Privacy Policy
Metamorph collects only what is necessary to provide the Service. We do not sell your personal data, your trade data, or your journal content to any third party. Ever.
Introduction
Metamorph ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information about you when you use the Metamorph platform, including the website at metamorph.trade and all associated applications and services (collectively, the "Service").
By using the Service, you agree to the collection and use of information as described in this Privacy Policy. This Policy should be read alongside our Terms of Service.
We will notify you of any material changes to this Policy by updating the "Last updated" date at the top of this document and, where appropriate, by email notification. Your continued use of the Service after any changes constitutes acceptance of the revised Policy.
Information We Collect
We collect only the information necessary to provide and improve the Service. The categories of information we collect are as follows:
Information You Provide Directly
| Data Type | Examples | Purpose |
|---|---|---|
| Account information | Email address, password (hashed), account name | Account creation, authentication, and communication |
| Trade data | Symbol, direction, contracts, entry/exit price, commissions, dates | Core Service functionality — P&L calculation, analytics, calendar |
| Journal content | Notes, text entries, journal entries | Core Service functionality — journaling and session review |
| Account configuration | Account names, account types (Live, Apex, Paper) | Multi-account management and filtering |
| Payment information | Billing name, last 4 digits of card (via Stripe) | Subscription management — full payment details held by Stripe only |
Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Usage data | Pages visited, features used, session duration, click events | Product improvement and understanding how the Service is used |
| Device and technical data | Browser type, operating system, screen resolution | Ensuring compatibility and diagnosing technical issues |
| Log data | IP address, access timestamps, error logs | Security monitoring, fraud prevention, and debugging |
Information We Do Not Collect
We do not collect:
- Brokerage account credentials or login information for any trading platform
- Real-time market data or live trading positions
- Social security numbers, government IDs, or financial account numbers
- Sensitive personal characteristics such as race, religion, or health information
- Any data from minors under the age of 18
How We Use Your Information
We use the information we collect for the following purposes:
- Providing the Service — processing your trade data, rendering analytics and charts, storing your journal entries, and delivering all core functionality
- Account management — creating and maintaining your account, authenticating your identity, and managing your subscription
- Payment processing — facilitating subscription billing through Stripe and managing your subscription status
- Service improvement — understanding how users interact with the Service to inform product decisions and prioritize features
- Communications — sending transactional emails such as account confirmations, password resets, and billing notifications
- Security and fraud prevention — monitoring for unauthorized access, abuse, and technical issues
- Legal compliance — complying with applicable laws, regulations, and legal processes
We do not use your trade data, journal content, or account performance information for any advertising, marketing, or commercial purpose beyond providing the Service to you.
How We Share Your Information
We share your information only in the limited circumstances described below:
Service Providers
We share information with trusted third-party service providers who assist us in operating the Service. These providers are contractually required to use your information only as directed by us and in accordance with this Privacy Policy.
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing and subscription management | Billing name, email, payment details |
| Cloud hosting provider | Secure data storage and Service infrastructure | All user data (encrypted at rest) |
| Analytics provider | Product usage analytics (privacy-preserving) | Anonymized usage events, no personally identifiable information |
| Email service provider | Transactional email delivery | Email address, email content |
Legal Requirements
We may disclose your information if required to do so by law or in response to a valid legal process, such as a subpoena, court order, or government request. Where permitted, we will notify you before disclosing your information in response to such a request.
Business Transfers
In the event of a merger, acquisition, sale of assets, or other business transfer, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
Data Security
We implement and maintain reasonable technical and organizational measures to protect your information against unauthorized access, loss, destruction, or alteration. Our security measures include:
- Encryption of data in transit using TLS (Transport Layer Security)
- Encryption of data at rest on our hosting infrastructure
- Secure password hashing — we never store your password in plain text
- Payment card data is handled exclusively by Stripe and never stored on our servers
- Access to user data is restricted to authorized personnel on a need-to-know basis
- Regular security reviews and monitoring of our systems
Data Retention
We retain your information for as long as your account is active or as necessary to provide you with the Service. Specifically:
- Trade data and journal content — retained for the duration of your account and for 30 days following account deletion, after which it is permanently deleted
- Account information — retained for the duration of your account and deleted within 30 days of account deletion, subject to legal retention obligations
- Payment records — retained for seven years as required by applicable financial record-keeping laws
- Log data and usage analytics — retained for a maximum of 12 months in identifiable form, after which it is anonymized or deleted
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to operate and improve the Service. The types of cookies we use are:
- Strictly necessary cookies — required for the Service to function, including session authentication and security. These cannot be disabled.
- Functional cookies — remember your preferences such as theme selection (dark/light mode) and account settings
- Analytics cookies — help us understand how users interact with the Service in aggregate. We use privacy-preserving analytics that do not track you across other websites
Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
Rights Available to All Users
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate or incomplete personal information
- Deletion — request deletion of your personal information and account
- Portability — export your trade data and journal content in a standard format
- Opt-out of communications — unsubscribe from non-essential communications at any time
California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To exercise your CCPA rights, contact us at support@metamorph.trade.
European Users (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing of, and object to the processing of your personal data. You also have the right to lodge a complaint with your local data protection authority.
Our legal basis for processing your personal data is primarily the performance of our contract with you (providing the Service) and our legitimate interests in operating and improving the Service. Where we rely on your consent, you may withdraw it at any time.
If you are located outside the United States, please be aware that your personal data may be transferred to and processed in the United States, where our servers are located. By using the Service, you consent to this transfer.
Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected personal information from a minor without parental consent, we will take steps to delete that information promptly.
If you believe we have inadvertently collected information from a minor, please contact us at support@metamorph.trade.
Third-Party Links and Services
The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy applies only to the Metamorph Service. We are not responsible for the privacy practices of any third-party websites or services, and we encourage you to review their privacy policies before providing any personal information.
Contact and Data Controller
Metamorph is the data controller responsible for your personal information. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@metamorph.trade