Your privacy is fundamental to how we build and operate Tracom.
Effective Date: August 15, 2025 | Last Updated: May 27, 2026
Quick Navigation
This Privacy Policy explains how Tobistech Ltd (Company No. 16037879), operating as Tracom Trading Journal ("we," "us," "our"), collects, uses, shares, and protects your personal information. We are committed to protecting your privacy and complying with global data protection laws including GDPR, UK GDPR, CCPA, and other applicable regulations.
🔒 We NEVER sell your personal data. Your trading information is yours alone.
Tobistech Ltd is the data controller responsible for your personal data processed through Tracom.
Registered Office: 82 King Street, Manchester, England, M2 4WQ
Company Number: 16037879
ICO Registration: Tobistech Ltd is confirming its ICO registration as a UK data controller under the Data Protection (Charges and Information) Regulations 2018. Our ICO registration number will be published here once confirmed. For enquiries about our data protection registration status, please contact dpo@tobistech.co.uk.
Contact: support@tobistech.co.uk
Data Protection Enquiries: dpo@tobistech.co.uk
Required Information:
Optional Information:
Note: We use Stripe for payment processing. We do NOT store credit card numbers.
If you sign in using social providers, we receive:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide trading journal services | Contract performance |
| AI feature generation (trade ideas, commentary and insights - data sent to third-party AI providers) | Contract performance (Premium subscribers); Legitimate interest (free users with limited AI access, subject to your right to object - see Section 5) |
| Process payments and subscriptions | Contract performance |
| Send service notifications | Contract performance |
| Customer support | Legitimate interest |
| Marketing communications | Consent |
| Improve app features | Legitimate interest |
| In-app advertising (free version) | Consent (personalised and non-personalised ads for UK/EEA users); opt-out available for California users under CPRA (see §11); Legitimate interest (other regions, subject to applicable local law and your device advertising preference settings) |
| Security and fraud prevention | Legitimate interest |
| Comply with legal requirements | Legal obligation |
Where we rely on legitimate interests, we have carried out documented balancing assessments and concluded our interests are not overridden by your rights. You have the right to object to such processing at any time - see Section 5.
Data collected for one of the purposes above will not be further processed for a different purpose that is incompatible with the original purpose without your prior notice or consent (UK GDPR Art. 5(1)(b)).
Important: We NEVER use your trading data for our own trading purposes or share it with third parties for trading purposes. Your strategies and trades remain confidential.
🔒 We NEVER sell, rent, or trade your personal information.
We only share your data in these limited circumstances:
Stripe
Payment processing (PCI-DSS compliant)
AWS (Amazon Web Services)
Cloud hosting and data storage (Virginia, USA)
SendGrid/Email Provider
Transactional emails and notifications
Tracom In-App Analytics (First-Party)
Subscription and paywall interaction events (e.g., paywall viewed, plan selected) are recorded to Tracom's own backend servers. No trade data, journal content, or personally identifying information is included in these events. Processed on the basis of our legitimate interest in understanding how users interact with the subscription flow and improving the service. You may object to this processing at any time by contacting us.
Firebase / Analytics Providers
Aggregated usage statistics, app performance monitoring and crash reports, linked to pseudonymous device identifiers. Only enabled with your prior consent where required by applicable law.
Google AdMob
In-app advertising on the free version of Tracom - Google may collect device identifiers, ad-interaction data and general location data for ad serving and measurement. See Google's Privacy Policy at policies.google.com/privacy.
AI Processing Providers
Third-party AI model providers used to generate trade ideas, market commentary and insights. Only the minimum data necessary to generate the requested output is shared (e.g., user prompts or trade context, which are minimised and pseudonymised or aggregated where practicable). Data shared is governed by applicable Data Processing Agreements.
When you choose to share journals publicly or with subscribers, that content becomes visible to those users. You control what to share.
We may disclose data when required by law, such as:
Depending on your location, you have specific rights regarding your personal data:
Supervisory Authority: You may lodge a complaint with the UK ICO (ico.org.uk) or your local data protection authority.
Tracom's AI features generate trade ideas, market commentary and educational outputs for your review. You retain full control over all trading decisions. We do not make solely automated decisions about you that produce legal or similarly significant effects within the meaning of Article 22 of the UK GDPR or GDPR.
If you believe any automated process has affected you in a significant way, or if you would like a human review of any AI-generated output applied to your account, please contact us at dpo@tobistech.co.uk.
How to Exercise Your Rights
📧 Email: privacy@tobistech.co.uk
⏱️ Response Time: Within 30 days
We may verify your identity for security purposes before processing requests.
We implement industry-standard security measures to protect your personal information:
Technical Measures
• 256-bit SSL/TLS encryption
• Encrypted database storage
• Secure AWS infrastructure
• Regular security audits
Operational Measures
• Access controls & authentication
• Regular backups
• Incident response procedures
• Staff training & NDAs
Note: While we use best practices, no internet transmission is 100% secure. Please use strong passwords and protect your account credentials.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
If you suspect your account has been compromised, please contact us immediately at support@tobistech.co.uk.
Your data may be transferred and processed internationally:
Primary Data Location:
🇺🇸 United States (AWS Virginia) - Main servers
🇬🇧 United Kingdom - Company headquarters
Safeguards for International Transfers:
Transfers to the United States are made under the UK International Data Transfer Agreement (IDTA) and/or Standard Contractual Clauses (SCCs) executed with our processors, as required by UK GDPR Art. 46. These are the applicable transfer mechanisms; no separate consent to the transfer is required or sought.
| Data Type | Retention Period |
|---|---|
| Account information | Until account deletion + 30 days |
| Trading journals | Until you delete them |
| Payment records | 7 years (legal requirement) |
| Support communications | 2 years |
| Security logs | 1 year |
| Marketing preferences | Until withdrawn |
Account Deletion: You can request account deletion anytime. We'll delete your data within 30 days, except where legal retention is required.
Age Restriction: Tracom is NOT for users under 18 years old.
We do not knowingly collect data from minors. If we discover a user is under 18, we will immediately:
If you believe a minor is using Tracom, please contact us immediately at safety@tobistech.co.uk
Categories of Information We Collect:
• Identifiers (name, email, IP address)
• Commercial information (subscription history)
• Internet activity (app usage)
• Geolocation data (country/region)
• Professional information (trading data)
Your California Rights:
✅ We DO NOT sell personal information
✅ We do not share personal information for cross-context behavioral advertising, except that where personalised in-app ads are enabled, limited device identifiers are shared with Google AdMob for advertising purposes (see opt-out below)
✅ You can request data deletion anytime
✅ You can access your data via app settings
California - Right to Opt Out of Sharing (CPRA): You may opt out of the sharing of your personal information for advertising purposes at any time by:
• Disabling personalised ads in your device settings (iOS: Settings → Privacy → Advertising; Android: Settings → Google → Ads), or
• Emailing privacy@tobistech.co.uk with the subject line "California - Do Not Share"
We will process your opt-out request within 15 business days as required by the CPRA.
To exercise your other California privacy rights, email: privacy@tobistech.co.uk with "California Privacy Rights" in the subject.
We may update this Privacy Policy to reflect changes in our practices or legal requirements.
When we make changes:
For material changes to the way we process your personal data, we will seek your active acknowledgement before those changes apply to your data. If you do not accept a material change, you may request deletion of your account. Continued use after non-material changes take effect constitutes acceptance of those changes.
For privacy questions, requests, or concerns:
Data Protection Enquiries
📧 dpo@tobistech.co.uk
For data subject rights requests, GDPR inquiries and formal data protection matters
General Privacy Inquiries
📧 privacy@tobistech.co.uk
For general privacy questions and account data requests
Postal Address
Tobistech Ltd, 82 King Street, Manchester, England, M2 4WQ, United Kingdom
Response Times
⏱️ General inquiries: 5 business days
⏱️ Data requests: 30 days (as required by law)
⏱️ Urgent security issues: 24 hours
If you're not satisfied with our response, you may contact:
🇬🇧 United Kingdom
Information Commissioner's Office (ICO)
ico.org.uk
🇪🇺 European Union
Your local data protection authority
edpb.europa.eu
Your Privacy is Our Priority
Questions? Reach out at privacy@tobistech.co.uk