Privacy Policy

1. Information We Collect

We collect information you provide directly when creating an account and using the Service:

• Account information: display name, email address, and university affiliation (optional).
• Activity data: simulated trades, lesson progress, quiz attempts, streaks, and achievements earned within the platform.
• Billing information: subscription status and payment history (payment card details are handled exclusively by Stripe and are never stored on our servers).
• Usage data: pages visited, features used, and interaction events collected for product analytics (see §6).
• Technical data: IP address, browser type, operating system, and device identifiers collected automatically.

2. How We Use Your Information

We use collected information to:

• Operate the platform and deliver core features (trading, lessons, leaderboards).
• Personalize your learning experience and track progress.
• Process subscription payments and manage billing.
• Send transactional notifications (e.g., payment receipts, streak reminders).
• Improve the Service through analytics and aggregated usage insights.
• Detect and prevent fraud, abuse, and violations of our Terms of Service.
• Comply with legal obligations.

We do not sell your personal information to third parties.

3. Authentication — Clerk

Authentication is handled by Clerk. Your credentials (password, OAuth tokens) are managed entirely within Clerk's secure infrastructure. We store only a reference identifier (Clerk User ID) to link your Clerk identity to your PaperTrade Academy profile. We never store or have access to your password.

4. Payments — Stripe

Payment processing is handled by Stripe. When you subscribe to a paid plan, your payment card details are collected and stored by Stripe directly. We receive only subscription status, billing period, and a Stripe customer identifier. Stripe's privacy policy governs how they handle your payment data.

5. Market Data — Massive

Simulated market prices are sourced from Massive (formerly Polygon.io). This API connection is server-side only; your personal information is not shared with Massive.

6. Analytics

We use an in-house analytics system to understand how users interact with the Service. Usage data (page views, feature interactions, and performance metrics) is stored in our own database and is not shared with third-party analytics providers. Only opaque user identifiers are recorded — no raw email addresses or other PII are included in analytics events. Error monitoring is handled locally via structured server logs; no error data is sent to third-party services.

7. Cookies & Local Storage

We use essential cookies and browser storage for session management and authentication (provided by Clerk). You can configure cookie preferences through your browser settings, though disabling essential cookies may impact platform functionality.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Upon account deletion:

• Your personal data will be deleted or anonymized within 30 days.
• Aggregated, non-identifiable data (e.g., anonymized trading statistics) may be retained for analytics purposes.
• Transaction records required for legal or accounting purposes may be retained for the legally required period.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your personal data (right to erasure/right to be forgotten).
• Portability: request an export of your data in a machine-readable format.
• Objection: object to processing of your data for certain purposes.

To exercise any of these rights, please contact us at support@papertradeacademy.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have inadvertently received personal information from a user under 18, we will delete such information from our records.

11. Security

We implement industry-standard security measures including HTTPS/TLS encryption, authentication via Clerk, server-side only access to API keys and secrets, and rate limiting on sensitive endpoints. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

12. International Users

The Service is operated from [jurisdiction to be confirmed by legal counsel]. If you access the Service from outside this jurisdiction, your information may be transferred to and processed in countries that may have different data protection laws. By using the Service, you consent to such transfers.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the “Last updated” date and, where appropriate, by sending you an email or in-app notice. Your continued use of the Service after changes constitutes your acceptance of the updated Policy.

14. Contact

For privacy-related inquiries or to exercise your rights, please contact our privacy team at support@papertradeacademy.com.