Trading Hub
ID EN
Terminal

Legal · Privacy Policy

Privacy Policy

Effective: 11 May 2026

1. Who we are

Trading Hub Terminal (the "Service") is operated by the product owner (the "Operator"), based in Indonesia. For privacy questions, contact hello@tradinghub.id.

2. What we collect

We keep data collection to the minimum needed to run the Service.

2.1 Public pages (no account)

When you visit pages under tradinghub.id without signing in, we collect:

  • Aggregated visit analytics: page views, referrer, country, device type, browser version. We use privacy-friendly analytics that does not set cookies and does not identify individual users.
  • Server logs: IP address, request path, timestamp, and user-agent. Retained for up to 30 days for security and debugging.

2.2 Terminal (signed in)

When you create an account or use the terminal, we collect:

  • Account data: email address, display name, and authentication records. Managed by our auth provider.
  • Preferences: saved watchlists, selected symbols, timezone, theme. Stored against your account.
  • Billing data (if you subscribe): handled by our payment processor. We do not see or store card numbers.
  • Support correspondence: if you email us, we keep the thread for reference.

2.3 Broker Link data

If you connect an MT5 broker account ("Broker Link"), we store the investor (read-only) password you provide, plus account metadata (server name, login number, label, balance snapshots). The investor password cannot place trades or move funds: it is read-only by design at the broker level. We store it on a dedicated server in Singapore so the terminal can fetch your live snapshots and trade history while you are using the Service. You can delete the linked account at any time from the Portfolio page. The credential is removed from our store upon disconnect.

2.4 What we do not collect

  • We do not collect or store your main broker password, your withdrawal PIN, or any credential capable of executing trades or moving funds.
  • We do not sell, rent, or share personal data for advertising.
  • We do not use third-party advertising trackers (Meta Pixel, Google Ads, TikTok Pixel, etc).

2.5 Operator access (admin role)

For support, fraud investigation, abuse response, and operational health checks, members of the Operator team with the admin role may view your linked broker accounts and their snapshots, including accounts you have marked as private in your profile. Privacy flags on your profile control what other users can see; they do not hide data from the Operator. We do not use this access for anything beyond running the Service, and we do not share what we see with third parties except where required by law.

Every admin view of a private account is recorded in an append-only audit log (table admin_audit_log) along with the admin's user id, timestamp, IP address, and the specific account that was viewed. You can request a copy of audit entries that touched your account by emailing hello@tradinghub.id.

2.6 Presence & activity (logged-in terminal)

While you have the terminal open in your browser, your client sends a lightweight "heartbeat" ping to our server roughly every 60 seconds. Each ping records:

  • Last seen timestamp: when your browser last checked in. We use this to show "online" indicators in the Operator's admin tools and to size capacity.
  • Current route: the path of the page you are viewing inside the terminal (e.g. /dashboard, /idx/BBCA). We do not log query parameters, scroll position, click events, or content you type.

These two fields are stored on your user record and overwritten on each ping (we do not keep a long history of every page you visited). Only the Operator (admin role) can read this data via /admin/members for support, capacity planning, and abuse investigation. Each admin view is recorded in admin_audit_log (see section 2.5).

If you sign out or close all browser tabs, the heartbeat stops. Your last_seen_at will simply age in place until the next time you sign in.

2.7 Client error reports (logged-in terminal)

When the terminal crashes or hits a runtime error in your browser (React render error, unhandled promise rejection, or window error), the browser sends a small report to our server so the Operator can see and fix the bug. Each report contains:

  • The error message and stack trace (function names + file paths in our code, no user data)
  • The page route where the error happened (e.g. /idx/BBCA)
  • Your user id (so we can ask if it's an issue specific to your account)
  • Your IP address and user-agent string (for debugging device/browser-specific bugs)

We do not log keystrokes, form field contents, clipboard, scroll position, or anything else you type or view. Duplicate error reports within a 60-second window are deduplicated client-side so a single bug doesn't flood the log.

Only the Operator (admin role) can read this data via /admin/errors for triage. Each admin view is recorded in admin_audit_log (see section 2.5).

3. Why we collect it

  • Run the Service: authenticate you, load your preferences, serve the pages you request.
  • Improve the Service: understand which pages are used, spot bugs, improve performance.
  • Security: detect abuse, rate-limit, investigate incidents.
  • Communications: reply to support, send billing receipts, notify you of material changes. We do not send marketing email unless you explicitly subscribe.

4. Cookies and local storage

We use:

  • Session/auth cookies: required to keep you signed into the terminal.
  • localStorage: stores your watchlist selection, timezone, theme, and anonymous-tier preferences directly in your browser. Never leaves your device.

We do not use cookies for cross-site tracking or advertising. No cookie consent banner is required because we do not use non-essential cookies.

5. Third parties we use

We use a small set of infrastructure providers to run the Service. Each handles only the data described:

  • Our hosting provider: serves pages, handles SSL, processes request logs.
  • Authentication provider (to be specified when account signup launches): stores account credentials and sessions.
  • Payment processor (to be specified at launch of paid plans): handles billing.
  • Email provider: delivers transactional email (sign-up verification, receipts).

Specific provider names and links to their privacy policies will be maintained on this page as integrations go live.

6. Data retention

  • Account data: retained while your account is active, deleted within 30 days of account closure (billing records kept longer where required by tax law).
  • Server logs: 30 days, then deleted.
  • Analytics: aggregated, cannot be tied back to individuals, retained indefinitely.
  • Support correspondence: 2 years.

7. Your rights

Subject to applicable law (including Indonesia's UU PDP, the EU GDPR, and UK GDPR where they apply), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and associated data.
  • Export your preferences and account data in a portable format.
  • Withdraw consent for optional processing.
  • Lodge a complaint with your data protection authority.

To exercise any of these, email hello@tradinghub.id. We respond within 30 days.

8. Security

We use HTTPS everywhere, modern security headers, and industry- standard authentication providers. No internet system is perfectly secure. We encourage using a unique password and enabling two-factor authentication when it becomes available.

9. International transfers

Our infrastructure providers operate globally. Your data may be processed in regions outside Indonesia (notably the EU and US) under standard contractual clauses or equivalent protections.

10. Children

The Service is not directed at individuals under 18. We do not knowingly collect personal data from minors. If you believe a minor has submitted data, contact us and we will delete it.

11. Changes to this Policy

We will post material changes on this page and update the effective date. Continued use of the Service after changes constitutes acceptance.

12. Contact

Questions or requests: hello@tradinghub.id.