Privacy Policy

1. Data We Collect and How We Use It

MyTradingGuard is designed to operate as a local risk-management layer. We collect only the minimum data necessary to provide the service:

• No Personal Information: We do not collect names, email addresses, or any form of Personally Identifiable Information (PII). The extension operates entirely without a user account.
• Rule Configuration: Your trading rules (time windows, loss limits, trade counts, etc.) are stored locally in chrome.storage.local on your device. This data never leaves your browser.
• Trading Session Data: Intra-day trade counts, realized P&L, and event logs are stored locally in chrome.storage.local and are automatically cleared at the start of each trading session (18:00 ET boundary). This data is never transmitted externally.
• Broker Authentication Tokens: When you connect a supported broker account through TradingView (e.g. Tradovate), the Chrome extension reads the broker's authentication token and your account ID directly from outgoing network request headers via the browser's built-in chrome.webRequest API. These credentials are stored exclusively in chrome.storage.session — a RAM-only store that is automatically cleared when the browser closes and is never written to disk. They are used for a single one-time startup fetch to initialize your live account balance and P&L from the broker's official REST API. After that initial call, all subsequent data (balance updates, trade history, positions) arrives passively by reading the responses to TradingView's own broker API calls — the extension makes no further network requests of its own. For other brokers the extension operates in a fully passive mode: it does not read any authentication token and relies entirely on observing TradingView's own broker responses. These credentials are never sent to MyTradingGuard servers and are never shared with any third party. They are automatically cleared when the browser closes, when you disconnect from the broker (after 5 minutes of inactivity), or when you uninstall the extension.
• Position Data: To enforce the Max Order Size rule and to allow safe position closing at all times, the extension reads your current open position size (net contracts) from the broker data stream observed through TradingView. This data is held in memory only and is never written to disk or transmitted externally.
• Economic Calendar Data (High Impact News rule): When you enable the “High Impact News” rule, the extension makes a single read-only GET request at startup to ForexFactory’s public economic calendar CDN (nfs.faireconomy.media) to fetch this week’s scheduled high-impact economic events (e.g. CPI, NFP, FOMC releases). No API key, no authentication, and no user data, trading data, or device identifiers are transmitted — it is an anonymous, unauthenticated HTTP GET for publicly available schedule data. The response (event titles, dates, and impact levels) is stored locally in chrome.storage.local and used solely to determine whether to block orders during ±5‑minute windows around high-impact events. If the rule is disabled (which is the default), no request is ever made.
• Anonymous Product-Usage Analytics: The extension sends anonymous product-usage events to Google Analytics 4 via the Measurement Protocol (e.g. "order blocked", "rule toggled", "extension installed"). No personal, financial, or trading data is ever included in these events. A persistent anonymous UUID (client_id) is stored in chrome.storage.local for session continuity; it cannot be linked to your identity. You can opt out at any time by disabling the "Usage Data" toggle in Settings → Usage Data. When opted out, no analytics requests are made.
• No External Transmission of Trading Data: All trading data is processed locally on your device. No trading data, credentials, rule configurations, or account balances are ever uploaded to our servers or shared with third parties.
• Limited Use: All data collected is used exclusively to provide the core functionality: evaluating your trading rules in real time and blocking orders that would violate them.
• Incognito Mode: The extension does not store credentials, trade events, or broker state from tabs opened in Chrome's Incognito mode. Order rule-checking may still function in incognito but no data is persisted.

2. Security & Encryption

We implement professional-grade security measures to protect your local session and financial integrity:

• Credential Isolation via webRequest: Broker authentication tokens are captured directly inside the Service Worker via the browser's built-in chrome.webRequest.onSendHeaders API. They never enter the page's JavaScript context and are never passed through window.postMessage, making them invisible to any script running on the TradingView page.
• In-Memory Processing: Broker authentication tokens are stored exclusively in chrome.storage.session — a RAM-only store managed by Chrome. They are never written to chrome.storage.local (disk) and are automatically cleared when the browser closes.
• Content Security Policy: The extension declares a strict Content Security Policy (script-src 'self') to prevent injection of external scripts into extension pages.

3. Browser Permissions

The Chrome extension requests only the permissions strictly necessary to function:

• storage: To save your rule configuration and daily trading state locally.
• alarms: To check for the daily session boundary (18:00 ET reset) and detect broker inactivity. No network requests are made by the alarm handler.
• notifications: To alert you with a browser notification when an order is blocked.
• sidePanel: To display the dashboard in Chrome's Side Panel while you trade.
• webRequest: To read the supported broker's Bearer token from outgoing request headers (Authorization) directly inside the Service Worker — for example, a Tradovate token. The token never enters the page's JavaScript context. For unsupported brokers no token is captured and this permission remains dormant.
• Host access — tradovateapi.com: Granted automatically at install time. Used to read the official broker REST API (realized P&L, trade history, positions) and to make the single per-session balance initialisation call for Tradovate accounts; after that the extension operates passively. For other brokers no outbound request to this host is made.
• Host access — nfs.faireconomy.media: Granted automatically at install time. Used only when the High Impact News rule is enabled — a single anonymous read-only GET request fetches this week's economic calendar from ForexFactory's public CDN. No user data, no authentication, no cookies are transmitted.
• Host access — tradingview.com & scripting (optional): Requested only after you explicitly click "Enable Protection". These allow the content script to intercept outgoing order requests before they leave the browser.

The extension does not request the tabs permission (which would show "Read your browsing history"). Access is limited to the specific domains listed above. Requires Chrome 120 or later.

4. User Control & Data Deletion

You have full and exclusive control over your data. Since all data is stored locally, you can remove it at any time by:

• Using the "Set as Defaults" or export/import functions within the extension settings.
• Clearing the extension's storage via chrome://extensions → MyTradingGuard → Details → Clear data.
• Uninstalling the extension, which permanently removes all locally stored data.
• Chrome encrypts the entire browser profile at the operating-system level (DPAPI on Windows, Keychain on macOS, Keyring on Linux). No additional userland encryption layer is needed for locally stored extension data.

5. Chrome Web Store Compliance

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

• Data collected by the extension is not sold to third parties.
• Data is not used or transferred for purposes unrelated to the extension's core functionality (trading discipline enforcement).
• Data is not used or transferred to determine creditworthiness or for lending purposes.
• The single purpose of MyTradingGuard is to act as a local risk management tool that enforces user-defined trading rules on specific broker platforms.

6. Contact Us

For technical inquiries regarding this Privacy Policy or our security implementation, please contact us at:
Email: info@mytradingguard.com