Effective date: June 2, 2026 · Last updated: June 2, 2026
The data controller is Daniil Lutsyk (sole trader, United Kingdom). This Policy is written around UK GDPR (the UK
General Data Protection Regulation and the Data Protection Act 2018) and the EU GDPR, since most users will be in
the UK and EU.
This Privacy Policy explains how Daniil Lutsyk (trading as LiJournal) ("we", "us") collects and uses personal data
when you use LiJournal (the "Service") at lijournal.com. For data-protection purposes, the data
controller is Daniil Lutsyk, sole trader, EH5 3ED, Edinburgh, United Kingdom, contact
lihotrades@gmail.com.
1. Data we collect
Account data: email address, username (@handle), display name, avatar colour, password (stored
hashed by our auth provider), account role and timestamps.
Your trading data: trades and notes you enter or import (e.g. instrument, prices, P&L, dates,
tags). You provide this; it is stored to deliver the Service to you.
Usage & device data: basic logs, device/browser token, timezone and interactions, used to run,
secure and improve the Service.
Payment data: handled by our payment provider (Whop). We receive
subscription status (e.g. trialing, active, cancelled) and identifiers — we do not store your full card
number.
2. How we use your data
To provide and operate the Service (your journal, dashboard, analytics).
To manage your account, subscription, trial and access.
To secure the Service and prevent abuse (including trial-abuse prevention).
To communicate with you (e.g. trial reminders, service and security notices).
To improve features and fix problems.
3. Legal bases (UK/EU GDPR)
We process personal data to perform our contract with you (providing the Service), based on our
legitimate interests (securing and improving the Service), to comply with legal obligations
(e.g. tax), and with your consent where required (e.g. certain communications/cookies).
4. Service providers (processors) we share data with
Supabase — hosting, database and authentication.
Whop — payments, subscriptions and seller-of-record (handles billing and tax).
Market-data providers (e.g. Databento) — to display charts; we send only
what's needed to fetch market data, not your identity.
Email provider (Resend, Inc.) — to send transactional emails.
Error monitoring (Sentry — Functional Software, Inc., United States) — receives
anonymised crash reports, browser metadata and an anonymous user identifier so we can fix bugs. We strip your
email, cookies, auth headers, query strings and form values before they leave your browser (see beforeSend
in our SDK initialisation). We do not send your trade data, prices or journal notes to Sentry.
Product analytics (Microsoft Clarity — Microsoft Corporation, United States, and
PostHog) — only after you accept the cookie notice. They record anonymised usage (page views,
clicks, scroll/heatmaps and aggregated session replays) tied to an anonymous identifier so we can understand how the
product is used and improve it. We do not send your trade prices or journal notes to these providers, and they are
not used for advertising. You can decline by not accepting the cookie notice.
We do not sell or share your personal data with third parties for their own marketing or advertising.
5. Cookies & local storage
We use essential cookies/local storage to keep you signed in and remember preferences (e.g. timezone). Optional
analytics, if enabled, are described in our cookie settings. You can control cookies in your browser.
6. International transfers
Some providers may process data outside the UK/EU. Specifically: Whop (United States),
Databento (United States), Sentry (United States, hosted in the US region we
selected), Microsoft Clarity (United States) and PostHog (the region we select). For UK and EU users, transfers to the United States are covered by the UK International Data Transfer
Agreement (IDTA) and the EU Standard Contractual Clauses (SCC), respectively, where required. Supabase
hosts data in the EU region we selected.
7. Data retention
We keep your data while your account is active. If you delete your account, we delete or anonymise your personal data
within a reasonable period, except where we must retain certain records (e.g. for tax/legal compliance).
8. Your rights (UK / EU GDPR)
Subject to applicable law, you can request to access, correct, export, or delete your data, object to
or restrict certain processing, and withdraw consent. To exercise these rights, contact
lihotrades@gmail.com. You also have the right to complain to your local data-protection authority
(in the UK, the ICO).
9. California residents (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act,
gives you the following rights:
Right to know what personal information we collect about you, the sources we collect it from,
the purposes for collecting it, and the categories of third parties with whom we share it. The categories we
collect are listed in section 1 above; sources and purposes in sections 1 and 2; third-party processors in
section 4.
Right to delete personal information we collected from you, subject to certain exceptions
(e.g. records we must retain for tax or legal compliance). To request deletion, email us at
lihotrades@gmail.com or use the in-app "Delete account" flow in your
Profile settings.
Right to correct inaccurate personal information.
Right to opt out of "sale" or "sharing" of personal information. We do not sell your
personal information, and we do not share it for cross-context behavioural advertising. There is nothing
to opt out of.
Right to limit use of sensitive personal information. We do not knowingly collect any category
of "sensitive personal information" as defined by the CPRA (we do not collect government IDs, precise geolocation,
union membership, religious or philosophical beliefs, biometric data, health data, etc.).
Right to non-discrimination. Exercising any of these rights will not result in denial of service,
worse pricing, or worse quality of service.
To exercise any of these rights, email lihotrades@gmail.com from the email
address tied to your LiJournal account, or use the in-app Delete account flow. We may need to verify your identity
before completing a request. You may also authorise an agent to make a request on your behalf.
Categories collected and disclosed (CCPA terminology): "Identifiers" (email, username, anonymous user id);
"Internet or other electronic network activity information" (device/browser metadata, usage logs); "Commercial
information" (subscription status). We have not sold or shared any of these categories in the past
12 months.
10. Security
We use industry-standard measures (encryption in transit, access controls, hashed passwords) to protect your data. No
system is perfectly secure, so we cannot guarantee absolute security.
11. Children
LiJournal is not intended for anyone under 18, and we do not knowingly collect their data.
12. Changes
We may update this Policy; material changes will be notified in the Service or by email.