Skip to content

◆ Legal

Privacy Policy

Last updated · April 2026

1. Who we are

GRIT Trading Academy (“GRIT,” “we,” “us”) provides educational content, mentorship, and a private members’ community to people learning to trade financial markets. We are the data controller for the personal information described in this policy.

Contact for privacy queries: privacy@grittradingacademy.com.

2. What data we collect

  • Account data — email address, username, display name, optional bio and avatar. Collected and stored on our behalf by Clerk (our authentication provider) and mirrored into our application database.
  • Payment data — handled by Stripe. We never see or store your full card number; we receive only a customer id, subscription status, and billing metadata.
  • Member content — posts, comments, channel chat messages, direct messages, file uploads, and reactions. Stored in our Postgres database hosted on Neon in the EU-West-2 (London) region.
  • Real-time messaging metadata — connection identifiers and channel-membership data passed through Pusher Channels to deliver live chat and notifications.
  • Video — live calls run on Daily.co and recordings are stored on Mux. Daily and Mux process the audio/video stream; transcripts (if generated) live in our database.
  • File uploads — images and attachments are stored on UploadThing infrastructure.
  • Transactional email — sent via Resend (welcome, billing receipts, weekly digest, mentions).
  • Usage analytics — anonymised page-view and performance data via Vercel Analytics and Vercel hosting logs.
  • Cookies — strictly-necessary cookies for sign-in and payments are always on; optional analytics cookies are only set when you accept them in the cookie banner.

3. How we use it

  • To provide the academy itself: courses, member directory, chat, DMs, live calls, certificates.
  • To process payments and manage subscriptions.
  • To send transactional and (where you have opted in) digest emails.
  • To moderate the community and enforce our Terms of Service.
  • To improve the platform via aggregate, anonymised analytics.
  • To comply with legal obligations and respond to lawful requests.

Our lawful bases under UK GDPR Article 6 are: contract (delivering the service you paid for), legitimate interests (security, analytics, anti-abuse), consent (optional analytics cookies, opt-in emails), and legal obligation (tax records, regulatory requests).

4. Who we share it with

We share data with the following sub-processors only as necessary to run the service. Each one has its own privacy policy and contractual data- protection commitments to us.

  • Clerk — authentication, MFA, session management.
  • Stripe — payment processing, subscription billing.
  • Neon — Postgres database hosting (EU-West-2, London).
  • Vercel — application hosting, edge network, analytics.
  • Pusher Channels — real-time message delivery.
  • UploadThing — file and image storage.
  • Mux — video encoding and playback.
  • Daily.co — live audio/video calls.
  • Resend — transactional email delivery.

We do not sell your personal data. We do not share it for third-party advertising. We disclose data to law enforcement only when legally compelled.

5. Retention

We retain your account and member content for as long as your subscription is active, plus twelve (12) months after you cancel or we deactivate the account, after which we permanently delete or anonymise it. Backups are purged on a rolling 35-day cycle.

Billing records are retained for six years to satisfy HMRC requirements, even after the underlying account is deleted.

6. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Delete your account and associated data (“the right to be forgotten”).
  • Export your data in a portable, machine-readable format.
  • Restrict or object to certain processing.
  • Withdraw consent for processing based on consent at any time.
  • Lodge a complaint with the UK’s Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, email privacy@grittradingacademy.com. You can also delete your account directly from Settings.

7. Cookies

We use two categories of cookies:

  • Strictly necessary — Clerk session cookies, Stripe checkout cookies, our cookie-consent preference. These are always on because the site cannot function without them.
  • Optional analytics — Vercel Analytics for aggregate page views and performance. Only set if you accept them in the banner.

You can change your choice at any time by clearing the grit_cookie_consententry in your browser’s storage; the banner will reappear on next visit.

8. International transfers

Member content is stored in the UK / EU. Some sub-processors (Clerk, Stripe, Vercel, Resend, Mux) may process data in the United States under UK / EU Standard Contractual Clauses or equivalent UK-US Data Bridge mechanisms.

9. Changes to this policy

We will notify you by email and via an in-app notice if we materially change this policy. Minor wording or structural updates will simply be published here with an updated “last updated” date.

10. MT5 Demo Trading

When you link an MT5 demo account, you open a demo with the broker of your choice (e.g. MetaQuotes, IC Markets, FBS) and paste us four fields from the broker’s welcome email: server name, login number, and the read-only “investor” password. We register your demo with MetaApi (a third-party MT5 connectivity service) so we can read your trades and balance for the leaderboard and track-record surfaces. We never see or store your master (trading) password. The investor password we store is encrypted at rest and grants read-only access only — it cannot place trades. All trade data is simulated; no real money changes hands. If you unlink, the linked MetaApi account is removed and your local trade history rows are deleted.

See also: Terms of Service