Last updated: 2026-06-06
The data controller of JournalByTTS (journalbytts.xyz) is Cristian López Ospina (Spain). For anything related to your personal data you can write to info@journalbytts.xyz.
| Category | Data | Source |
|---|---|---|
| Account | Username, email, password (stored only as a secure hash), optional first/last name and profile picture, preferred language | You, at sign-up and in your profile |
| Google sign-in | Google account ID, email, name and avatar | Google, only if you choose "Sign in with Google" |
| Journal content | Trading accounts and prop-firm challenges you register, trades (instrument, size, profit/loss, dates, notes, screenshots you attach), strategies, risk settings, payouts | You, or your trading platform if you connect it |
| Platform connections | API keys for exchanges/brokers (Binance, ByBit, etc.) and the key used by our MetaTrader EA. Stored encrypted; we never store exchange credentials in plain text | You, in the Integrations page |
| Billing | If you subscribe to a paid plan: Stripe customer and subscription identifiers. Card numbers are handled by Stripe and never touch our servers | Stripe |
| Technical | IP address and browser data in server logs, session cookies (see Cookie Policy) | Your browser |
| Social media | If you message or comment on our Instagram accounts, we process those messages/comments through Meta's API to reply to you | Meta/Instagram |
We do not sell your data, we do not use it for advertising, we do not profile you, and we will not send you marketing emails without asking for your consent first.
We use a small set of providers ("processors") to run the service. All of them are bound by data-processing agreements; transfers outside the EU are covered by the EU-US Data Privacy Framework and/or Standard Contractual Clauses:
| Provider | Purpose | Location |
|---|---|---|
| Railway | Hosting of the application and database | USA / EU regions |
| Optional "Sign in with Google" | USA | |
| Resend | Sending transactional email | USA |
| Stripe | Payment processing for paid plans | USA / EU |
| Meta Platforms | Instagram messaging/comments, only if you contact us there | USA / EU |
Your account data and journal content are kept while your account exists. If you delete your account or ask us to, the data is removed from the live database without undue delay and disappears from backups in their normal rotation cycle. Billing records may be retained as long as tax law requires. Server logs rotate automatically.
You can ask us at any time to access, correct, delete or export your data, and to restrict or object to its processing. Write to info@journalbytts.xyz from the email address of your account; we will answer within one month at most. You also have the right to lodge a complaint with the Spanish supervisory authority (AEPD).
All traffic is encrypted (HTTPS). Passwords are stored as salted hashes, never in plain text. Exchange/broker API keys are stored encrypted with a key that lives outside the database. Access to production data is restricted to the controller.
JournalByTTS is a tool for traders and is not directed at anyone under 18. We do not knowingly process minors' data.
If we make material changes to this policy we will announce them in the application before they take effect. The date at the top always reflects the latest revision.