Prop Journal
Sign up free

Privacy Notice

Last updated: April 29, 2026

1. Who we are

This Privacy Notice describes how Sapo Invest ("Sapo Invest", "we", "us") processes personal data in connection with the Prop Journal service ("Service"). Sapo Invest is the data controller for the personal data we collect through the Service.

2. Personal data we collect

  • Account data: name, email, password hash, profile preferences, language.
  • Trading journal content: trades, notes, screenshots, strategies, accounts and payouts you choose to log.
  • Usage & telemetry: pages viewed, features used, error logs, approximate device and browser information.
  • Technical identifiers: IP address, device identifiers, cookies and similar technologies.
  • Support communications: messages you send us via contact forms or email.
  • Billing metadata: subscription status, plan and customer ID. Card numbers and full payment details are collected and processed directly by Paddle (see Section 5) and are not stored by us.

3. Why we use your data (purposes & legal bases)

  • Provide the Service (account creation, journal storage, analytics, AI summaries) — performance of contract.
  • Security & fraud prevention (abuse detection, rate limiting, audit logs) — legitimate interests.
  • Customer support — performance of contract / legitimate interests.
  • Service improvement (aggregated usage analytics, debugging) — legitimate interests.
  • Marketing communications (only where applicable) — consent, which you can withdraw at any time.
  • Legal & accounting obligations — legal obligation.

4. Cookies

We use cookies and similar storage that are strictly necessary to operate the Service (authentication, session, security). We may also use limited analytics cookies to understand aggregate usage. You can manage cookies in your browser settings; disabling essential cookies may break parts of the Service.

5. Who we share data with

  • Service providers / subprocessors: cloud hosting, database, file storage, email delivery, analytics, error monitoring, and AI inference providers used to operate the Service.
  • Paddle.com Market Limited (Merchant of Record): Paddle handles checkout, payments, subscription management, billing, tax, invoicing, and refund processing on our behalf. Paddle is a separate controller for the payment data it collects.
  • Professional advisers: legal, accounting, and tax advisers where necessary.
  • Authorities: where required by law, court order, or to protect our rights.

We do not sell your personal data.

6. International transfers

Personal data may be processed outside your country, including in the EEA, UK, and the United States. Where transfers occur from the UK/EEA to a country without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses.

7. Data retention

We keep personal data only as long as necessary for the purposes above. Account and journal data are kept while your account is active and for a reasonable period after deletion to handle disputes, fulfil legal obligations, and complete backups, after which they are deleted or anonymised. Billing records may be retained longer where required by tax law.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • access the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data ("right to be forgotten");
  • restrict or object to certain processing;
  • request data portability;
  • withdraw consent where processing is based on consent;
  • lodge a complaint with your local data protection authority.

We will respond to verifiable requests within the timeframe required by applicable law (typically one month under GDPR). To exercise your rights, contact us via the contact page.

9. Security

We apply appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and least-privilege practices. No system is 100% secure; we cannot guarantee absolute security.

10. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe a minor has provided us with personal data, please contact us so we can delete it.

11. Changes to this notice

We may update this Privacy Notice from time to time. Material changes will be communicated via the Service or by email.

12. Contact

For privacy questions or to exercise your rights, contact Sapo Invest via the contact page.