Privacy Policy

Last updated: June 3, 2026

Viktury (“we”, “us”) provides a trading journal and analytics service at journal.viktury.com(the “Service”). This policy explains what data we collect, why we collect it, and the choices you have. We collect only what the Service needs to work, we never sell your data, and you can delete your account and everything in it at any time.

Data we collect

• Account data. Your email address, a password hash (we never see your password), and a phone number if you choose to enable SMS two-factor authentication. If you sign in with Google, we receive your email address and name from Google.
• Trading data you import. Trade history from CSV files you upload or from exchange and broker connections you set up. The Service only accepts read-only API keys, and the keys you provide are stored encrypted. We never ask for keys with trading or withdrawal permissions.
• Journal content. Notes, tags, playbooks, screenshots, and other content you create inside the Service.
• Billing data. Payments are processed by Stripe. We store your subscription tier and status; we never see or store your card number.
• Technical data. Server logs (IP address, timestamps, request paths) kept for security and debugging, error reports, and privacy-friendly, cookieless product analytics.

What we use it for

• Providing the Service: importing, storing, and analyzing your trading activity.
• Account security: email verification codes, password-reset codes, and two-factor authentication messages.
• Service notifications, such as a notice when an exchange connection stops syncing and needs to be re-authorized.
• An optional weekly summary email of your own trading statistics. You receive it only if you opt in, and every one contains an unsubscribe link.
• Billing and subscription management.

We do not sell your data, share it with advertisers, or use it to train machine-learning models.

Where your data lives

Your data is stored on Amazon Web Services servers in the Europe (London) region, encrypted at rest and in transit. Exchange API keys get an additional layer of encryption on top of that.

Third parties we rely on

• Amazon Web Services for hosting, storage, and email delivery.
• Stripe for payment processing.
• Resend for transactional email delivery.
• Sentry for error monitoring.
• Google, only if you choose “Sign in with Google”.

Each of these processes data only as needed to provide its service to us. We do not use tracking cookies or third-party advertising scripts.

Data retention and deletion

Your data is retained while your account is active. You can delete your account from your profile settings at any time: your data is immediately removed from the live Service, kept in an isolated archive for 30 days so we can recover from accidental deletions, and then permanently destroyed. Email addresses that hard-bounce or report our emails as spam are kept on a do-not-send list.

Your rights

You can access and export your data (the Service has a built-in export), correct it, or delete it at any time. If you are in the EU/EEA or UK, you additionally have the rights provided by the GDPR (access, rectification, erasure, portability, restriction, and objection). To exercise any right that isn’t available in-app, email us at support@viktury.com.

Cookies

The Service uses only essential cookies and local storage for authentication sessions. The marketing site (viktury.com) uses cookieless analytics and sets no cookies at all.

Changes

We will update this policy as the Service evolves. Material changes will be announced in the Service before they take effect. The “last updated” date at the top always reflects the current version.

Contact

Questions about this policy or your data: support@viktury.com