Limbix Brain IconLimbix
Privacy Policy

Privacy Policy

Effective Date: 28 May 2026

1. Who we are

This Privacy Policy describes how Limbix (“Limbix”, “we”, “us”, “our”) collects, uses, stores, shares, and protects your personal data when you use the Limbix web application, mobile applications, public website, and related services (together, the “Service”).

Limbix is a behavioral trading journal that helps active traders link every trade to a documented plan, score their discipline, and reflect on their decisions with the help of an AI coach. To do that, we process personal data — including trade data, journal entries, and behavioral signals you choose to provide.

Data controller
Limbix SAS
Contact email
privacy@limbix.app
Data Protection Officer
dpo@limbix.app
EU representative (Art. 27 GDPR)
[To be appointed for non-EU users where required]
Registered address
[Registered address to be inserted prior to public launch]
PLAIN-ENGLISH SUMMARY

We collect what we need to run a trading journal: your account info, the trades you log or import, the journal entries you write, and the behavioral metadata you choose to attach (emotion tags, screenshots, notes). We do not sell your data. We do not train AI models on your data by default. We let you export everything, delete everything, and choose where it lives.

2. Scope and applicable law

This Policy applies to all users of the Service, anywhere in the world. Depending on where you live, additional rights and protections may apply, including under:

  • The EU General Data Protection Regulation 2016/679 (GDPR), and the UK GDPR for users in the United Kingdom.
  • The California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, CCPA/CPRA).
  • Other state privacy laws in the United States (Colorado, Connecticut, Virginia, Utah, Texas, and similar).
  • Canadian PIPEDA, Brazilian LGPD, and equivalent regimes in other jurisdictions.

Where local law conflicts with this Policy and grants you stronger rights, those rights apply.

3. Personal data we collect

We organize the data we hold about you into the categories below. We collect data directly from you, from your use of the Service, and (where you authorize it) from connected third-party services.

3.1 Account & identity data

  • Email address (required for account creation).
  • Password — stored only as a salted hash; we cannot recover it.
  • Full name (optional; for billing and support).
  • Profile photo (optional).
  • Timezone, locale, and language preference.
  • If you sign up via Google or another OAuth provider: your provider user ID, name, email, and avatar URL.

3.2 Subscription & billing data

  • Subscription tier (Essential / Pro / Ultimate), billing cycle, and renewal status.
  • Country and ZIP/postal code for tax determination.
  • VAT/GST number if you provided one.
  • Invoice history (we keep invoice metadata for legal and accounting purposes; see §10 retention).
  • Card details and bank details are NEVER stored by us. Payments are processed by Stripe and tokenized at their end; we receive only a non-reversible reference token, the card brand, the last four digits, and the expiration month/year for display purposes.

3.3 Trading data — the content of the Service

This is the core data that makes Limbix work. You provide it, or you authorize Limbix to receive it on your behalf.

  • Trades — symbol, side, entry/exit prices, quantity, fees, P&L, timestamps, and any free-text notes you attach.
  • Trading accounts — broker names, account nicknames, asset class, account size, currency. We do NOT store broker credentials; broker connections are scoped read-only OAuth tokens.
  • Prop firm accounts — firm name, account size, stage (evaluation / funded), purchase price, payout history, costs paid (resets / add-ons).
  • Playbooks — the names, descriptions, rules, and risk parameters of your trading setups.
  • Notebook entries — rich-text journal content you write or dictate, including any images you paste.
  • Tags and emotion labels you attach to trades and entries.
  • Screenshots and chart images you upload.
  • Rule-compliance records and discipline scores computed from your trades.

3.4 AI Coach data

  • Prompts you send to the AI Coach (questionnaire answers, conversational messages, voice transcripts).
  • Responses generated for you by the AI Coach.
  • Sentiment analyses, risk flags, key-phrase extractions, and behavioral profiles derived from your notebook entries and trade history.
  • Pre-trade and post-trade check-in answers.
  • Aggregated usage counters (number of AI interactions per billing cycle) for quota enforcement and cost tracking.
IMPORTANT — MODEL TRAINING

By default we do NOT use your trading data, journal entries, or AI conversations to train any machine-learning model — ours or any third party's. You can verify this setting at any time in Settings → Privacy & Data. If you choose to opt in to share anonymized snippets for prompt-quality improvement, that toggle is OFF by default, and you can switch it off again at any time.

3.5 Device, log, and usage data

  • IP address (from which we infer approximate location at the city level for security and tax determination).
  • Browser type and version, operating system, device type.
  • Pages and screens visited inside the Service, time on page, click events, scroll depth.
  • Feature usage events (which buttons you click, which features you open, errors you encounter) — used to improve the Service.
  • Crash reports and stack traces, with personal data scrubbed where possible.
  • Request and response logs at the API gateway, retained for 30 days for security and debugging.

3.6 Communications data

  • Support tickets, emails, and chat conversations you initiate with us.
  • Survey responses and feedback you choose to submit.
  • Marketing-email open and click events if you have opted in to marketing.

3.7 Data we do NOT collect

  • We do not collect bank account or routing numbers.
  • We do not collect government identifiers (SSN, passport, driver's license).
  • We do not collect biometric data.
  • We do not collect data about you from data brokers or public profiles.
  • We do not collect data about children — see §13.

4. How we use your data, and the legal basis for it

Under GDPR and analogous laws we must identify a legal basis for every processing activity. The cards below set these out by purpose.

Account creation & login

To create your account, authenticate you, and protect against unauthorized access. Legal basis: contract performance.

Running the Service

To store, compute, and display your trades, playbooks, notebook entries, discipline scores, and analytics. Legal basis: contract performance.

AI Coach features

To send your prompts and relevant context to our LLM providers and return their responses to you. Legal basis: contract performance.

Billing & subscription

To charge your card, issue invoices, track quota, and prevent payment fraud. Legal basis: contract performance + legal obligation.

Security & fraud prevention

To detect abuse, brute-force attempts, account takeover, and suspicious activity. Legal basis: legitimate interest.

Product analytics

To understand feature usage, trace drop-offs, and improve. Pseudonymized context. Legal basis: legitimate interest (with opt-out).

Support communications

To respond to your requests and follow up on issues. Legal basis: legitimate interest + contract performance.

Marketing emails

To tell you about features, tips, and offers. Only sent if opted-in. Legal basis: consent.

Compliance with law

To respond to lawful requests from regulators and authorities. Legal basis: legal obligation.

5. Third-party processors we use

We use the following third-party services to operate Limbix. Each one acts as our processor under GDPR (or our service provider under CCPA) — meaning they handle your data only on our instructions, only for the purposes we specify, and under a written data-processing agreement.

Cloud hosting: Amazon Web Services (AWS) — EU users on eu-central-1 (Frankfurt); US users on us-east-1 (Virginia).
Database: Amazon RDS (PostgreSQL), encrypted at rest with AWS KMS.
Object storage: Amazon S3 (encrypted at rest) — screenshots, exports, image uploads.
Caching & queue: Amazon ElastiCache (Redis) — session cache, AI job queue.
Payments: Stripe, Inc. — handles all card data; we never see it.
Email delivery: Amazon SES for transactional email; Postmark for marketing email.
AI / LLM providers: Anthropic (Claude family models) for behavioral profile, conversational coach, sentiment analysis. OpenAI (where used) for fallback or voice transcription. Each provider receives only the prompt and context required for that single call and operates under a zero-retention agreement where available.
Voice transcription: OpenAI Whisper API (zero-retention). Used when you choose voice journaling.
Product analytics: PostHog (EU-hosted instance) — pseudonymized event tracking, opt-out in Settings.
Error monitoring: Sentry — stack traces, with PII scrubbing rules applied.
Customer support: Intercom — only the conversation history you initiate.
Identity providers (optional): Google OAuth — used only if you choose to sign in with Google.
LLM PROVIDER NOTE

When the AI Coach generates a response for you, the relevant prompt and a bounded portion of your context (recent trades, recent journal entries, your behavioral profile) is sent to the LLM provider over a TLS connection. The provider returns the response, and the request is not used to train their models. We do not send your full account dataset; we send only what is needed to answer your specific request.

6. International data transfers

Limbix is operated from the European Union. We host EU user data in the EU (Frankfurt) and US user data in the US (Virginia).

Some of our processors (notably Anthropic, OpenAI, Stripe, Sentry, Intercom) are based in the United States. When personal data of EU users is transferred to those processors, we rely on:

  • The European Commission's Standard Contractual Clauses (Module 2 — controller to processor).
  • The EU-US Data Privacy Framework, where the processor is certified.
  • Supplementary measures including encryption in transit (TLS 1.2+), encryption at rest (AES-256), strict role-based access, and zero-retention configurations where available.

Where you choose to switch your data residency in Settings → Privacy & Data, your data is migrated between regions. The migration is performed by us as the controller; you will receive an email confirmation when the migration completes.

7. How we protect your data

Limbix applies organizational and technical controls appropriate to the sensitivity of the data we handle, including:

  • All data encrypted in transit (TLS 1.2 or higher).
  • All data encrypted at rest (AES-256 via AWS KMS).
  • Passwords stored only as bcrypt hashes with per-user salts; never logged.
  • Multi-factor authentication available on every account; required for any administrative access.
  • Role-based access control internally — engineers can access production data only via reviewed, audited, and time-boxed access requests.
  • Daily encrypted backups, retained for 30 days, with regular restore tests.
  • Security incident response procedure with notification within 72 hours where legally required.
  • Annual third-party penetration test on production infrastructure.
  • Vulnerability scanning on all dependencies; high-severity issues patched within 7 days.
  • Bug bounty channel at security@limbix.app.
IN CASE OF BREACH

If your personal data is involved in a breach that is likely to result in a risk to your rights, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it, as required by GDPR Art. 33–34. Notifications are sent to the email address on your account.

8. Your rights

You have rights over your personal data. These vary slightly by jurisdiction; the most common are listed below. To exercise any of them, write to privacy@limbix.app or use the controls in Settings → Privacy & Data.

Right of access: Receive a copy of the personal data we hold about you, including its sources, purposes of processing, and the recipients to whom we disclose it.
Right to portability: Receive your data in a structured, machine-readable format (CSV / JSON). Available in-app via Settings → Privacy & Data → Export my data.
Right to rectification: Correct inaccurate or incomplete data. Most fields are editable directly in the app.
Right to erasure: Delete your account and personal data. Available in-app, or by emailing privacy@limbix.app. We retain a minimal record for legal/accounting purposes — see §10.
Right to restrict processing: Ask us to stop processing your data while a dispute is resolved.
Right to object: Object to processing based on legitimate interest, including product analytics and marketing.
Right to withdraw consent: Withdraw any consent you previously gave — e.g. for marketing email or for AI-prompt-improvement opt-in. Withdrawal does not affect prior processing.
Right not to be subject to automated decisions: We do not make decisions that produce legal or similarly significant effects about you using automated processing alone. The AI Coach provides suggestions; it never restricts your ability to use the Service.
Right to lodge a complaint: If you believe we have violated your rights, you may complain to your local supervisory authority. In the EU, you can find your authority via edpb.europa.eu.

California-specific rights (CCPA / CPRA)

  • Right to know what categories of personal information we collected, the sources, the purposes, and the categories of third parties to whom we disclosed it.
  • Right to delete personal information we hold about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information — we do not sell your personal information, and we do not share it for cross-context behavioral advertising.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information for inferring characteristics about you.
  • Right not to be discriminated against for exercising any of these rights.

To exercise California rights, write to privacy@limbix.app with the subject line “California Rights Request”. We will verify your identity using the email address associated with your account.

9. AI Coach — how automated processing works

The AI Coach uses large language models from Anthropic (Claude) to:

  • Generate questionnaire questions tailored to your recent trades.
  • Summarize and structure conversational journal sessions.
  • Compute sentiment scores from your journal text.
  • Detect risk flags such as overconfidence, tilt, or despair language.
  • Produce a behavioral profile from your aggregate trading data.
  • Run pre-trade and post-trade check-in assessments.

The AI Coach is informational. It never blocks your access to the Service, never executes trades on your behalf, never modifies your account settings, and never makes a decision with legal or similarly significant effect about you. You retain full control over your trades, your playbooks, and your discipline thresholds at all times.

You can disable AI features entirely under Settings → AI & Coach. Doing so stops all AI processing of your data going forward.

10. How long we keep your data

  • Active account data:

    Retained while your account is active and for 30 days after deletion (for accidental-deletion recovery).

  • Billing & invoice records:

    Retained for 7 years after the relevant tax year, as required by tax and accounting law.

  • Backups:

    Encrypted daily backups retained for 30 days. After 30 days deletions propagate fully.

  • Support tickets:

    Retained for 2 years after last activity, then anonymized.

  • AI conversation logs:

    Retained according to your preference: 'Delete after compile' (default), '90 days', or 'Keep forever'. Configurable under Settings → AI & Coach.

  • Anonymized analytics:

    Aggregated, non-identifying usage statistics may be retained indefinitely for product analytics. These cannot be used to re-identify you.

  • Auth & security logs:

    Retained 90 days for fraud/abuse investigation.

11. Cookies and similar technologies

Cookies and similar technologies are used on the Limbix website and inside the application. Full details, including cookie names, durations, and purposes, are in our Cookie Policy. The summary:

  • Strictly necessary cookies — session, authentication, CSRF protection. Cannot be disabled.
  • Preference cookies — your theme, layout, and locale.
  • Analytics cookies — pseudonymized event tracking. Opt-in in the EU, opt-out elsewhere.
  • We do not use third-party advertising cookies. We do not run cross-site behavioral retargeting.

12. Marketing communications

We may send you product-update emails, tips, and offer announcements. Marketing email is opt-in for users in jurisdictions where consent is required, and opt-out elsewhere. Every marketing email contains an unsubscribe link in its footer.

Transactional emails (password resets, billing receipts, security alerts, important account notifications) are not marketing and are sent to all users regardless of marketing preferences.

13. Children

The Service is intended for users who are at least 18 years old. We do not knowingly collect personal data from anyone under 18. If you believe we hold data about a person under 18, please contact privacy@limbix.app and we will delete it without undue delay.

14. Changes to this Policy

We may update this Privacy Policy from time to time. When we do:

  • Minor updates (clarifications, typo fixes) will be reflected by changing the 'Last updated' date at the top.
  • Material changes will be notified at least 30 days in advance via in-app notice and email to the address on your account.
  • We will keep an archive of previous versions available for at least 24 months.

15. How to contact us

For any question about this Policy, or to exercise any of the rights described above:

  • General privacy questions: privacy@limbix.app
  • Data Protection Officer: dpo@limbix.app
  • Security disclosures: security@limbix.app

We aim to respond to all privacy requests within 30 days. Where the request is complex or numerous, we may extend by a further 60 days and will tell you within 30 days if we need to do so.

← Back to Home