This Privacy Policy explains how Zero Ika, P.IVA 01280970250, Belluno, Italy (the “Provider”, “we”, “us”) collects, uses, and protects your personal data when you use Dojo Trading at dojo-trading.com (the “Service”).
We are the data controllerfor your personal data. We process it in accordance with Regulation (EU) 2016/679 (“GDPR”) and applicable Italian data-protection law.
1. Data controller and contact
Controller: Zero Ika, P.IVA 01280970250, Belluno, Italy.
For any privacy question or to exercise your rights (Section 8), contact us through dojo-trading.com/support.
2. What personal data we collect
| Category | Examples | Source |
|---|---|---|
| Account data | Email address, name, password (hashed), authentication method | You, at sign-up |
| Identity / login data | Google account ID and email (if you sign in with Google); Telegram user ID, username and profile name (when you link Telegram) | Google / Telegram, when you connect them |
| Subscription & billing data | Subscription status, plan, billing period, payment-failure flags, Stripe customer/subscription identifiers | Stripe, when you subscribe |
| Trade journal & portfolio data | Trades you record (symbol, side, prices, P&L, leverage, size, stop/targets, tags), journal reflections, emotions/discipline notes, uploaded screenshots, portfolio entries | You, when you use the journal |
| Sensei AI data | The trade-journal data above, sent for AI analysis to generate your insights | Derived from your journal |
| Support data | Messages, email and any attachments you send via the support form | You, when you contact us |
| Usage & technical data | IP address, device/browser information, log data, error diagnostics | Automatically, when you use the Service |
| Preferences | Theme and market-selector settings (stored locally in your browser) | Your device |
We do not intentionally collect special-category data, and we ask that you do not submit it in free-text fields.
3. Why we use your data and our legal bases
| Purpose | Legal basis (GDPR Art. 6) |
|---|---|
| Create and manage your account; authenticate you | Performance of a contract (Art. 6(1)(b)) |
| Provide the journal, portfolio, content and community features | Performance of a contract |
| Generate your Sensei AI reflections from your own trade data | Performance of a contract |
| Process subscription payments and manage billing | Performance of a contract; legal obligation (tax/accounting) |
| Send transactional emails (verification, password reset, billing, support replies) | Performance of a contract |
| Verify Telegram channel membership for paid access | Performance of a contract |
| Keep the Service secure, prevent abuse and fraud | Legitimate interests (Art. 6(1)(f)) |
| Diagnose errors and improve reliability | Legitimate interests |
| Measure aggregate, anonymous traffic and feature usage across the site | Legitimate interests (no cookies, no profiling) |
| Comply with legal, tax and accounting obligations | Legal obligation (Art. 6(1)(c)) |
We do not send marketing emails and we do not sell your personal data or use it for advertising or profiling.
4. Who we share data with (processors and recipients)
We share personal data only with the service providers below, who process it on our behalf under data-processing agreements, and only as needed to run the Service. We do not sell or rent your data.
| Recipient | Role | Data shared | Location |
|---|---|---|---|
| Kantera | Operates and maintains the platform infrastructure on our behalf | Technical access to platform data as needed to run the Service | EU (Sweden) |
| Stripe | Payment processing (merchant-of-record subscription billing) | Email, payment/card data (entered directly with Stripe), billing details | US / EU |
| Brevo | Sends transactional emails | Email address, name, and email content variables | EU (France) |
| Telegram | Account linking and channel-access verification; content delivery | Telegram user ID and profile, channel-membership status | International |
| Google (OAuth) | “Sign in with Google” authentication | Google account ID, email, basic profile | US / EU |
| Google (Gemini / Agent Platform API) | Powers Sensei AI — analyses your trade data to generate insights | Your recorded trade-journal data (see Section 5) | US |
| Ably | Real-time in-app notifications | User identifier tied to notification channels | US / International |
| MongoDB Atlas | Database hosting (stores your account and journal data) | All stored application data | EU (Finland) |
| Google Cloud Storage | Stores your uploaded screenshots and avatars | Uploaded images | EU (Finland) |
| Sentry | Error monitoring (with personal data scrubbed before sending) | Error diagnostics with PII removed | US / EU |
| Vercel | Hosts the website front-end | Technical request data | US / EU |
We may also disclose data where required by law, to comply with legal process, or to protect our rights, safety, or those of our users.
5. Sensei AI and automated processing
The Sensei AI feature sends your own recorded trade-journal data (such as symbols, entry/exit prices, P&L, position size, tags, and your journal reflections) to Google’s Gemini model to generate written reflections on your past trading activity.
- This happens only when you request it (manual refresh), and only for your own data.
- The output is automated, may be inaccurate, and is not financial advice (see the Risk Disclaimer).
- It does not produce legal or similarly significant effects about you in the sense of GDPR Art. 22, and there is no automated decision-making that affects your account, billing, or access.
- We do not use your trade data to train any model, and we do not share it with other users.
6. International data transfers
Some of our processors are located outside the EU/EEA (for example Stripe, Google, Telegram, Ably and Sentry in the United States). Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards under the GDPR — principally the European Commission’s Standard Contractual Clauses — to ensure your data receives an adequate level of protection. You can request more information through dojo-trading.com/support.
7. How long we keep your data
- Account and journal data: for as long as your account is active.
- After account deletion: deleted or anonymised without undue delay, except where we must retain certain records (e.g. billing/tax records) to comply with legal obligations — typically up to 10 years for accounting records under Italian law.
- Billing records: retained for the period required by tax and accounting law.
- Support messages: retained as needed to handle your request and for a reasonable period afterwards.
- Error logs: retained for a short period for security and diagnostics.
8. Your rights
Under the GDPR you have the right to:
- access your personal data and obtain a copy;
- rectify inaccurate or incomplete data;
- eraseyour data (“right to be forgotten”);
- restrict or object to processing in certain circumstances;
- data portability — receive your data in a structured, machine-readable format;
- withdraw consent at any time where processing is based on consent (without affecting prior processing);
- lodge a complaint with a supervisory authority — in Italy, the Garante per la protezione dei dati personali (garanteprivacy.it).
To exercise any of these rights, contact us through dojo-trading.com/support. We will respond within the time limits set by the GDPR (generally one month).
9. Cookies and local storage
The Service uses only what is strictly necessary to function plus a privacy-friendly, cookieless analytics tool. We do not use advertising or tracking cookies. Full details are in our Cookie Policy at dojo-trading.com/cookies. In summary:
- a strictly-necessary `refresh-token` cookie (httpOnly) to keep you securely logged in;
- local storage items on your device for preferences (theme, selected market);
- Plausible Analytics across our public pages and the signed-in app — cookieless and aggregate-only, recording page views and a small set of named, non-identifying events (such as feature usage), with no personal data and no cross-site tracking.
Because we set no non-essential cookies, no cookie-consent banner is required.
10. Data security
We apply appropriate technical and organisational measures to protect your data, including encryption in transit, restricted access, secrets management, and scrubbing of personal data from error logs. No method of transmission or storage is completely secure, but we work to protect your data and to address incidents promptly.
11. Children
The Service is not directed to anyone under 18, and we do not knowingly collect data from minors. If you believe a minor has provided us data, contact us and we will delete it.
12. Changes to this Policy
We may update this Policy. For material changes we will give reasonable notice (by email or in-app). The “Last updated” date reflects the latest version.
13. Contact
Questions about this Policy or your data: dojo-trading.com/support.
Data controller: Zero Ika, P.IVA 01280970250, Belluno, Italy.