Privacy-first by design

Privacy Policy

Ryxer separates private journal data from account, access and revenue administration. Each private journal record is linked to its owner and protected by database Row Level Security.

Information we process

Account data: name, email, mobile, registration and login timestamps.
Access data: trial, subscription, referral, broker eligibility and access status.
Billing data: gateway identifiers, amounts, dates, invoice and renewal status. Card or bank credentials are handled by the payment gateway and are not stored by Ryxer.
Referral verification data: broker, client/referral ID, registered contact details and optional proof.
Private journal data entered by you, stored only for your authenticated account.
Security signals such as hashed device/IP indicators used to reduce trial abuse and protect accounts.

Admin privacy boundary

The Ryxer admin application does not provide access to users' trade symbols, entry or exit prices, quantity, P&L, screenshots, journal notes, strategies, orders, positions, portfolios or trading history. Admins see only account, access, eligibility and revenue metadata needed to operate the service.

How information is used

Information is used to authenticate users, provide the journal, manage access, verify referrals, process billing, send service notices, prevent abuse, secure the platform, maintain audit records and comply with law.

Sharing and processors

Necessary data may be processed by infrastructure, authentication, email and payment providers under appropriate safeguards. We do not sell private journal data. We do not use private journal content to provide investment advice.

Retention and rights

Data is retained while an account is active and as required for security, audit, tax or legal obligations. Subject to applicable law, users may request access, correction, export or deletion. Certain billing and audit records may need to be retained.

Security

Controls include encrypted transport, secure authentication sessions, owner-based authorization, Row Level Security, input validation, audit logs, signed payment webhooks and restricted server secrets. No system can guarantee absolute security; suspected incidents should be reported promptly.