Privacy Policy

Yestercharts (“we”, “our”, “us”) is an EdTech platform for practising and competing in price action analysis on anonymised historical charts. No real money is traded on this platform. Our registered contact email is privacy@yestercharts.com.

We collect the minimum data necessary to operate the platform:

• Account data - email address, display name, username. Collected at sign-up.
• Performance data - contest entries, trade records, journal notes, leaderboard rankings. Generated by your activity on the platform.
• Payment data - subscription plan, payment date. Payment card details are processed by Razorpay and are never stored on our servers.
• Technical data - IP address, browser/device type, page interactions. Collected automatically via server logs and Supabase analytics.
• Communications - messages you send to our support or feedback channels.

We do not collect any financial trading account data, real portfolio data, or sensitive personal data (health, biometric, government ID).

• To provide and improve the Yestercharts service (contest scoring, leaderboards, journals).
• To process subscription payments via Razorpay.
• To send transactional emails (password reset, payment confirmation).
• To send product updates and newsletters - only if you have given explicit consent.
• To investigate and resolve support requests.
• To detect and prevent abuse, cheating, or security threats.

If you are in the European Economic Area, our legal basis for processing your data is:

• Contract performance - account, contest, and payment data needed to provide the service.
• Legitimate interests - security, fraud prevention, platform improvement.
• Consent - marketing emails and non-essential cookies. You can withdraw consent at any time.

Active Pro subscribers: your data is retained while your subscription is active.

After a Pro subscription expires, we retain your data for 180 days on a graduated ladder (REQ-197):

• Days 0 to 29 (Frozen): your data stays fully intact in our live systems. Login is blocked until you reactivate, but nothing is lost.
• Day 30 (Summary Pack): we email you a PDF summary of your journey on the platform (trades, journal, learning progress, strategies). A download link remains valid for 60 days.
• Days 30 to 149 (Warm archive): data is still in our live systems. Reactivating restores everything instantly.
• Days 150 and 175: we send transactional warning emails so the deletion is never a surprise.
• Day 180 (Hard delete): personal data (name, email, avatar, bio) is redacted. Journal entries, AI analyses, and custom algo strategies are deleted. Trade history is preserved in anonymised form for platform integrity.

Legal records retained for 8 years per Indian Income Tax Act and GST rules: invoices, refund records, TDS certificates, and referral commission ledger entries. After Day 180, the user id on these records is hashed so they cannot be linked back to you.

Server logs are deleted after 90 days.

You can request immediate deletion at any time under the DPDP Act 2023 by emailing privacy@yestercharts.com. We process within 30 days.

We do not sell your personal data. We share it only with:

• Supabase (database and auth hosting) - data is stored in their infrastructure under their DPA.
• Razorpay (payment processing) - only payment-related data as required to complete transactions.
• Vercel (hosting) - server logs for deployment infrastructure.
• Authorities - if required by applicable law or a valid court order.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (via your Profile page).
• Delete your account and associated data (email privacy@yestercharts.com).
• Portability - receive a copy of your data in a machine-readable format.
• Object to processing based on legitimate interests.
• Withdraw consent for marketing emails at any time (unsubscribe link in every email).

To exercise any of these rights, email us at privacy@yestercharts.com. We will respond within 30 days.

We take reasonable and industry-standard measures to protect your data, including:

• HTTPS-only connections with HSTS enforcement.
• Row-level security (RLS) on all database tables - users can only access their own data.
• Passwords are never stored - authentication is handled by Supabase Auth (bcrypt hashing or OAuth).
• Payment card data is never sent to or stored on our servers (Razorpay tokenisation).
• Security headers (CSP, X-Frame-Options, X-Content-Type-Options) on all responses.

No system is 100% secure. If you discover a security vulnerability, please disclose it responsibly to security@yestercharts.com.

See our Cookie Policy for full details on the cookies we use.

Yestercharts is intended for users aged 18 and above. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@yestercharts.com and we will delete the account promptly.

We may update this policy as the platform evolves. We will notify registered users by email of any material changes at least 14 days before they take effect. The “Last updated” date at the top of this page reflects the most recent revision.

Questions or complaints about how we handle your data:

Email: privacy@yestercharts.com