Help Log in Get started

Privacy Policy

Last updated: May 2026

1. Who we are

Nodira is a trading journal application. When you use Nodira, we act as the controller of your personal data.

For GDPR inquiries, contact us at: privacy@nodira.io

2. Data we collect

We collect and store the following personal data:

  • Account information: your email address, display name, profile details, language, timezone, and default currency
  • Trading data: accounts, symbols, dates, results, profit/loss figures, notes, strategy tags, account transactions, balance ledger entries, and import history
  • Psychology data: mindset tags, emotional scores, and mistake tags attached to trades
  • Integration data: encrypted broker credentials, cTrader sync metadata, uploaded chart attachments, and API key metadata for MT5 sync
  • Subscription records: plan name and subscription start/end dates used for account administration

3. Why we process your data

We process account, trading, integration, and preference data to provide the Nodira trading journal service. The legal basis is the performance of a contract (Article 6(1)(b) GDPR).

We process operational logs, security events, and limited error diagnostics for security and reliability. The legal basis is our legitimate interest in operating and protecting the service (Article 6(1)(f) GDPR).

We keep subscription administration records where required to meet legal, tax, or accounting obligations (Article 6(1)(c) GDPR).

4. How long we keep your data

We retain your data for as long as your account is active. When you delete your account, trading data, credentials, API keys, imports, and attachments are permanently deleted; the user record is anonymized and subscription administration records may be retained where legally required.

5. Third-party services

Nodira uses the following service providers:

  • Tigris stores uploaded chart attachments and profile avatars in object storage.
  • Mailgun sends transactional emails such as login, confirmation, feedback, and account deletion messages.
  • CloudAMQP transports integration and import messages between internal workers.
  • Sentry receives limited error diagnostics after sensitive fields are scrubbed.
  • Spotware/cTrader receives OAuth authorization requests when you choose to link a cTrader account.
  • The Frankfurter API is used to fetch currency exchange rates. No personal data is shared with this service; only currency codes are transmitted.

6. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request erasure of your data (right to be forgotten)
  • Receive a copy of your data in a portable format

You can exercise these rights from your account settings, or by contacting us at privacy@nodira.io.

7. Security

All data is transmitted over HTTPS. Broker credentials are encrypted at rest. Passwords are hashed using bcrypt.

Nodira only uses essential cookies for sessions, remember-me login, CSRF protection, request logging, and theme preferences. We do not use tracking or advertising cookies.