Privacy Policy

1. Introduction

Welcome to ZERO TILT ("we," "our," or "us"), a trading psychology application operated by Pedro Rubio (DBA Blackfyre). ZERO TILT helps traders manage tilt, revenge trading, and FOMO through journaling, streak tracking, urge logging, AI coaching, community forums, site blocking, breathing exercises, and cognitive games.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web application, desktop application, browser extensions, and related services (collectively, the "Service"). By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.

We are committed to protecting your privacy and handling your data transparently. Because our app deals with sensitive personal reflections about trading behavior, we take extra care to ensure your data is secure and used only as described in this policy.

2. Information We Collect

We collect the following categories of information when you use ZERO TILT:

2.1 Account Data

When you create an account, we collect:

• Email address — used for authentication, account recovery, and transactional communications
• Password — securely hashed using industry-standard algorithms; we never store plain-text passwords
• Display name — your chosen public name within the app
• Trader name — an optional alias used in community features
• Avatar URL — a link to your profile picture
• Age confirmation — we verify you are 13 years of age or older; we do not collect your exact date of birth
• Timezone — used to display accurate timestamps and schedule notifications

2.2 Profile Data

To personalize your experience, you may optionally provide:

• Trading style (e.g., day trading, swing trading, scalping)
• Markets traded (e.g., equities, forex, crypto, futures)
• Trading experience level
• Tilt risk level
• Selected symptoms (emotional and behavioral triggers you want to track)
• Trading plan
• Bio

2.3 Journal Entries

When you use our journaling feature, we collect:

• Entry title and content
• Mood selection
• Tags you assign
• Timestamps of creation and last edit

Journal entries are encrypted at rest in our database. This data is highly personal, and we treat it with the highest level of care.

2.4 Streak & Habit Data

• Check-in dates and times
• Streak lengths and history
• Daily pledges and their completion status
• Checklist completions
• Goal progress tracking

2.5 Urge Logs

When you log an urge to trade impulsively, we collect:

• Trigger type (e.g., FOMO, revenge, boredom)
• Intensity rating
• Location context (e.g., at desk, on mobile)
• Response strategies you selected or used
• Resistance outcome (whether you successfully resisted)
• Breathing session data (duration, completion status)

2.6 Relapse Events

If you log a relapse event, we collect:

• Trigger category
• Emotional state at the time
• Market conditions
• Severity assessment
• Lessons learned (your self-reflection)

2.7 Community Data

When you participate in the ZERO TILT community, we collect:

• Posts and comments you create
• Likes and reactions
• Friendships and connections
• Pod (group) memberships
• Chat messages within pods

Community content you post is visible to other users according to the visibility settings of the forum or pod.

2.8 AI Coach Conversations

When you interact with the ZERO TILT AI Coach, we collect:

• Messages you send to the AI coach
• AI-generated responses
• Conversation history (stored to maintain context across sessions)

See Section 9: AI & Automated Processing for detailed information about how AI coaching data is handled.

2.9 App Usage Data

• Session start and end times
• Screens and features visited
• Platform (iOS, Android, web, desktop)
• App version

2.10 Game Data

When you use our cognitive games (designed to redirect urges), we collect:

• Game scores
• Session duration
• Levels reached

2.11 Subscription Data

• Subscription plan type and status
• Payment processor identifiers (Stripe customer ID or RevenueCat user ID)

We do not collect or store credit card numbers, bank account details, or other payment instrument data. All payment processing is handled by our PCI-compliant payment partners.

2.12 Notification Preferences

• Push notification tokens (for delivering notifications to your device)
• Quiet hours settings
• Individual notification toggles

2.13 Block Data

When you use the site-blocking feature for accountability:

• Your configured list of blocked sites
• Block session start and end times
• Block bypass attempts (logged to support your accountability goals)

2.14 Analytics Events

We collect anonymized usage analytics through PostHog, including:

• Feature usage frequency
• Button clicks and navigation patterns
• General usage trends

You can opt out of analytics collection at any time through your privacy settings within the app.

2.15 Crash Reports

We use Sentry to collect crash reports, which include:

• Error stack traces
• Device type and operating system version
• App version at the time of the crash

Sentry is configured to scrub personally identifiable information (PII) from all error reports. No journal content, messages, or personal data is included in crash reports.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Maintaining the Service

• Authenticating your identity and managing your account
• Delivering core app features: journaling, streak tracking, urge logging, community forums, AI coaching, site blocking, breathing exercises, and cognitive games
• Syncing your data across your devices
• Processing and managing your subscription

3.2 Personalizing Your Experience

• Customizing AI coach responses based on your trading profile and conversation history
• Tailoring streak and habit tracking to your goals
• Showing relevant insights based on your urge logs and journal entries
• Displaying timestamps and scheduling notifications in your timezone

3.3 Improving the Service

• Analyzing aggregated, anonymized usage data to understand which features are most helpful
• Identifying and fixing bugs through crash reports
• Informing product development decisions

3.4 Community & Safety

• Moderating community content to maintain a safe, supportive environment
• Enforcing our Terms of Service
• Preventing abuse, fraud, and unauthorized access

3.5 Communications

• Sending transactional emails (account verification, password resets, subscription receipts)
• Delivering push notifications you have opted into (streak reminders, check-in prompts)
• Responding to your support requests

3.6 Legal Obligations

• Complying with applicable laws, regulations, and legal processes
• Protecting our legal rights and the rights of our users

We do not use your personal data for targeted advertising. We do not sell your data to third parties. We do not use your journal entries, urge logs, relapse events, or AI coach conversations to train machine learning models.

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with the following categories of service providers, solely to operate and improve ZERO TILT:

Service Provider	Purpose	Data Shared
Supabase	Database hosting, user authentication	All account and app data (hosted on AWS with encryption at rest)
Anthropic (Claude AI)	AI coaching conversations	Messages you send to the AI coach, relevant profile context for personalized responses
Stripe	Web payment processing	Email address, subscription plan details (Stripe is PCI-DSS compliant; we never see your card number)
RevenueCat	Mobile payment processing (App Store / Google Play)	Anonymous user ID, subscription status and plan type
PostHog	Product analytics	Anonymized usage events, feature interactions (you can opt out in privacy settings)
Sentry	Crash reporting and error monitoring	Error stack traces, device/OS info, app version (PII is scrubbed)
Vercel	Web application hosting	Standard web server logs (IP address, user agent, request path)
Apple / Google	Push notifications	Device push tokens, notification content

We may also share your information in the following limited circumstances:

• Legal Compliance: When required by law, subpoena, court order, or governmental regulation.
• Safety: To protect the rights, safety, or property of ZERO TILT, our users, or others, including to prevent fraud or address security threats.
• Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets. In such an event, you will be notified via email and/or a prominent notice within the Service before your information is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this policy. Specific retention periods are as follows:

Data Category	Retention Period
Account data	Until you delete your account
Profile data	Until you delete your account
Journal entries	Until you delete individual entries or your account
Streak & habit data	Until you delete your account
Urge logs & relapse events	Until you delete individual records or your account
Community posts & comments	Until you delete them or your account (may persist in anonymized form if others have replied)
AI coach conversations	Until you clear conversation history or delete your account
Subscription data	Retained for 7 years after cancellation for tax and legal compliance
Analytics events	Aggregated and anonymized after 24 months
Crash reports	Automatically deleted after 90 days
Server logs	Automatically deleted after 30 days

When you delete your account, we initiate the deletion of your personal data within 30 days. Some data may persist in encrypted backups for up to 90 days before being permanently erased. Anonymized, aggregated data that cannot be used to identify you may be retained indefinitely for analytical purposes.

6. Data Security

We implement industry-standard security measures to protect your personal information:

6.1 Encryption

• In Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher.
• At Rest: All data stored in our database is encrypted at rest using AES-256 encryption. Journal entries receive an additional layer of application-level encryption.

6.2 Authentication & Access

• Passwords are hashed using bcrypt with a high computational cost factor.
• We support secure session management with automatic token expiration.
• Access to production databases is restricted to essential personnel using role-based access controls and audited access logs.

6.3 Infrastructure

• Our database is hosted on Supabase (backed by AWS) with SOC 2 Type II certified infrastructure.
• Regular automated backups are maintained with encryption.
• We use Sentry for real-time security and error monitoring.

6.4 Content Moderation

• Community content is subject to automated and manual moderation to protect user safety.
• Private data (journal entries, AI coach conversations, urge logs) is never reviewed by moderators or staff unless legally required or explicitly requested by you for support purposes.

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security, but we are committed to promptly notifying affected users in the event of a data breach in accordance with applicable laws.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

7.1 Right to Access

You have the right to request a copy of the personal data we hold about you. You can access most of your data directly within the app through your profile and settings screens.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update most information directly in the app, or contact us for assistance.

7.3 Right to Deletion

You have the right to request deletion of your personal data. You can:

• Delete individual journal entries, urge logs, relapse events, and community posts within the app
• Clear your AI coach conversation history within the app
• Delete your entire account through the app settings, which initiates deletion of all associated personal data
• Contact us at privacy@zerotilt.app to request full account deletion

7.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format. You can export your data (including journal entries, urge logs, streak history, and profile information) from within the app settings.

7.5 Right to Restrict Processing

You have the right to request that we limit the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

7.6 Right to Object

You have the right to object to the processing of your personal data for certain purposes, including analytics collection. You can opt out of PostHog analytics through your privacy settings.

7.7 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

To exercise any of these rights, contact us at privacy@zerotilt.app. We will respond to your request within 30 days. We may ask you to verify your identity before processing your request.

8. Children's Privacy

ZERO TILT is not directed at children under the age of 13. We require all users to confirm they are at least 13 years of age during account registration. We do not knowingly collect personal information from children under 13.

If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete that information from our servers within 30 days.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@zerotilt.app and we will promptly delete the data.

For users between the ages of 13 and 17, we recommend that a parent or guardian review this Privacy Policy and supervise the minor's use of the Service. We do not collect any additional data from minors beyond what is described in this policy, and we do not engage in behavioral advertising or profiling of minors.

9. AI & Automated Processing

ZERO TILT includes an AI coaching feature powered by Anthropic's Claude AI. This section explains how your data is handled in connection with this feature.

9.1 What Data Is Sent to the AI

When you interact with the AI coach, the following data may be sent to Anthropic's API:

• The messages you type in the coaching conversation
• Your conversation history within the current session (to maintain context)
• Relevant profile information you have provided (such as trading style, experience level, and selected symptoms) to personalize coaching responses

We do not send your journal entries, urge logs, relapse events, or community data to the AI unless you explicitly include that information in a coaching message.

9.2 How the AI Processes Your Data

Anthropic's Claude AI processes your messages in real time to generate coaching responses. Per Anthropic's API data usage policy:

• Data sent through the API is not used to train or improve Anthropic's AI models.
• Anthropic may retain API inputs and outputs for up to 30 days solely for trust and safety purposes (e.g., to detect abuse), after which they are deleted.
• Anthropic does not share API data with third parties.

9.3 Content Moderation

Community posts and comments may be subject to automated content moderation to ensure compliance with our community guidelines and to maintain a safe environment. This moderation does not involve profiling or automated decision-making that produces legal or similarly significant effects.

9.4 No Automated Decision-Making

ZERO TILT does not use AI or automated processing to make decisions that produce legal effects or similarly significant effects on you. The AI coach provides informational guidance and emotional support only. It does not provide financial advice, and no trading decisions or account actions are made automatically based on AI output.

9.5 Opting Out

Use of the AI coach is entirely optional. You can use all other features of ZERO TILT without interacting with the AI coach. You can clear your AI conversation history at any time from within the app.

10. Cookies & Tracking

10.1 Web Application

The ZERO TILT web application uses the following storage mechanisms:

• localStorage: Used to store your authentication session token, user preferences, and theme settings. This data remains on your device and is not transmitted to third parties.
• Session storage: Used for temporary state during your browsing session, cleared when you close the browser tab.

We do not use third-party advertising cookies. We do not use cross-site tracking cookies.

10.2 Analytics

We use PostHog for product analytics. PostHog may set a first-party cookie or use localStorage to assign an anonymous session identifier. This is used to understand how users interact with features in aggregate. PostHog analytics:

• Do not track you across other websites
• Do not build advertising profiles
• Can be fully disabled via the privacy settings in your ZERO TILT account

10.3 Mobile & Desktop Applications

Our mobile and desktop applications do not use cookies. Data persistence is handled through secure local storage and authenticated API calls to our servers.

10.4 Browser Extensions

The ZERO TILT browser extensions (Chrome and Safari) store your blocked sites list and session configuration locally on your device using the browser extension storage API. This data syncs with your ZERO TILT account when you are logged in.

11. International Data Transfers

ZERO TILT is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, where our service providers maintain their servers.

Our primary data infrastructure is hosted on:

• Supabase (AWS): Data is stored in AWS data centers located in the United States with encryption at rest and in transit.
• Vercel: Web hosting with a global edge network; your data is primarily processed in the United States.
• Anthropic: AI API processing occurs in the United States.

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following mechanisms to ensure adequate protection of your data during international transfers:

• Standard Contractual Clauses (SCCs) approved by the European Commission, as incorporated into our agreements with service providers
• Service providers' own compliance frameworks (e.g., Supabase/AWS compliance with the EU-U.S. Data Privacy Framework)

By using the Service, you acknowledge that your data will be transferred to the United States and processed in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational purposes. When we make changes:

• We will update the "Effective Date" at the top of this page.
• For material changes, we will notify you by email (sent to the address associated with your account) and/or through a prominent notice within the app at least 14 days before the changes take effect.
• Your continued use of the Service after the updated Privacy Policy becomes effective constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically. Previous versions of this policy will be made available upon request by contacting us at privacy@zerotilt.app.

13. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

13.1 Your California Rights

As a California resident, you have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which your information was collected, the business purpose for collecting your information, and the categories of third parties with whom we share your information.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (such as data needed for legal compliance or to complete a transaction you initiated).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive a different level of service or pricing for exercising your rights.
• Right to Limit Use of Sensitive Personal Information: You can limit the use of sensitive personal information (such as journal entries and health-related data) to purposes necessary to provide the Service.

13.2 Categories of Information Collected

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

• Identifiers: Email address, display name, trader name, device identifiers
• Internet or Electronic Network Activity: App usage data, screens visited, feature interactions
• Inferences: Tilt risk level, trading behavior patterns (derived from your self-reported data, not from surveillance)

13.3 Information We Do Not Collect or Sell

• We do not sell personal information to any third party for any purpose.
• We do not share personal information for cross-context behavioral advertising.
• We do not collect financial account numbers, credit card numbers, or Social Security numbers.
• We have not sold or shared personal information of consumers under 16 years of age.

13.4 Exercising Your Rights

To exercise your California privacy rights, you may:

• Email us at privacy@zerotilt.app
• Use the in-app data management features (profile settings, data export, account deletion)

We will verify your identity by confirming your email address on file. We will respond to verifiable consumer requests within 45 days. If we need additional time (up to 90 days total), we will notify you of the extension and the reason for it.

You may designate an authorized agent to submit a request on your behalf. We may require the agent to provide proof of authorization and may contact you directly to verify your identity.

14. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable local data protection laws provide you with additional rights and protections.

14.1 Data Controller

The data controller for your personal data is:

Pedro Rubio (DBA Blackfyre)
Email: privacy@zerotilt.app

14.2 Legal Bases for Processing

We process your personal data on the following legal bases:

• Contract Performance (Article 6(1)(b)): Processing necessary to provide the ZERO TILT Service to you, including account management, journaling, streak tracking, AI coaching, and community features.
• Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including improving the Service, ensuring security, preventing fraud, and conducting analytics. We balance these interests against your rights and ensure they do not override your data protection rights.
• Consent (Article 6(1)(a)): For optional processing activities such as PostHog analytics, push notifications, and marketing communications. You may withdraw consent at any time.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable laws, such as retaining subscription records for tax purposes.

14.3 Your GDPR Rights

In addition to the rights described in Section 7, you have the following rights under GDPR:

• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.
• Right to Object to Processing: You may object to processing based on legitimate interests at any time. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
• Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format (JSON or CSV), and have the right to transmit that data to another controller.

14.4 Data Protection Officer

Given the scale of our operations, we have not appointed a formal Data Protection Officer. For all data protection inquiries, please contact us at privacy@zerotilt.app. We are committed to addressing your concerns promptly and thoroughly.

14.5 Cross-Border Transfers

See Section 11: International Data Transfers for information about how we protect your data during transfers outside the EEA.

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@zerotilt.app
• Website: zerotilt.io
• Operated by: Pedro Rubio (DBA Blackfyre)

We aim to respond to all privacy-related inquiries within 30 days of receipt. For urgent matters related to data breaches or security concerns, please include "URGENT" in your email subject line.