BEYOND JOURNAL
Privacy Policy
Last updated July 16, 2026
The short version
Beyond Journal stores your account and your trading journal securely in the cloud so it syncs across your devices and is backed up automatically. We use your data to run the product for you, nothing else. We do not sell it, we do not share it with advertisers, and we never ask for your broker passwords or connect to your brokerage account.
What we collect
To give you an account and a working journal, we hold:
- Your email address, so you can log in and we can reach you about your account.
- A hashed version of your password. We never store your actual password and cannot read it.
- Your plan and subscription status (trial, monthly, yearly, active, cancelled) and the dates that go with it.
- The journal data you create: trades, notes, playbook entries, tags and screenshots you choose to upload. This is the content of your account, stored so it is there on every device.
- A payment reference from Stripe. We do not see or store your card number; Stripe holds that.
- Basic technical logs (for example IP address and browser type) needed to keep the service secure and running.
How your journal is protected
Your journal is stored on managed cloud infrastructure, encrypted in transit (HTTPS) and at rest, and backed up so a lost or wiped device never means a lost journal. Access is limited to what is needed to operate the service and support you. We do not mine your trades to build products for anyone else, and we do not sell or rent your data to third parties. Full stop.
Cookies
We use one essential cookie to keep you logged in after you sign in. It is an httpOnly session cookie and is required for the account to work. We also use privacy-respecting, aggregate analytics to understand which pages people visit, which does not identify you personally. We do not run advertising trackers.
Who processes data for us
To run the Service we rely on a small number of processors, each for one job:
- Vercel, which hosts and serves the site.
- Our cloud hosting provider, where your account and journal data are stored and backed up.
- Stripe, which handles all payments and card data. We never touch your card details.
- Brevo, which sends transactional emails such as password resets.
Each processor only receives what it needs to do its job. None of them receive your data to use for their own purposes.
Your rights
You can export your full journal at any time from inside the app, and you can ask us to delete your account and the data we hold for it. On deletion we remove your journal data from our active systems; residual copies in encrypted backups roll off on our normal backup cycle. To export, delete, or ask what we hold about you, contact us through the address listed on the site or your account page.
Changes to this policy
If we change how we handle data, we will update this page with a new date and, where the change is material, tell active subscribers by email. The principle stays the same: your journal is yours, we protect it, and we do not sell it.
Contact
Questions about privacy can be sent to the support address listed on the site, or through your account page.