Privacy Policy

Last updated: May 2026

1. Data Controller

The data controller responsible for the processing of your personal data on this website is:

Christian von Massow

Christian von Massow’s SaaS Tools

Eschersheimer Landstraße 42

60322 Frankfurt am Main, Germany

E-Mail: contact@storecheckr.io

2. What Data We Process and Why

2.1 Account and Session Data

When you subscribe, we create a session linked to your Stripe customer account. Your email address (as provided to Stripe during checkout) is stored in our session database solely to display it within the application and to associate your session with your active subscription. A session token is stored as an HTTP-only cookie in your browser for authentication purposes. This cookie is not accessible to JavaScript and is never transmitted to third parties.

Legal basis: Article 6(1)(b) GDPR — processing is necessary for the performance of the subscription contract.

2.2 Payment Data

All payment processing is handled exclusively by Stripe, Inc. We do not collect, store, or have access to your payment card details. We receive only confirmation of your subscription status from Stripe via secure webhooks. Stripe’s data processing is governed by Stripe’s own Privacy Policy.

Legal basis: Article 6(1)(b) GDPR — necessary for processing your subscription.

2.3 Trade Logger (Local Storage)

The in-app trade logger stores your logged trades in your browser’s local storage (goldoiltrader_live_trades). This data never leaves your device and is not transmitted to our servers. It contains no personal information.

2.4 Server Access Logs

When you visit this website, our hosting infrastructure automatically records standard access log data, which may include your IP address, browser type, operating system, referring URL, date and time of access, and pages visited. This data is used solely for security and availability purposes. Access logs are retained for a maximum of 30 days.

Legal basis: Article 6(1)(f) GDPR — legitimate interests in maintaining the security and proper functioning of the service.

2.5 Contact by Email

If you contact us by email, we process your email address and the content of your message to respond to your enquiry. We do not store email correspondence beyond what is necessary to handle your request.

Legal basis: Article 6(1)(f) GDPR — legitimate interests in responding to user enquiries.

3. Third-Party Sub-Processors

We use the following third-party services to deliver tradeanalyzer.io:

Stripe, Inc.

354 Oyster Point Blvd, South San Francisco, CA 94080, USA

Purpose: Payment processing, subscription management, customer billing.

Upstash, Inc.

Purpose: Serverless Redis database used to store session tokens and subscription status. No personal trading data is stored.

Twelve Data

Purpose: Real-time and historical market data provider. API requests contain only instrument and timeframe parameters — no personal user data is transmitted.

Vercel, Inc.

340 Pine Street, Suite 701, San Francisco, CA 94104, USA

Purpose: Application hosting and infrastructure. Standard server access logs may be retained as described in section 2.4.

Where data is transferred to service providers in the United States, the transfer is based on the EU-U.S. Data Privacy Framework and/or Standard Contractual Clauses where applicable.

4. Cookies

tradeanalyzer.io uses a single, strictly necessary HTTP-only session cookie (sid) to maintain your login session after subscribing. This cookie:

Contains only an opaque random session identifier — no personal data.
Is set as HTTP-only, meaning it cannot be accessed by JavaScript.
Is used solely to verify your active subscription on each request.
Expires after 35 days of inactivity or when you log out.

No tracking cookies, advertising cookies, or analytics cookies are set on your device.

5. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of access (Art. 15 GDPR): You may request information about which personal data we process about you.
Right to rectification (Art. 16 GDPR): You may request correction of inaccurate personal data.
Right to erasure (Art. 17 GDPR): You may request deletion of your personal data where processing is no longer necessary.
Right to restriction (Art. 18 GDPR): You may request that we restrict processing of your data under certain circumstances.
Right to data portability (Art. 20 GDPR): Where applicable, you may request your data in a structured, machine-readable format.
Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests.

To exercise any of these rights, contact us at contact@storecheckr.io.

6. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for tradeanalyzer.io is:

The Hessian Commissioner for Data Protection and Freedom of Information

P.O. Box 3163, 65021 Wiesbaden, Germany

Website: datenschutz.hessen.de

7. Changes to This Policy

We may update this Privacy Policy from time to time as the service evolves. The date at the top of this page indicates when the policy was last updated. We recommend reviewing this page periodically. Continued use of tradeanalyzer.io after changes constitutes acceptance of the updated policy.