SecuoraSecuora← Back to home

Privacy Policy

Last updated: June 4, 2026

This Privacy Policy explains how Secuora collects, uses, shares, and protects your information when you use the Secuora trading journal and market replay/backtesting platform, including our website at secuora.xyz and our mobile applications (together, the “Service”). By using the Service you agree to this Policy.

1. Who we are

The Service is operated by SIA “Miglai”, a company registered in Latvia (registration No. 40203733943, VAT LV40203733943), registered address Reķu sala 4, Upesciems, Garkalnes pag., Ropažu nov., LV-2137, Latvia (“Secuora”, “we”, “us”, “our”). For users in the EU/EEA and the UK, we act as the controller of your personal data. You can reach us at support@migla.io.

2. Data we collect

Account and identity

  • Your email address and authentication details when you register or sign in.
  • If you use Google sign-in, the email address, basic profile information (name and avatar), and account identifier that Google shares with us.
  • An optional display name, community username, bio, and avatar that you choose.

Content you create

  • Journaled trades, notes, tags, emotions, and any screenshots you attach.
  • Backtest and replay sessions, including simulated trades, drawings, and settings.
  • Strategies, confluence data, and analytics derived from your entries.
  • Community content you choose to publish, such as posts, comments, likes, and any performance statistics or charts you share.

Subscription and payments

  • Your plan, subscription status, and billing identifiers.
  • Payments are processed by Stripe (on the web) and, where applicable, by the Apple App Store or Google Play (in our mobile apps). We never receive or store your full payment-card details — our payment processors handle them and provide us only with the transaction records needed to manage your subscription.

Technical and usage data

  • IP address (used to operate and secure the Service and to prevent abuse).
  • Device and browser type, operating system, and app version.
  • Product-interaction data (such as which features you use) and diagnostic/error logs.

Mobile-app data

  • Device identifiers and app version.
  • A push-notification token, only if you enable notifications.
  • Crash and performance diagnostics.
  • We do not use advertising identifiers (such as the IDFA), we do not run ads, and we do not track you across other apps or websites.

3. How we use your data

We use your data for the purposes below, relying on the legal bases noted:

  • Provide and operate the Service, save your journals and sessions, and compute analytics — to perform our contract with you.
  • Authenticate you and keep your account secure — contract and our legitimate interests.
  • Process subscriptions and payments — contract and legal obligation.
  • Prevent fraud, abuse, and misuse, and protect the Service — legitimate interests and legal obligation.
  • Provide support and respond to your requests — contract and legitimate interests.
  • Improve and develop features — legitimate interests.
  • Send service-related messages, and optional product updates where you have opted in — consent and legitimate interests.

4. We do not sell your data

We do not sell your personal data, and we do not use it for cross-context behavioural advertising. There is no third-party advertising in the Service.

5. Who we share data with

We share data only with the processors and parties needed to run the Service, each bound by appropriate data-protection terms:

  • Supabase — authentication and database hosting.
  • Stripe — subscription and payment processing.
  • Vercel — application hosting and content delivery.
  • Google — optional Google sign-in.
  • Apple and Google — distribution, push notifications, and in-app purchases for our mobile apps.
  • Email delivery provider — to send account and service emails.
  • Market-data providers — we fetch historical price data from them; we do not send them your personal data.
  • Other users — content you publish to the community (your public profile and posts) is visible to others.
  • Authorities — only where required by a valid legal request, and limited to the minimum necessary.

6. International transfers

Some providers process data outside the European Economic Area (for example, in the United States). Where they do, the transfer is protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

7. How long we keep data

  • Your account content is kept while your account is active.
  • When you delete your account, we delete your personal data, except records we must keep to comply with law or to resolve disputes.
  • Backups are purged on a rolling schedule (approximately 30 days).
  • We may keep aggregated or anonymised statistics that no longer identify you.

8. Your rights

Depending on where you live, you have rights over your personal data. Under the GDPR (EU/EEA/UK) you may access, correct, erase, restrict, or port your data, object to certain processing, and withdraw consent at any time, and you may lodge a complaint with your local supervisory authority. Under the CCPA/CPRA (California) you may know, delete, and correct your data and opt out of any sale or sharing — note that we do not sell or share your data for advertising.

You can export or delete your data from Settings in the app, or by emailing support@migla.io. We respond to verified requests within 30 days.

9. Security

We protect your data with encryption in transit (TLS), row-level security and access controls on stored data, and encryption at rest provided by our infrastructure partners. If a personal-data breach affects you, we will notify the relevant authority, and where required you, within 72 hours as required by the GDPR. No method of transmission or storage is completely secure, but we work hard to protect your information.

10. Children

Secuora is intended for adults. You must be at least 18 years old to use the Service. We do not knowingly collect personal data from anyone under 18; if we learn that we have, we will delete it.

11. Cookies and on-device storage

On the web, we use essential cookies and local storage to keep you signed in and to remember your preferences. Our mobile apps use secure device storage (such as the iOS Keychain) for the same purposes. We do not use advertising or cross-site tracking cookies.

12. Changes to this Policy

We may update this Policy from time to time. The “Last updated” date above reflects the most recent revision, and we will announce material changes through an in-app or website notice and/or by email.

13. Contact

For any privacy question or request, contact us at support@migla.io, or by post at SIA “Miglai”, Reķu sala 4, Upesciems, Garkalnes pag., Ropažu nov., LV-2137, Latvia.