract with you (providing the Service) and our legitimate interests in operating and improving the Service. Where we rely on your consent, you may withdraw it at any time.

If you are located outside the United States, please be aware that your personal data may be transferred to and processed in the United States, where our servers are located. By using the Service, you consent to this transfer.

Section 09

Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor without parental consent, we will take steps to delete that information promptly.

If you believe we have inadvertently collected information from a minor, please contact us at support@metamorph.trade.

Section 10

Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to the Metamorph Service. We are not responsible for the privacy practices of any third-party websites or services, and we encourage you to review their privacy policies before providing any personal information.

Section 11

Contact and Data Controller

Metamorph is the data controller responsible for your personal information. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

support@metamorph.trade

metamorph

Your futures native workflow.

Product

  • Features
  • How it works
  • Pricing
  • Roadmap

Resources

  • Documentation
  • Changelog
  • Support

Legal

  • Privacy Policy
  • Terms of Service

© 2026 Metamorph. All rights reserved.

Built by a futures trader, for futures traders.

Not financial advice. Metamorph is a trade journaling and performance tracking tool. Nothing on this platform constitutes financial advice, investment advice, or a recommendation to buy or sell any security or futures contract. Trading futures involves substantial risk of loss and is not suitable for all investors. Past performance is not indicative of future results. You are solely responsible for your trading decisions.