Privacy Policy

1. What we collect

We only collect what we actually need to run the product:

• Account data: your name and email address when you register.
• Trading data: trades, journal entries, notes, screenshots, and any other content you voluntarily enter into NexCandle. This data belongs to you.
• Billing data: your subscription status and payment method details. Card numbers are handled entirely by Stripe — we never see or store them.
• Usage data: basic analytics (pages visited, features used) to understand how the product is being used. This is aggregate and not tied to individual profiles in any meaningful way.
• Technical data: IP address, browser type, and device type collected automatically as part of normal web server operation and security logging.

2. How we store it

All your data is stored on a dedicated server located in the EU (Germany) in a PostgreSQL database. Data is encrypted in transit (HTTPS/TLS). Backups are stored in the same region. We do not use US-based cloud databases for primary storage.

3. Third-party services

We use a small number of trusted third-party services to run NexCandle:

• Stripe — payment processing. When you subscribe, your card details go directly to Stripe. We receive only a token and your subscription status. Stripe's privacy policy: stripe.com/privacy
• Resend — transactional email (welcome emails, password resets, billing receipts). Your email address is passed to Resend for delivery purposes only.
• Telegram — optional. If you connect a Telegram account to receive trade alerts, your Telegram chat ID is stored. You can disconnect this at any time from your account settings.
• Google Analytics — optional, loaded only if you accept cookies via our cookie consent banner. If you decline, no analytics scripts are loaded at all.

We do not use advertising networks, data brokers, or any third party whose business model depends on selling your data.

4. We never sell your data

We do not sell, rent, trade, or share your personal data or trading data with any third party for commercial purposes. Full stop. Our revenue comes entirely from subscriptions — not from your data.

5. Your rights (GDPR)

If you're in the EU or EEA, you have the following rights under GDPR:

• Export your data: you can download all your trading data from the /account page at any time using the data export button.
• Delete your account: you can permanently delete your account and all associated data from the /account page. Deletion is immediate and irreversible.
• Correct your data: you can update your name and email in account settings.
• Object or restrict processing: contact us at hello@nexcandle.com and we'll handle it promptly.

6. Cookies

We use a session cookie to keep you logged in. That's a functional necessity. If you accept our cookie consent banner, Google Analytics cookies are also set. You can decline, and the product works exactly the same without them.

7. Data retention

We keep your data for as long as your account is active. If you delete your account, all personal data and trading data is removed within 30 days. We may retain anonymized, non-identifiable aggregate statistics (e.g. "number of trades logged") indefinitely for product analytics.

8. Changes to this policy

If we make material changes to this policy, we'll notify you by email and update the date at the top of this page. Minor clarifications may be made without notice.

9. Contact

Questions about your data? Email us at hello@nexcandle.com. We respond within a few business days.