This Privacy Policy explains how Zenith Capital Group (“Zenith,” “we,” “us”) collects, uses, and shares information when you use our simulated paper-trading service (the “Service”), available at tradingappx.com, zenith-capital-group.com, and related domains. It should be read together with our Terms of Service.
1.Information We Collect
Account & identity
| Data | Why we collect it |
|---|---|
| Email address | Login, account communications, email verification, password reset. |
| Username & display name | Identifying your account; the display name (or username) is shown publicly on the leaderboard. |
| Password | Stored only as a salted bcrypt hash — never in plain text. Not collected for Google- or passkey-only accounts. |
| Google sign-in data | If you use Google: your Google account identifier, name, email, and profile-picture URL, used to create and link your account. |
| Passkeys (WebAuthn) | Public keys and related metadata (no biometric data — that never leaves your device) used to authenticate you. |
| Verification status | Whether your email is verified, and when, to gate certain features. |
Preferences & settings
Timezone, notification preferences, interface preferences (such as your default settings tab), and your per-portfolio trading configuration (strategy toggles, position sizing, symbol lists, and similar parameters).
Simulated trading activity
Your simulated portfolios, trades, positions, orders, performance metrics, and any notes or journal entries you create. This activity is hypothetical and involves no real money.
Billing information
If you subscribe to Premium, we store your Stripe customer and subscription identifiers, subscription status, plan, and renewal/period dates. We do not collect or store your full payment-card number, CVV, or expiry — Stripe collects and processes those directly under its own privacy policy.
Support & communications
If you contact support, we collect the contents of your tickets and messages (subject, body, and any image you choose to attach) and our correspondence with you.
Technical & usage data
Limited operational data such as your last-active timestamp, session information, and standard server logs. Because the Service is served through a content-delivery/proxy provider (Cloudflare), connection metadata such as IP address and request headers are processed to deliver and secure the Service.
We also collect first-party usage analytics — which pages you visit within the Service and how long you spend on each — using our own servers (no third-party advertising or tracking networks). We use this only to understand how the Service is used and to improve it.
2.How We Use Information
- Provide, operate, maintain, and secure the Service and your account;
- Authenticate you and protect against fraud, abuse, and unauthorized access;
- Run the trading simulation, compute performance, and power the leaderboard;
- Process subscriptions and payments (via Stripe);
- Generate optional AI “trade journal” explanations of your simulated activity;
- Send transactional messages (verification, password/email changes, security notices) and — if you opt in — product updates and trade summaries;
- Respond to support requests and enforce our Terms;
- Comply with legal obligations and improve the Service.
Legal bases (EU/UK users). Where the GDPR or UK GDPR applies, we process your personal data on the following bases: performance of a contract (to provide the Service you sign up for), legitimate interests (to secure the Service and prevent fraud and abuse), consent (for optional product-update and trade-summary emails, which you can withdraw at any time), and legal obligation (to comply with applicable law).
3.How We Share Information
We do not sell your personal information. We share it only with service providers (“sub-processors”) that help us run the Service, and only as needed:
| Provider | Purpose | What’s shared |
|---|---|---|
| Stripe | Payments & subscriptions | Email, name, account identifier, plan choice. |
| Optional sign-in (OAuth) | Authentication request; we receive your Google profile basics. | |
| Anthropic (Claude API) | “Trade journal” explanations | Details of your simulated trades/positions (symbol, prices, P&L, strategy, your notes). No payment data. |
| Email provider | Transactional email | Your email address and username. |
| Market-data sources | Prices, news, option chains (Yahoo Finance, Deribit, NewsAPI, Alpha Vantage, Finnhub) | Only ticker symbols — no personal data. |
| Cloudflare | Hosting, CDN, security | Connection metadata (IP, headers) as a network proxy. |
We provide personal information to these sub-processors only as needed for them to perform services for us. Each is bound by its own privacy and data-processing commitments and is not permitted to use your information for its own unrelated purposes; their handling of your information is also governed by their respective privacy policies.
We may also disclose information (a) to comply with law, legal process, or lawful government requests; (b) to protect the rights, safety, and security of Zenith, our users, or the public; (c) to enforce our Terms; or (d) in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
4.AI Processing
When you use AI-powered features (such as trade journals or position rationales), information about your simulated trades and positions is transmitted to our third-party AI provider (Anthropic, via the Claude API) to generate the explanation. We do not send your payment details to the AI provider. AI output is automated, may be inaccurate, and is for educational purposes only (see our Terms).
5.Cookies & Similar Technologies
We use a small number of strictly necessary cookies and tokens to operate the Service:
- A session cookie (HttpOnly, Secure, SameSite=Lax) to keep you logged in;
- A CSRF token to protect form submissions against cross-site request forgery.
These are required for the Service to function and cannot be disabled while you are signed in. We do not use third-party advertising cookies, and we do not currently use any third-party analytics, advertising, or cross-site behavioral-tracking services. If this changes, we will update this Policy and, where required, ask for your consent.
6.Public Information
Your display name (or username) and your simulated performance metrics may appear on the public leaderboard. Do not use a display name that reveals information you want to keep private. Accounts with no activity for 30 days are automatically hidden from the leaderboard; deactivating or closing your account also removes you.
7.Data Retention
We keep your information for as long as your account is active and as needed to provide the Service. When you close your account, we scrub identifying profile details (such as email, username, display name, profile picture, and sign-in identifiers) and disable future sign-in. We may retain certain records — including simulated trade and portfolio history in de-identified form, and limited billing/audit records — for as long as necessary to maintain the integrity of the simulation and leaderboards, resolve disputes, prevent abuse, and comply with legal obligations.
8.Security
We use reasonable technical and organizational measures to protect your information, including password hashing (bcrypt), encrypted connections (HTTPS/TLS), HttpOnly/Secure session cookies, CSRF protection, and support for strong authentication (passkeys and “log out everywhere”). No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your credentials safe.
9.Your Choices & Rights
- Access & update: View and edit your email, display name, timezone, notification preferences, and other account details in your settings.
- Marketing preferences: Opt in or out of product updates and trade summaries. Transactional and security messages are always sent.
- Deactivate: Temporarily deactivate your account (reversible by logging back in).
- Delete: Permanently close your account, which scrubs identifying profile details as described in Section 7.
- Session control: Sign out of all devices from your account settings.
- Regional rights: Depending on where you live, you may have additional rights:
- EU / UK (GDPR / UK GDPR): rights to access, rectify, erase, restrict, or port your personal data and to object to certain processing. Where we rely on consent, you may withdraw it at any time, and you may lodge a complaint with your local data-protection supervisory authority.
- California (CCPA / CPRA): rights to know, access, correct, and delete your personal information and to opt out of its “sale” or “sharing.” We do not sell or share your personal information as those terms are defined under California law.
- Other U.S. states (such as Virginia, Colorado, and Connecticut): comparable rights to access, correct, delete, and obtain a copy of your information, and to appeal a decision about your request.
10.International Users
We operate the Service from, and process data in, the United States and other countries where our service providers operate. If you access the Service from outside those countries, you understand that your information may be transferred to and processed in countries whose data-protection laws may differ from those in your jurisdiction.
11.Children’s Privacy
The Service is not directed to children under 18 (or the age of majority in your jurisdiction), and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.
12.Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date above and, for material changes, provide reasonable notice — for example by email to your registered address and/or an in-app notice — before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.
13.Contact Us
Questions or privacy requests? Reach us through the in-app Support page, or by email at [email protected].