This policy is updated in accordance with Amendment 13 to the Israeli Privacy Protection Law, 5741-1981, which came into effect on August 14, 2025, and the applicable Data Security Regulations.
1. General
TradeBook ("the Service", "we") is committed to protecting the privacy of its users in accordance with the Israeli Privacy Protection Law, 5741-1981 (as amended by Amendment 13), and the Privacy Protection Regulations (Data Security). This policy details what data we collect, how we use it, and how we protect it.
2. Information We Collect
Information You Provide
- Registration details – Username, email address, display name and password (encrypted with bcrypt; we never store plaintext passwords).
- Trading data – Trades, strategies, notes, screenshots and journals you enter into the Service.
- Exchange API keys – If you connect an exchange account, keys are encrypted with AES-256 and stored server-side only.
- Settings – Account preferences, display settings, language and currency.
Automatically Collected Information
- IP address
- Browser type, operating system and version
- Login times, session duration and pages viewed
Information We Do NOT Collect
- We do not collect medical, biometric or specially sensitive data as defined by law.
- We do not collect information from third-party sources without your consent.
3. Purposes of Data Processing
In accordance with principles of proportionality and minimization, your information is used solely for the following purposes:
- Providing, operating and maintaining the Service
- Analyzing your trading data and displaying statistics
- Auto-importing trades from exchanges you have connected
- Improving user experience and developing new features
- Communicating with you (technical support, system updates, security alerts)
- Securing your account and preventing misuse
4. Legal Basis for Processing
Data processing is based on:
- Consent – By registering for the Service, you consent to this policy.
- Contract performance – Processing required to provide the Service you requested.
- Legitimate interest – System security, fraud prevention and aggregate (non-identifying) usage analysis.
- Legal obligation – Compliance with the Privacy Protection Law and Data Security Regulations.
5. Sharing Information with Third Parties
⚠We do not sell, rent or trade your personal information – under any circumstances.
Information may only be shared in the following cases:
- Legal requirement – Court order, competent authority request or directive from the Privacy Protection Authority.
- Rights protection – To prevent harm to the Service, other users or the public.
- Essential service providers – Hosting and infrastructure providers only, bound by data processing and security agreements.
- Your explicit consent – Only after you expressly approve.
6. Data Security
In accordance with the Privacy Protection Regulations (Data Security), we implement medium-to-high level security measures:
- Password encryption – bcrypt with unique salt per user
- API key encryption – AES-256-CBC
- Secure session management – Single-use tokens with expiration
- Attack protection – SQL injection, XSS, CSRF
- Access control – Each user can only access their own data
- Regular backups – Encrypted daily backups
- Security event logging – For anomaly and intrusion detection
Security Incident Reporting
In case of a data security incident (breach, leak), we will report to the Privacy Protection Authority and affected users within 72 hours, per the Authority's guidelines.
7. Cookies
We use essential cookies only:
- Session cookie – For authentication and connection management
- Display preferences – Language, theme (light/dark), sidebar state
No cookies are used for tracking, advertising or third-party analytics.
8. Your Rights Under the Privacy Protection Law
Under the Privacy Protection Law (as amended by Amendment 13), you have the following rights:
- Right of access – View your personal information held by us.
- Right of correction – Request correction of inaccurate or outdated information.
- Right of deletion – Request deletion of all data and account closure.
- Right of data portability – Export all your data in a structured format (CSV).
- Right to object – Object to processing for purposes not required for Service provision.
- Right to file a complaint – File a complaint with the Privacy Protection Authority.
To exercise your rights, contact us at: privacy@tradebook.co.il. We will respond within 30 days.
New in Amendment 13: A civil suit for privacy violation may be filed for up to NIS 10,000 without proof of damages. The statute of limitations has been extended to 7 years.
9. Data Retention and Deletion
- Your data is retained as long as your account is active.
- Upon account deletion – all data (including trades, notes, screenshots and API keys) will be permanently deleted within 30 days.
- Backups containing deleted data will be purged within 90 days.
- Anonymous logs (containing no identifying information) may be retained for system analysis.
10. International Data Transfers
Your data is stored on servers in Israel. If transfer outside Israel is required (e.g., for cloud backup), we will ensure the receiving country provides adequate protection or that an appropriate data processing agreement is in place.
11. Children's Privacy
The Service is not intended for minors under 18. We do not knowingly collect information from minors. If we become aware that a minor's data has been collected, we will delete it immediately.
12. Changes to Policy
We will notify you of material changes to this policy via:
- Email notification to your registered address
- In-service banner/notification
- Updated "Last updated" date at the top of this page
Continued use of the Service after a policy update constitutes acceptance of the changes.
13. Contact
For questions, requests or complaints regarding privacy:
- Email: privacy@tradebook.co.il
- Privacy Protection Authority: www.gov.il/en/departments/the_privacy_protection_authority