Privacy Policy
Last updated: March 2026
1. Data Controller
The data controller for this service is Trading Mirror, contactable at corporate.upload563@passinbox.com.
2. Data We Collect
Account Data
- Email address
- Password (stored as a bcrypt hash, never in plaintext)
- Display name (optional)
Portfolio Data
- Portfolio names, descriptions, and currency settings
- Holdings: ticker symbols, share quantities, entry prices, ISINs
- Price snapshots fetched from market data providers
- Uploaded CSV files (processed and discarded, not stored)
AI Conversation Data
- Messages you send to the AI analysis feature
- AI-generated responses
Usage Data
- IP address, browser type, device information (server logs)
3. Why We Collect Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide the service (account, portfolios, tracking) | Contract fulfillment (Art. 6(1)(b)) |
| AI portfolio analysis | Contract fulfillment (Art. 6(1)(b)) |
| Error monitoring and service stability | Legitimate interest (Art. 6(1)(f)) |
4. Third-Party Services
We share data with the following third-party services to provide the Service:
| Service | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude AI) | CSV parsing, portfolio analysis | Portfolio holdings data, conversation messages |
| Yahoo Finance | Market data, price quotes | Ticker symbols only |
5. Data Storage and Security
Your data is stored on servers located in the European Union (Germany). We use encryption in transit (HTTPS/TLS) and passwords are hashed using bcrypt. We implement reasonable security measures to protect your data, but no system is 100% secure.
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some data may be retained longer if required by law.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access — Request a copy of your personal data
- Rectification — Request correction of inaccurate data
- Erasure — Request deletion of your data ("right to be forgotten")
- Portability — Request your data in a machine-readable format
- Objection — Object to processing based on legitimate interest
To exercise any of these rights, contact us at corporate.upload563@passinbox.com. We will respond within 30 days.
8. Cookies
We use essential cookies for authentication and session management. No third-party tracking or analytics cookies are used. You can manage cookie preferences in your browser settings.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service.
10. Contact and Complaints
For questions or concerns about this Privacy Policy, contact us at corporate.upload563@passinbox.com.
You also have the right to lodge a complaint with a data protection supervisory authority in the EU member state where you reside or work.