Legal

Privacy Policy

We collect the minimum needed to run your account and sync your journal. No trackers, no ads, no selling data.

Last updated: 2 July 2026 · Operated by Envyss Analytics Ltd

1. Who is responsible

Envyss Analytics Ltd operates Perpetual Desk and is the data controller for the personal data described here. Contact: envyssanalyticsltd@gmail.com.

2. What we collect on our servers

  • Account data— your name, email address, a sequential member number, and the date you joined. Your password is never stored: we keep only a salted scrypt hash, which can’t be reversed into the password.
  • Session data — a signed, httpOnly session cookie (ew_session) that keeps you logged in for up to 30 days. It contains your account id, name, email, and member number.
  • Journal data— the trades, day notes, and trading models you save are stored against your account so they follow you to any device you sign in on. They are private to your account: we store and return them, and we don’t read, analyze, profile, or sell them.
  • Security logs— like most services, our infrastructure briefly processes IP addresses and request metadata to serve pages, prevent abuse, and rate-limit sign-in attempts. We don’t build profiles from this.

That’s the whole list. We run no analytics trackers, no advertising pixels, and no third-party marketing cookies— which is also why you don’t see a cookie banner: the one cookie we set is strictly necessary to log you in.

3. What stays in your browser

Lighter preference data lives only in your browser’s local storage and is not sent to our servers: saved resources, lesson progress, recently-viewed items, strategy quiz answers, and AI engine settings (including any API keys you add — those go only to their own provider). Clearing site data removes them from that browser. Your journal is different: it syncs to your account (section 2), so signing out or clearing this browser doesn’t lose it.

4. AI features

Some features can generate summaries or commentary with AI. These run only when you invoke them. What you submit (for example a prompt, journal context, or a chart screenshot) is relayed through our server to an AI provider — depending on configuration: Cerebras, Groq, or Google (Gemini) — solely to generate the response, subject to that provider’s terms. We don’t use your submissions to train models and we don’t store them after the response is returned. If you configure a local engine (such as an on-device model) or your own API key, your data flows to that engine instead, under your own agreement with it.

5. Why we may lawfully use your data

  • Contract — creating and operating your account.
  • Legitimate interests — keeping the Service secure (rate limiting, abuse prevention).
  • Consent — optional features you actively invoke, like AI generation.

6. Where your data lives and who processes it

Account data is stored in a managed Postgres database and the app is served from managed hosting infrastructure; both act as our processors under their data-processing terms. Data may be processed in the EU/UK and the United States; where data leaves the UK/EEA it is protected by standard contractual clauses or equivalent safeguards. We never sell personal data.

7. Retention

Account data and journal data are kept while your account exists and deleted when your account is deleted. Security logs are short-lived and rotate automatically.

8. Your rights

Depending on where you live (including under UK/EU GDPR) you can ask us to access, correct, export, or delete your personal data, object to or restrict processing, and complain to your data-protection authority (in the UK, the ICO). To exercise any of these — including deleting your account — email envyssanalyticsltd@gmail.com from your account address. We respond within one month.

9. Security

Passwords are hashed with scrypt and unique salts; sessions use signed, httpOnly, secure cookies; all traffic is encrypted in transit (HTTPS); journal data is retrievable only by the signed-in account that owns it; and we hold only what the product needs. No system is perfectly secure; if a breach affects your data we will notify you as the law requires.

10. Children

The Service is for adults (18+). We don’t knowingly collect data from children; if you believe a child has an account, contact us and we’ll delete it.

11. Changes

If this policy changes materially we’ll give notice on the site (or by email) before the change takes effect. The “Last updated” date above always reflects the current version.