Privacy Policy

Wogul (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information when you use the Wogul desktop application and related services (the “Service”).

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

We collect information in the following categories:

2.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials through our identity provider (Clerk). This information is used to identify you, manage your subscription, and communicate with you about the Service.

2.2 Payment Information

Subscription payments are processed by Stripe. We do not directly collect, store, or have access to your full credit card number or bank account details. Stripe may share with us limited payment information such as the last four digits of your card, card type, expiration date, and billing address for record-keeping and customer support purposes.

2.3 Brokerage Credentials

To connect your trading accounts, you authenticate through OAuth (Tradovate) or provide API keys (TopstepX). These credentials are stored locally on your device only, encrypted using your operating system's secure storage (Windows DPAPI or macOS Keychain). Brokerage credentials are never transmitted to or stored on our servers.

2.4 Trading Data

The Service processes your trading data (positions, orders, fills, account balances) locally on your device to perform trade copying. This data is stored in a local database on your computer and is not transmitted to our servers. We do not have access to your trading history, positions, or account balances.

2.5 Application Usage and Error Data

We use Sentry for error monitoring and crash reporting. When an error occurs in the application, the following may be collected:

• Error messages, stack traces, and application state
• Device information (operating system, app version)
• Session replay data with all text masked and all media blocked — we cannot see your screen content
• Performance traces (page load times, API latency)
• Breadcrumb navigation events

Sensitive data (tokens, API keys, passwords) is automatically scrubbed from all error reports before transmission.

2.6 License Verification Data

The application periodically contacts our server to verify your subscription status. This verification transmits your user identifier and receives your subscription state (active, trialing, expired). No trading data or brokerage credentials are included in these requests.

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and manage your account
• Process subscription payments and manage billing
• Verify your license status to control access to the Service
• Diagnose and fix bugs, crashes, and performance issues
• Communicate with you about your account, billing, service updates, and security alerts
• Comply with legal obligations and enforce our Terms of Service
• Protect against fraud, abuse, and unauthorized access

We do not use your information to:

• Sell, rent, or trade your personal data to third parties
• Display targeted advertising or share data with ad networks
• Analyze your trading activity for any purpose other than providing the Service
• Make automated decisions that materially affect you without human review

We share your information only with the following third-party service providers, and only to the extent necessary for them to perform their functions:

We do not sell your personal information. We may disclose information if required by law, court order, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.

Local Storage.Trading data, brokerage credentials, and application settings are stored locally on your device in an encrypted SQLite database. Sensitive credentials (OAuth tokens, API keys) are encrypted using your operating system's secure storage facilities (Windows DPAPI or macOS Keychain).

Server-Side Storage. Account information (name, email) and subscription data are stored securely by our third-party providers (Clerk and Stripe) in their respective data centers. Error reports are stored by Sentry.

Security Measures. We implement reasonable technical and organizational measures to protect your data, including:

• OS-level encryption for all stored credentials
• ASAR integrity validation to prevent application tampering
• Code signing and notarization on both Windows and macOS
• Automatic scrubbing of sensitive fields from error reports
• HTTPS/TLS encryption for all network communications
• Rate limiting on authentication and API endpoints

While we take security seriously, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Desktop Application. The Wogul desktop app does not use cookies or web-based tracking technologies. Local storage is used solely for application functionality (settings, window state, cached data).

Website. Our website (wogul.com) may use cookies for:

• Essential cookies — required for authentication and site functionality
• Analytics cookies — to understand how visitors use our website so we can improve it

You can control cookies through your browser settings. Disabling essential cookies may prevent you from signing in or using certain features.

Local Data. Trading data and application settings remain on your device until you uninstall the application or manually delete them. We have no ability to access or delete your local data remotely.

Account Data. We retain your account information for as long as your account is active. If you close your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law (e.g., billing records for tax purposes, which may be retained for up to 7 years).

Error Reports. Error reports in Sentry are retained for 90 days and then automatically deleted.

Depending on your location, you may have the following rights regarding your personal data:

All Users

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — request your data in a structured, machine-readable format
• Objection — object to processing of your data for specific purposes

European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation. Our legal basis for processing your data is:

• Contract performance — processing necessary to provide the Service you subscribed to
• Legitimate interests — error monitoring, security, fraud prevention
• Consent — where required, such as for marketing communications

You have the right to lodge a complaint with your local data protection authority.

California (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• The right to know what personal information is collected, used, shared, or sold
• The right to delete personal information held by us and by extension our service providers
• The right to opt out of the sale of personal information — we do not sell personal information
• The right to non-discrimination for exercising your privacy rights

To exercise any of these rights, contact us at support@wogul.com. We will respond within 30 days (or sooner if required by law).

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child under 18, we will delete that information promptly. If you believe a child has provided us with personal data, please contact us immediately.

Our third-party service providers may process your data in countries other than your own, including the United States. When data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or reliance on the service provider's compliance with applicable data protection frameworks (e.g., the EU-US Data Privacy Framework).

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via the email address associated with your account at least 30 days before they take effect.

We encourage you to review this page periodically. Your continued use of the Service after any changes constitutes acceptance of the updated Privacy Policy.

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@wogul.com

For data protection inquiries from the EEA, you may also contact your local supervisory authority.