Privacy Policy

We built Flawless Trading System because we think accountability makes traders better. To do that, we collect the minimum data needed to clone your voice, run your sessions, and keep your trading journal. We don’t sell your data. We don’t use your voice to train public AI models. You can delete everything anytime.

Account data — your email, name, phone (if you opt into SMS reminders), timezone, and chosen UI accent color.

Voice biometric data — audio recordings captured during your onboarding call (and any voluntary additional training). We use these to build and operate your personal AI voice clone. This is sensitive data and gets the strictest protection we offer.

Trading data — the trades you log, session transcripts, your flawless self profile (rules, setups, personal WHY, motivations). You type most of this in; some is extracted from your onboarding call transcript.

Usage data — which pages you visit, how long sessions run, errors that occur. No third-party ad trackers, no social pixels, no fingerprinting scripts.

Broker credentials (if you connect one) — Tradovate or Rithmic API credentials are stored encrypted with AES-256-GCM using a key we hold separate from the data itself.

Payment data — processed by Stripe. We never see or store your card number; we receive only a token and your subscription status.

• Provide the Service: clone your voice, run sessions, save your journal
• Send you the account you signed up for and any support you ask for
• Bill your subscription via Stripe
• Send the SMS/email reminders you’ve opted into (you can turn these off)
• Investigate bugs, abuse, and security incidents
• Improve the product — aggregate, anonymized analysis only; never your identifiable data

• We don’t sell your data to anyone
• We don’t use your voice sample to train public/foundation AI models
• We don’t show you ads or share data with ad networks
• We don’t let other users access your voice, transcripts, or trade journal
• We don’t keep data longer than needed for the purpose we collected it

We rely on a small number of trusted infrastructure providers. Each one only receives what they need to do their job:

• Supabase — database, auth, and encrypted storage for all account + voice data. Hosted in US/EU regions.
• Vercel — application hosting. Sees HTTP requests.
• Stripe — subscription payments. Handles card data directly; we receive only a token.
• Anthropic (Claude) — generates session dialogue. Receives the session prompt + conversation history during a turn. Anthropic does not train on API data.
• Groq (Whisper) — transcribes your spoken voice to text. Receives audio for the duration of transcription.
• Replicate (Chatterbox) — runs the voice cloning model. Receives your voice sample URL + text to synthesize, per request.
• Twilio — sends SMS reminders (only if you opt in).
• Resend — sends transactional email.

None of these providers can use your data for their own purposes under the agreements in place. If we add or change providers, we’ll update this list.

Depending on where you live, you have the right to:

• Access the data we hold about you
• Correct anything that’s wrong
• Delete your account and all associated data
• Export your data in a portable format
• Withdraw consent for voice biometric processing (this means we delete the voice sample)
• Object to processing we rely on legitimate interest for

To exercise any of these, email ralphtradesnq@gmail.com. We respond within 30 days. For voice sample deletion specifically, you can also self-serve from Settings → Voice sample.

We keep your data for as long as you have an active account. If you delete your account:

• Voice samples and audio are deleted within 7 days
• Trade journal, transcripts, and profile data are deleted within 30 days
• Billing records are retained for 7 years (tax/legal requirement)

Data in transit is encrypted via TLS 1.2+. Data at rest (in Supabase) is encrypted by default. Broker credentials get a second layer of encryption with AES-256-GCM using a key held in environment variables, separate from the data itself. Voice samples sit in a private bucket — publicly-accessible URLs are generated only for individual TTS requests and expire quickly.

Perfect security doesn’t exist. If we experience a breach affecting your data, we’ll notify you and relevant regulators within the timeframes required by law.

The Service is not for anyone under 18. We don’t knowingly collect data from minors. If you believe a minor has given us data, email us and we’ll delete it.

We’re based in Quebec, Canada. Your data may be processed in Canada, the US, or the EU depending on which provider is handling what. When we transfer EU data to Canada or the US we rely on adequacy decisions (Canada) or standard contractual clauses (US).

We use essential cookies for authentication (your Supabase session) and a preference cookie for your chosen accent color. No analytics cookies, no ad cookies, no third-party trackers.

Material changes to this policy will be announced via email or in-app notice at least 14 days before taking effect.

Privacy questions, data requests, or breach notifications: ralphtradesnq@gmail.com.