Privacy Policy
This Privacy Policy explains how Proofline collects, uses, stores, shares, and protects information when you use the Proofline applications, website, APIs, public share links, and related services.
1. Provider and scope
"Proofline", "we", "us", and "our" refer to the Proofline service. This policy applies to the Proofline mobile, desktop, and web-connected services, including account access, trade journaling, broker or exchange sync, analytics, media attachments, notifications, support, and public trade sharing.
Unless a different legal entity, data controller, seller of record, or service provider is identified in the App Store listing, purchase record, in-app account information, or a written notice from us, Proofline acts as the operator and controller for account-owned application data described in this policy. Privacy, data-protection, access, and deletion requests should be sent to support@proofline.app.
Where applicable law requires an additional local representative, controller disclosure, or data-protection contact, we will provide that information through this page, the app, the relevant store listing, or our response to a verified request.
2. Information we collect
Account and authentication information
We process account identifiers, email address, display name, profile image where available, authentication provider identifiers, session and token state, onboarding status, selected language or locale, and security-related metadata needed to keep your account available and protected.
Journal account and trading records
Proofline is a trade journal. We process the trade and review data you enter or import, including journal accounts, instruments, directions, execution timestamps, quantities, prices, risk, stop and take-profit plans, realized results, notes, mistakes, rule checks, mood and lifestyle context, review fields, source metadata, inclusion settings, and related calculations.
Media and evidence
If you upload or attach evidence, we process file names, content types, file sizes, storage object paths, upload status, signed upload and download metadata, and the image files themselves, such as chart screenshots or other trade evidence you choose to upload.
Audio and AI draft data
If you use voice draft features, we process the audio file, transcript, detected language or locale, time-zone context, extracted draft fields, provider responses, usage counters, and related error or diagnostic data needed to create the draft and enforce usage limits.
Broker, exchange, and sync information
If you use sync or import features, we may process connection configuration, provider name, account identifiers, imported trades, source types, environments such as real or demo, refresh status, import errors, report-upload metadata, and any credentials or authorization material required to operate the integration. Sensitive credentials are handled for the purpose of providing the connection and should never be sent through support email.
Technical, device, and diagnostic information
We may process app version, platform, device type, operating system, network request metadata, log data, crash or diagnostic events, notification device registration data, IP-derived request context, and security events needed to operate, troubleshoot, secure, and improve the service.
Support communications
If you contact support, we process the contact details, message contents, attachments, links, account references, and follow-up information you provide.
3. How we use information
- Provide account access, authentication, onboarding, profile, and journal account features.
- Create, edit, store, retrieve, delete, and display trade records and supporting review context.
- Generate analytics, calendar views, performance summaries, edge and psychology review surfaces, and other decision-support read models.
- Operate broker, exchange, report-upload, and refresh workflows where enabled.
- Store and serve chart images and other media evidence you choose to attach.
- Transcribe short voice notes and extract structured trade drafts where the feature is enabled.
- Verify subscription status, free trials, renewals, restorations, and Pro entitlements.
- Create, open, revoke, and protect public share links for read-only shared trade views.
- Send service, security, recovery, notification, and support communications where appropriate.
- Detect abuse, secure the service, debug incidents, enforce limits, and comply with law.
- Improve reliability, usability, localization, and product quality.
4. Public share links
Proofline can create read-only public trade links. A public link may expose the selected trade data and related attachments or metadata included in the shared view to anyone who has the URL and required token. Share links are explicit, token-based, and can be regenerated or revoked where the app exposes that control.
Do not create or distribute a public share link for information you want to keep private. If a shared link was distributed by mistake, revoke it in the app where available and contact support.
5. Analytics and decision support
Proofline analytics are review and reporting tools. They may calculate performance summaries, calendar views, symbol or session breakdowns, rule and mistake patterns, and psychology-related signals based on the data available in your account. These outputs are not investment, trading, tax, financial, legal, or risk-management advice.
AI-generated drafts, transcripts, extracted fields, and similar outputs are produced for review convenience only. They may be incomplete or inaccurate, and you are responsible for reviewing and editing them before saving or relying on them.
Analytics can be incomplete or misleading if your trade data is incomplete, incorrectly entered, stale, excluded, duplicated, or imported from a provider with limitations. You remain responsible for verifying trading records against your broker, exchange, and account statements.
6. Legal bases where applicable
Depending on your location, we rely on one or more legal bases to process information: performance of a contract when we provide the service you requested; legitimate interests such as security, fraud prevention, debugging, service improvement, and support; consent where required for optional features or communications; and legal obligation where retention, disclosure, or compliance is required by law.
Where laws such as the GDPR, UK GDPR, KVKK, CCPA/CPRA, or similar privacy laws apply, we interpret the bases above according to those laws. Optional features that depend on consent can be declined or withdrawn where required, but some features may stop working if the related data is no longer processed.
Proofline is not designed to collect sensitive personal information unless you choose to enter it into optional notes, lifestyle, media, or support fields. Avoid adding government identifiers, health details, biometric information, private credentials, or other highly sensitive data unless you understand the risk and have the right to provide it.
7. Service providers and third parties
We use service providers to operate Proofline. These may include authentication providers, cloud hosting, database infrastructure, storage providers, notification gateways, crash and diagnostic tools, email or support tools, market-data providers, and broker or exchange integration providers.
Proofline currently relies on services such as Supabase for authentication and storage-related infrastructure, PostgreSQL-backed application data, optional Firebase notification infrastructure, Twelve Data or similar market-data providers, and provider-specific broker or exchange integrations. Third-party services process information according to their own terms and privacy practices when you interact with them directly or authorize a connection.
Voice draft features may use AI infrastructure providers, such as OpenAI or Google Gemini, to transcribe audio and extract structured draft fields when those providers are configured. Subscription features may use Apple and RevenueCat as described below.
We do not sell personal information in the ordinary meaning of selling a customer list or journal content for money. We also do not use your private trade journal content to operate a public social trading feed.
8. Premium, billing, and app stores
Proofline offers premium features through app-store subscriptions. Payment is handled by Apple; we do not receive or store payment card details. Apple may provide purchase receipts and a pseudonymous app account token to RevenueCat, our subscription infrastructure provider, so subscription status can be verified.
RevenueCat stores and sends subscription state such as status, entitlement, product id, renewal timing, free-trial timing, cancellation or expiration state, transaction identifiers, and related purchase metadata. We store the resulting entitlement state against your Proofline user id so Pro features unlock correctly across devices and so purchase restoration can work.
We do not receive your full payment card number through the app-store purchase pipeline. We also do not receive your Apple Account password or Apple payment credentials.
9. Retention
We retain account, journal, trade, media, sync, and analytics-related information for as long as needed to provide the service, maintain security, comply with law, resolve disputes, enforce agreements, and support backups or audit requirements. Public share links may remain accessible until revoked, expired, deleted, or otherwise disabled.
If you delete content or close an account, some information may remain for a limited period in backups, logs, security records, legal records, or provider systems where immediate deletion is not technically or legally possible.
Authenticated account deletion is intended to remove account-owned application data such as profile data, journal accounts, trades, attachments, sync connections, trading plans, and notification registrations, subject to backup, security, legal, provider, and billing-record limitations. Deleting your Proofline account does not remove records maintained by Apple, RevenueCat, broker or exchange providers, or other third-party services under their own terms.
10. Security
We use reasonable technical and organizational safeguards designed to protect information, including access controls, transport security, token-based access for public share links, provider-managed authentication, and storage controls. No online service can guarantee absolute security.
You are responsible for protecting your account credentials, devices, email inbox, recovery links, broker credentials, API keys, and public share links. Contact us promptly if you suspect unauthorized access.
11. International processing
Proofline and its service providers may process information in countries other than your country of residence. Where required, we use appropriate safeguards for cross-border transfers, such as provider contractual commitments or other lawful transfer mechanisms.
Cross-border processing may rely on mechanisms available under applicable law, including provider data-processing terms, contractual commitments, Standard Contractual Clauses or similar transfer terms, adequacy decisions, consent where valid, or other lawful safeguards for the relevant provider and data category.
12. Your choices and rights
Depending on your location, you may have rights to request access, correction, deletion, export, restriction, objection, or withdrawal of consent for certain processing. You may also have the right to complain to a data protection authority.
To make a request, contact support@proofline.app. We may need to verify your identity and account ownership before acting on a request. Some requests may be limited by security, legal, fraud prevention, backup, or operational requirements.
If you are in the EEA, UK, Switzerland, California, or another jurisdiction with specific privacy rights, additional rights or response timelines may apply. We will handle requests according to the law that applies to your account and our operations.
We will respond to verified privacy requests within the timeframe required by the law that applies to the request. If a request is denied, limited, or delayed, we will explain the reason where required. If you are not satisfied with our response, you may have the right to contact your local data protection authority, consumer authority, or other regulator.
We do not sell your personal information as "sale" is commonly understood, and we do not share private journal content for cross-context behavioral advertising. If a future feature requires a regional opt-out or additional privacy notice, we will provide it before enabling that processing where required.
13. Children
Proofline is not directed to children and is intended for users who are legally able to manage accounts and make their own trading decisions. If you believe a child has provided personal information to Proofline, contact us so we can take appropriate action.
14. Changes to this policy
We may update this Privacy Policy as the product, providers, laws, or operating practices change. The updated version will be posted on this page with a revised effective date. Material changes may also be communicated in-app or by other reasonable means where required.
15. Contact
Privacy questions, access requests, deletion requests, and security concerns can be sent to support@proofline.app.