Privacy Policy

Effective date: 23 June 2026 · Data controller: Fourdesk · Contact: legal@fourdesk.io

This Privacy Policy explains how Fourdesk ("we", "us") collects, uses, stores, and protects your personal data when you use our Service. As we operate from the Canary Islands, Spain, we are subject to the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

1. Data Controller

The data controller for your personal data is Fourdesk, reachable at legal@fourdesk.io. You may exercise any of your GDPR rights by contacting us at this address.

2. Data We Collect

Account data: Your email address and authentication credentials when you register.

Usage data: Pages visited, features used, session duration, device type, browser, and IP address.

Journal and trading data: Trade records, mood and confidence ratings, notes, and any other content you enter into the Service.

Chart uploads: Images you upload for analysis. These are transmitted to our AI provider for processing and are not used for any other purpose.

Payment data: We do not store card details. Payment processors collect and handle payment information directly.

Communications: Emails or messages you send us.

3. How We Use Your Data

  • To provide, operate, and maintain the Service.
  • To process chart uploads through AI analysis and return results to you.
  • To generate coaching and psychological insights based on your journal data.
  • To send transactional emails (account verification, password reset, billing receipts).
  • To improve and develop the Service (aggregated, anonymised analytics only).
  • To comply with legal obligations.

4. Legal Basis for Processing (GDPR)

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service you signed up for.
  • Legitimate interests (Art. 6(1)(f)): Improving the Service, ensuring security, preventing fraud.
  • Legal obligation (Art. 6(1)(c)): Retaining records as required by law.
  • Consent (Art. 6(1)(a)): Where you have opted in to optional communications or cookies.

5. Third-Party Services

We use the following sub-processors to operate the Service:

  • Supabase: Database, authentication, and file storage. Data is stored in EU regions. Privacy policy.
  • Anthropic: AI model provider used to analyze chart images. Chart images and prompts are transmitted to Anthropic's API and are subject to their data usage policies. We do not share personally identifiable information with Anthropic. Privacy policy.
  • Vercel: Hosting and deployment infrastructure. Privacy policy.

We do not sell your personal data to third parties.

6. Data Retention

We retain your account data for as long as your account is active. Journal entries, trade records, and uploads are retained until you delete them or close your account. Anonymised, aggregated usage data may be retained indefinitely. We will delete your personal data within 30 days of a verified account deletion request.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data ("right to be forgotten").
  • Restriction: Ask us to limit how we use your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at legal@fourdesk.io. We will respond within 30 days.

8. Cookies

We use essential cookies required for authentication and session management. We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings; disabling essential cookies will prevent you from logging in.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including encrypted connections (HTTPS) and access controls on our databases.

10. International Transfers

Your data is primarily processed within the EU/EEA. Where sub-processors operate outside the EEA (for example, Anthropic in the United States), we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

11. Supervisory Authority

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Spanish data protection authority, the Agencia Española de Protección de Datos (AEPD) at www.aepd.es, or with the data protection authority in your country of residence.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the Service after the effective date of any changes constitutes acceptance of the updated policy.

13. Contact

For any privacy-related questions or to exercise your rights, contact us at legal@fourdesk.io.