Sign inStart Free

Privacy
is your edge.

Effective Date: April 18, 2026

1. Introduction & Scope

ThirdLeaf Technologies Pvt. Ltd. ("ThirdLeaf", "we", "our", or "us") operates the ThirdLeaf platform. This Privacy Policy is designed to comply with the Digital Personal Data Protection (DPDP) Act, 2023 of India and other global data protection standards. We are committed to transparency in how we handle the sensitive trading data of our users.

2. Data We Collect and Why

2.1 Personal Identifiable Information (PII)

We collect your name, phone number, and email address primarily for authentication and security notifications. This data is managed through our identity provider (Clerk) and is encrypted at rest.

2.2 Financial & Brokerage Data

When you link your broker accounts via OAuth or API Secrets, we collect historical order logs, trade executions, and position data. We do NOT have access to your funds, nor can we initiate withdrawals or transfers on your behalf. This data is used strictly to populate your journaling dashboards.

2.3 Behavioral & Mindset Data

We store the mood scores, strategy notes, and setup tags you input manually. This data is used to generate the "Psychology" analytics that helps you improve your trading discipline.

Zero-Leak Security Pillar

ThirdLeaf follows a localized data storage policy. All trading data is hosted on secure servers within Indian geography to comply with RBI/SEBI data localization mandates. We employ **AES-256 encryption** for all database fields containing trade-specific information. We maintain a strict "No-Front-Run" policy: your data is never aggregated for high-frequency trading (HFT) firms or proprietary desks.

3. Cookies and Tracking

We use strictly necessary cookies to maintain your session. We do not use third-party advertising trackers or pixel-based "retargeting" on our internal authenticated dashboard. We may use anonymized analytics (e.g., PostHog or Google Analytics) on the marketing site to improve user experience.

4. Data Retention and Deletion

We retain your data as long as your account is active. Upon request for account deletion, all PII and brokerage data are purged from our primary databases within 72 hours. Backup archives may retain data for up to 30 days before full rotation/deletion.

5. Third-Party Services

We share data only with necessary service providers:

  • Clerk: For identity and session management.
  • Neon/AWS: For secure, encrypted database storage.
  • Official Broker APIs: (Zerodha, Dhan, etc.) For trade synchronization.

6. Contact Data Protection Officer

If you have concerns about your data privacy or wish to exercise your rights under the DPDP Act, please contact our Grievance Officer at privacy@thirdleaf.com.

Last Updated: April 18, 2026