Privacy Policy

FundWarden ("we", "us", "our") respects your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data. By using FundWarden, you consent to the practices described here.

1. Information We Collect

1.1 Account Information

Email address, display name (optional), phone number (optional), detected country (for payment routing), and referral code (if applicable). If you sign in via Google, we receive your email and basic profile only. We do not access your contacts, calendar, or other Google data. Your password is securely hashed and never stored in plain text.

1.2 Trading Data

Data you provide or that is generated through your use of FundWarden, including: trading configuration (account size, loss limits, instruments), session records (mood, reflections, lock status), trade records (P&L, instrument, notes), prop firm account details (balances, drawdown limits, status), and custom trading rules you create.

1.3 MT5 Integration Data (if you connect MetaTrader 5)

If you use our MT5 Expert Advisor, we receive closed trade data (symbol, P&L, lot size, direction, timestamps), your broker name, and MT5 account number. An API key is generated for secure communication between your MT5 terminal and FundWarden. We do not access open trades, pending orders, or real-time market data.

1.4 Payment Information

We do not collect or store your credit card, debit card, UPI, or bank account details. All payment processing and saved payment methods are handled entirely by Razorpay (India) or Paddle (international) on their own secure systems. We only store your subscription status and billing cycle dates to manage your access.

1.5 Information We Do NOT Collect

• We do not use tracking pixels, behavioral tracking tools, or advertising trackers. We may use privacy-friendly analytics to understand general website usage (such as page views), but never to track your individual trading data or personal behavior.
• We do not collect your IP address for profiling or advertising purposes. IP addresses are only used temporarily for rate limiting (in-memory, not stored).
• We do not collect device information or browser fingerprints. We detect your country only to route you to the correct payment provider (see Section 1.1).
• We do not collect or access your open/floating trades, pending orders, or real-time market data from MT5.

2. How We Use Your Information

• Provide the Service: Log trades, calculate statistics, track streaks, monitor drawdowns, trigger alerts, lock sessions within the FundWarden app, display rule reminders, and show motivational content.
• Authentication: Verify your identity when you log in, reset your password, or connect via Google OAuth.
• Subscription management: Process payments through Razorpay or Paddle, manage your billing cycle, handle trial expiration, and provide access to paid features.
• MT5 integration: Receive and process trade data from your Expert Advisor and display relevant alerts on your MT5 terminal.
• Communication: Send email verification, password reset, and subscription-related emails (such as payment reminders or expiry notices). We do not send marketing emails, newsletters, or promotional content.
• Referral tracking: If you signed up via a referral link, we track the referral to calculate commission. This does not affect your experience or pricing.
• Security: Rate limiting and abuse prevention to protect your account.
• Service improvement: Aggregate, anonymized statistics may be used to understand usage patterns and improve the Service. We do not sell or share individual user data.

3. Third-Party Services

FundWarden uses third-party services for payment processing, database hosting, application hosting, and optional authentication. Each has access only to the minimum data necessary to perform its function. We do not share your trading data with any payment provider.

Payment Providers

• Razorpay (India): processes your email and payment credentials. Privacy policy: razorpay.com/privacy
• Paddle (international): acts as our Merchant of Record. Paddle is the legal seller, handles applicable taxes, and processes your email, country, and payment credentials. Privacy policy: paddle.com/legal/privacy

Other Services

• Google (optional sign-in): if you sign in with Google, we receive only your email and basic profile. We do not access your contacts, calendar, or any other Google service.

Subprocessors (GDPR Art 28 / DPDP §11)

The vendors below process your data on our behalf under written contract. Each is bound to process only as instructed and to security obligations at least as strict as those in this policy. We give 30 days' notice of subprocessor changes via this page.

• Supabase — Postgres database + authentication + realtime delivery. Region: Mumbai (India), encryption at rest + in transit. Privacy policy: supabase.com/privacy.
• Vercel — Application hosting, request routing, edge logs. Region: Global edge with database calls pinned to Mumbai. Privacy policy: vercel.com/legal/privacy-policy.
• Sentry — Error and performance monitoring. PII filters strip emails, tokens, and webhook signatures before events leave our servers. Region: Frankfurt, Germany (EU). Privacy policy: sentry.io/privacy.
• Cloudflare — DNS resolution only (gray cloud, traffic not proxied). Privacy policy: cloudflare.com/privacypolicy.
• Upstash — Distributed rate-limiting (Redis). We store request counters keyed by IP + endpoint name; no personal data. Privacy policy: upstash.com/trust/privacy.pdf.
• Resend — Transactional email delivery (account confirmations, password resets). We forward only the email address + the message body our system generates. Privacy policy: resend.com/legal/privacy-policy.
• Cloudflare Turnstile — Bot-protection CAPTCHA on signup, signin, and password reset. Privacy-friendly alternative to reCAPTCHA. Privacy policy: cloudflare.com/privacypolicy.

We do not sell, rent, or share your personal data with any other third parties for advertising, marketing, or data brokerage purposes.

4. Cookies and Local Storage

FundWarden uses only essential cookies required for authentication and basic functionality (such as keeping you logged in and referral attribution). We also store UI preferences (such as theme selection) in your browser's local storage. These contain no personal data.

We do not use any tracking cookies, analytics cookies, or advertising cookies.

5. Data Security

We take the security of your data seriously and implement industry-standard measures including:

• All data is transmitted over encrypted connections (HTTPS/TLS).
• Passwords are securely hashed and never stored in plain text.
• Database access controls ensure you can only access your own data.
• Payment webhooks are cryptographically verified.
• Rate limiting is applied on sensitive endpoints to prevent abuse.
• MT5 API keys are masked after initial generation and never logged.
• No payment credentials or secret keys are ever exposed to the browser.

6. Data Retention

• Your data is retained for as long as your account is active.
• If your subscription expires, your data is retained indefinitely so you can access it if you re-subscribe.
• If you request account deletion, all your data is permanently deleted from our database, including sessions, trades, statistics, custom rules, MT5 connections, referral records, and alert history. This deletion is irreversible.
• Third-party payment providers (Razorpay, Paddle) may retain transaction records independently according to their own data retention policies.

7. Your Rights

Regardless of where you are located, you have the following rights regarding your personal data:

• Right to access: All your trading data, sessions, statistics, and settings are visible within the FundWarden app at all times. You may also request a copy of your data by emailing us.
• Right to rectification: You can update your account settings, edit custom rules, and modify prop firm account details at any time through the Settings page.
• Right to erasure (deletion): You can request complete account deletion by emailing support@fundwarden.com. We will delete all your data as soon as reasonably possible. This is irreversible.
• Revoke MT5 connection: You can revoke your MT5 API key at any time from Settings, which immediately stops all data flow from your MT5 terminal to FundWarden.
• Cancel subscription: You can cancel your subscription at any time from Settings (see Terms of Service, Section 6.4).

7.1 For EU/EEA/UK Residents (GDPR)

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local Data Protection Authority (DPA) if you believe your data is being processed unlawfully.

7.2 For Indian Residents (DPDP Act)

If you are located in India, you have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act), including the right to access, correct, and erase your personal data, and the right to nominate another person to exercise your rights in the event of your death or incapacity. You may also file a complaint with the Data Protection Board of India.

To exercise any of these rights, contact us at support@fundwarden.com. We will respond as soon as reasonably possible.

8. Children's Privacy

FundWarden is not intended for anyone under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@fundwarden.com and we will delete that information promptly.

9. International Data Transfers

FundWarden's services are hosted on cloud infrastructure that may be located in different geographic regions. Your data may be processed and stored in multiple countries depending on the service providers involved (database hosting, payment processing, application hosting).

By using FundWarden, you consent to the transfer and processing of your data in these regions.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the app. Changes take effect upon posting unless otherwise stated. The "Last updated" date at the top of this page will be revised accordingly.

11. Grievance Officer

In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, the Grievance Officer for FundWarden is:

Designation: Founder & Grievance Officer, FundWarden
Email: support@fundwarden.com (subject line: "Grievance")
Response time: We will respond as soon as reasonably possible.

12. Contact

If you have questions about this Privacy Policy or your data, please contact us at: support@fundwarden.com