Privacy Policy

Last Updated: March 28, 2026

This Privacy Policy describes how TradingGoose Studio handles personal data when the TradingGoose project owner operates the website, app, APIs, or hosted services (collectively, the "Service").

If you use a self-hosted deployment or a deployment operated by someone else, that operator is responsible for its own privacy notice, data handling, cookies, analytics, integrations, and security practices.

1. Scope and Roles

This Privacy Policy applies to project-operated deployments of TradingGoose Studio. For self-hosted deployments or deployments operated by someone else, that operator controls its own configuration, storage, integrations, analytics, retention, and compliance.

In those cases, the third-party operator, not the TradingGoose project owner, is the primary controller or operator for that deployment's user data.

2. Information We Collect

Account and authentication data

We may collect information you provide when creating or using an account, such as your name, email address, login method, profile details, organization membership, and account settings.

Content and workflow data

We may process prompts, chats, files, documents, workflow definitions, logs, indicator scripts, watchlists, templates, and other content you submit or generate through the Service.

Connected account and integration data

If you connect third-party services, we may receive account identifiers, OAuth tokens, metadata, and the third-party data you authorize us to access. Depending on what you enable, this may include services such as Google, GitHub, Microsoft, Slack, Stripe, and broker or market-data providers.

Payment and subscription data

If paid plans or usage billing are enabled, billing is handled through payment providers such as Stripe. We may receive billing metadata such as customer IDs, subscription status, invoices, and payment outcomes, but we do not store full payment card details ourselves.

Technical and usage data

We may automatically collect information such as IP address, browser type, device information, timestamps, error data, request logs, feature usage, page visits, and performance metrics.

Cookies, local storage, and analytics

The Service uses cookies, local storage, and similar technologies for authentication, session management, preferences, security, and product analytics.

If analytics features are enabled by the deployment, they may include OpenTelemetry event collection and PostHog analytics. PostHog may collect page views, clicks, form interactions, and session replay data. Password fields are masked in replay, but other form inputs may not be.

Optional training dataset exports

Some deployments may enable optional copilot-training features. If you explicitly use those features, the recorded workflow-edit dataset you choose to submit may be sent to a configured indexing or training service.

3. Sources of Information

We may collect information directly from:

  • You, when you create an account, upload content, connect services, or contact us.
  • Your browser, device, and use of the Service.
  • Third-party accounts and APIs that you choose to connect.
  • Payment providers, analytics providers, hosting vendors, and operational vendors.

We may also derive operational or diagnostic information from logs, execution results, billing events, and system telemetry.

4. How We Use Information

We may use information we collect to:

  • Provide, maintain, and secure the Service.
  • Authenticate users and manage accounts, organizations, and permissions.
  • Store, execute, and troubleshoot workflows, chats, files, and integrations.
  • Process payments, subscriptions, usage limits, and billing communications.
  • Respond to support requests, bug reports, and product feedback.
  • Monitor performance, reliability, fraud, abuse, and security incidents.
  • Improve the Service and develop new features.
  • Comply with legal obligations and enforce our terms and policies.

If you use AI or automation features, your content may be processed by model providers or integration providers selected by you or configured by the deployment in order to deliver the requested feature.

5. How We Share Information

We may share information with:

  • Service providers that help us operate the Service, such as hosting, storage, email, analytics, logging, and payment vendors.
  • Third-party platforms, model providers, and APIs when needed to run the workflows, integrations, or features you enable.
  • Law enforcement, regulators, courts, or other parties when legally required.
  • A successor or buyer in connection with a merger, acquisition, financing, or transfer of the Service.

We do not sell personal information for money. Third-party service transfers may still occur when you enable connected features or when a deployment uses analytics or other operational vendors.

6. Google, AI Providers, Broker Integrations, and Other Connected-Service Data

If you connect Google or other third-party services, we access and use that data only as needed to provide the features you enable, subject to your permissions and the connected provider's terms.

We do not use Google user data obtained through Google APIs to train generalized AI or ML models.

Outside the optional training-dataset feature described above, we do not use your workflow content to train generalized models for the Service.

7. Cookies, Local Storage, Telemetry, and Analytics

The Service uses cookies, local storage, and related technologies for login sessions, authentication state, UI preferences, account settings, security, product analytics, and similar operational functions.

For project-operated deployments, anonymous telemetry may be enabled by default and may be controllable through product settings depending on the deployment and your account state.

Some deployments may also enable PostHog or similar analytics tooling for page analytics, interaction analytics, and session replay. If you run a self-hosted deployment, your operator controls whether such tooling is enabled and where data is sent.

8. International Processing

Information may be processed in the United States and other countries where our vendors, infrastructure, or connected service providers operate. Data-protection laws may differ between jurisdictions.

9. Retention

We keep information for as long as reasonably necessary to operate the Service, maintain your account, process billing, investigate abuse, comply with legal obligations, and resolve disputes.

Retention periods may vary by data type and deployment configuration. Self-hosted or third-party operators control their own retention settings for their deployments.

10. Security

We use reasonable administrative, technical, and organizational safeguards to protect information, but no system is completely secure. You are also responsible for protecting your account credentials, API keys, and connected third-party accounts.

11. Your Choices and Rights

Depending on where you live, you may have rights to access, correct, delete, export, or object to certain uses of your personal data.

You may also be able to control some collection directly through product settings, such as anonymous telemetry preferences, or by disconnecting third-party accounts.

If you are in the EEA, UK, or another jurisdiction with similar rights, you may also have rights related to restriction, objection, withdrawal of consent where consent is used, and complaint to a supervisory authority.

If you are a California resident, you may have rights to know, access, correct, delete, and receive information about categories of personal information we collect, use, and disclose for project-operated deployments, subject to legal exceptions.

To make a privacy-related request for a project-operated deployment, contact support@tradinggoose.ai. If you use a self-hosted or third-party deployment, contact that operator instead.

12. Children's Privacy

The Service is not intended for children under 18, and we do not knowingly collect personal data from children through the project-operated Service.

13. External Services

This Privacy Policy does not cover third-party services, brokerages, model providers, market-data providers, or sites that you connect to or visit through the Service. Review those providers' own terms and privacy notices.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date on this page. Material changes will apply when posted unless a longer notice period is required by law.

15. Contact

If you have questions, requests, or complaints regarding this Privacy Policy for a project-operated deployment, contact us at support@tradinggoose.ai.

We do not currently publish a separate mailing address on this page. If that changes, we will update this policy.