Your Data, Your Control
We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights regarding your information.
Last updated: January 2025
We Will Never Sell Your Data
Your trading data, biometric information, and psychological insights are yours alone. We will never sell, rent, or share your personal information with advertisers, data brokers, or any third party for marketing purposes. Your trust is our priority.
Who We Are
TELA-X is a product of Telos Holdings Pty Ltd (ABN 22 687 704 936). All references to "TELA-X", "we", "us", or "our" in this Privacy Policy refer to Telos Holdings Pty Ltd.
We Will Never Sell Your Data
Your trading data, personal information, biometric readings, and psychological insights are NEVER sold, rented, or shared with third parties for marketing or advertising purposes. Your data belongs to you.
Your Data Is Stored Securely
All your information—including trading decisions, biometric data from Whoop and Oura, emotional states, and session records—is encrypted and stored in secure, enterprise-grade infrastructure with strict access controls.
Minimal Data Sharing
We only share data with third-party services (OpenAI, Stripe, etc.) when absolutely necessary to provide our services to you, and these providers are contractually bound to protect your information.
You Control Your Data
You can export, modify, or permanently delete all your data at any time. When you disconnect an integration or delete your account, your data is removed from our systems.
Account Information
When you create an account, we collect your name, email address, and password (securely hashed). We also store your disclaimer acceptance timestamp.
Trading Data
We collect information about your trades including: asset/symbol, trade direction (long/short), entry/exit prices, profit/loss, position size, risk amounts, trade setup type, trade rationale, and timestamps. This data is used to provide discipline analytics and pattern detection.
Psychological & Emotional Data
To help you understand your trading psychology, we collect: emotional state ratings (1-10 scale), emotion tags (e.g., FOMO, anxiety, confidence), spot check responses, outcome attachment ratings, session notes, and AI coaching interactions.
Biometric Data (Optional)
If you connect Whoop or Oura devices, we collect: heart rate variability (HRV), recovery scores, sleep data (hours, quality, deep sleep, REM), strain scores, readiness scores, body temperature deviations, and respiratory rate. This data is used to correlate physical state with trading performance.
Session Data
We track trading session information including: start/end times, emotional states, physical state metrics (sleep, recovery, caffeine intake, exercise), session commitments, and AI-generated insights.
Screenshots
You may upload chart screenshots for entry and exit points. These images are stored securely and associated with your trades.
Service Delivery
We use your data to provide TELA-X services including: trade logging, discipline scoring, pattern detection (revenge trading, tilt, FOMO), AI coaching insights, session summaries, and performance analytics.
AI Analysis
Your trading data and psychological information is processed by our AI systems to detect behavioral patterns, generate personalized coaching recommendations, and provide real-time interventions when destructive patterns are detected.
Biometric Correlations
If you opt-in to biometric integrations, we correlate your physical metrics (sleep, HRV, recovery) with your trading performance to identify optimal and suboptimal trading conditions.
Service Improvements
We analyze aggregated, anonymized data to improve our pattern detection algorithms and overall service quality.
Communications
We may send you service-related notifications, alerts (via Telegram if configured), and important updates about your account.
OpenAI (AI Coaching)
We use OpenAI's GPT models to power our AI coaching and analysis features. Trading metrics (win rates, P&L patterns), session data, and psychological information may be sent to OpenAI for processing. OpenAI does not use this data to train their models under our API agreement. Your actual trade prices, account balances, and specific financial details are not shared—only behavioral patterns and aggregated metrics.
Supabase (Data Storage)
All your data is stored in Supabase, a secure PostgreSQL database platform with SOC 2 Type II compliance. Your data is protected by row-level security (RLS) policies ensuring you can only access your own data. Data is encrypted at rest and in transit. Supabase does not access, analyze, or sell your data.
Stripe (Payments)
Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We store only your Stripe customer ID and subscription status in our database—we NEVER store your credit card number, CVV, or full payment details. All payment information is handled directly by Stripe's secure infrastructure. Stripe's privacy policy governs payment data handling.
Whoop (Biometric Integration)
If you connect your Whoop device (Elite plan), we use OAuth 2.0 to securely access your biometric data. Data collected includes: recovery score, HRV (heart rate variability), strain score, sleep hours and quality, and resting heart rate. This data is stored securely in our database and used solely to correlate your physical state with trading performance. We cannot access your Whoop account credentials. You can disconnect Whoop at any time from Settings, which stops all data sync and removes stored tokens.
Oura Ring (Biometric Integration)
If you connect your Oura Ring (Elite plan), we use OAuth 2.0 to securely access your biometric data. Data collected includes: readiness score, sleep data (total, deep, REM), HRV, heart rate, body temperature deviation, respiratory rate, and blood oxygen levels. This data is stored securely and used solely to help you understand how your physical state affects trading. We cannot access your Oura account credentials. Disconnect anytime from Settings to stop data sync.
Alpaca (Broker Integration)
If you connect your Alpaca brokerage account (Elite plan), you provide API credentials (key and secret) to enable automatic trade import. Your credentials are encrypted at rest in our database. We use READ-ONLY access—TELA-X cannot place, modify, or cancel orders on your behalf. We import: order ID, symbol, direction, fill price, quantity, and timestamps. Your account balance and buying power are not accessed. You can revoke access by disconnecting in Settings or rotating your Alpaca API keys.
Telegram (Alerts)
If you enable Telegram alerts, we send notifications through the Telegram Bot API. We store your Telegram username and chat ID to deliver alerts. Alert messages contain trade classifications (RED/YELLOW/GREEN), discipline warnings, and session summaries. We do not access your Telegram messages or contacts. You can disable alerts anytime from Settings.
Trading Data Protection
Your trading decisions, P&L records, session logs, and discipline metrics are stored in encrypted databases with strict access controls. Only you can access your trading data through authenticated sessions. Our team cannot view your individual trades or financial performance.
Biometric Data Security
Biometric data from Whoop and Oura (HRV, sleep, recovery scores) is treated with the highest level of protection. This sensitive health information is encrypted at rest, isolated per user, and never shared with third parties. Biometric data is used solely to provide you with correlational insights.
Encryption Standards
All data is encrypted in transit using TLS 1.3. Sensitive credentials (broker API keys, OAuth tokens) are encrypted at rest using AES-256 encryption. Database backups are also encrypted.
Access Control & Isolation
Row-level security (RLS) policies enforce strict data isolation—you can only access your own data. All API requests require authentication. Our infrastructure uses the principle of least privilege.
Token Management
OAuth tokens for Whoop, Oura, and other services are stored securely with automatic refresh handling. Tokens are never exposed to the client-side or logged. If a token is compromised, you can revoke access immediately by disconnecting the integration.
Password Security
Passwords are hashed using bcrypt with salt. We never store plain-text passwords. Password reset flows use secure, time-limited tokens.
Active Accounts
We retain your data for as long as your account is active. Free tier users have 7 days of trade history; paid users have unlimited history retention.
Account Deletion
When you delete your account, we permanently delete all your personal data, trading history, session data, and stored credentials within 30 days.
Backups
Database backups are retained for disaster recovery purposes and are automatically deleted after 30 days.
Access
You can access all your data through the TELA-X dashboard. You may also request a complete export of your data.
Correction
You can update your account information and trading data through the app settings.
Deletion
You can delete individual trades, sessions, or your entire account at any time.
Disconnect Integrations
You can disconnect third-party integrations (Whoop, Oura, Alpaca, Telegram) at any time, which will stop data collection from those services.
Data Portability
You may request an export of your data in a machine-readable format.
Essential Cookies
We use essential cookies to maintain your authentication session and remember your preferences. These are required for the service to function.
No Third-Party Tracking
We do not use third-party tracking cookies or advertising pixels. We do not sell your data to advertisers.
Age Requirement
TELA-X is not intended for users under 18 years of age. We do not knowingly collect personal information from children.
Updates
We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification.
Questions About Privacy?
If you have any questions about this privacy policy or your data, please contact us.
support@tela-x.com