From you directly:
Collected automatically:
We do not use session-recording tools, and we never use your journal content for advertising or model training. We do use limited advertising and measurement tools when we run ads — described in Section 7.
Account data, profile data, and journal content live in Supabase (a managed Postgres service) in their US-East-1 region. Payment processing and card data are handled by Stripe (US). The marketing pages and Vigil itself are served via Cloudflare Pages (global CDN).
We do not sell your data or transfer it for resale. Operationally we share data with the providers needed to run the service (Supabase, Stripe, Cloudflare). When we advertise, a limited set of events may also be shared with advertising platforms such as Meta to measure and improve our ads — described in Section 7.
We do not sell your data, ever. We do not use journal content for advertising, model training, or anything other than rendering it back to you.
Account data is kept while your account is active and for a reasonable period after cancellation (in case you reactivate). If you request deletion, we remove your journal data and personally identifying profile information; we retain transactional records (billing history) as long as required by tax and accounting obligations.
Passwords are hashed by Supabase Auth (industry-standard bcrypt). Connections to the site and to Vigil are encrypted in transit (HTTPS). Payment data is handled by Stripe and never touches our servers. We try to follow reasonable security practices, but no online service is invulnerable — see also the limitation of liability in our Terms.
Essential storage. We use browser local storage to keep you signed in and to cache Vigil's interface for performance. This is required for the app to work and is not used for advertising.
Advertising & measurement. When we run ads on platforms such as Meta (Facebook and Instagram), we use their measurement tools — including the Meta Pixel and the Conversions API — to understand whether our ads lead to visits, trials, and subscriptions, and to reach people with similar interests. These tools may set cookies and share a limited set of events (for example, a page view or a completed sign-up) with the platform. We do not share your journal content, your trade logs, or your password, and we never sell your data.
Your controls. You can manage ad personalization in your Meta account settings, and you can clear or block cookies through your browser. Where the law requires it — for example for visitors in the EU, the UK, or California — we honor applicable consent and opt-out requests before loading non-essential advertising tools. Meta's own data practices are described in its Privacy Policy.
If we add, remove, or change these tools, we'll update this policy and, where required, ask for your consent.
Hermetic Trader is not intended for use by anyone under 18. We do not knowingly collect data from minors. If we learn that we have, we will delete it.
This policy will be updated when the service changes meaningfully or when a more formal version is reviewed by counsel. Material changes will be communicated to active subscribers.
Privacy questions, data access or deletion requests, or anything else: hello@hermetictrader.com.