Legal

Privacy Policy

Last updated: May 25, 2026

X-Ray (“we,” “our,” “the platform”) is a forensic trade diagnostic service. This policy explains what data we collect, how we use it, and how we protect it.

1. What We Collect

When you upload a trade history file (CSV or HTM), the file typically contains:

• —Trade ticket numbers
• —Open and close timestamps
• —Trading instrument (e.g., XAUUSD, NAS100)
• —Trade direction (buy/sell)
• —Lot size / volume
• —Entry and exit prices
• —Stop loss and take profit levels
• —Profit/loss, swap, and commission values

We also collect:

• —Email address (for report delivery and account access)
• —Account type selection (personal, prop firm, funded, demo)
• —Challenge parameters you voluntarily provide (balance, drawdown limits, profit targets)
• —Payment information (processed by Stripe — we never see or store your full card number)

2. What We Never Collect

X-Ray does not collect, request, store, or have access to:

• —Your MetaTrader 5 account password
• —Your broker login credentials
• —Your broker API keys or tokens
• —Your bank account, withdrawal, or deposit information
• —Your government-issued identification
• —Your physical address
• —Your account balance (unless you voluntarily provide it for context-aware analysis)

We have no ability to log into your trading account. We cannot place, modify, or close trades on your behalf. X-Ray is a read-only diagnostic tool that analyzes historical trade data you provide.

3. How We Use Your Data

Your trade data is used exclusively to:

• —Generate your forensic diagnostic report
• —Calculate your 7-dimension behavioral scores
• —Produce prescriptions and compliance tracking
• —Build your Trader DNA profile (if subscribed)
• —Improve our diagnostic models through anonymized, aggregated statistical analysis

We do not sell, rent, license, or share your individual trade data with any third party. Ever.

4. Data Storage and Security

• —Trade history files (CSV/HTM) are processed in memory and may be temporarily stored during analysis. Original files are deleted after report generation.
• —Generated reports are stored in encrypted cloud storage (Supabase) and accessible only to you via your account.
• —All data transmission uses TLS 1.2+ encryption.
• —Payment processing is handled entirely by Stripe, which is PCI DSS Level 1 certified. We never see or store your full payment card details.
• —Database access is restricted to authenticated services with role-based access controls.

5. Future Live Connector (Phase 3+)

When the optional live MT5 connector becomes available:

• —A lightweight application runs on YOUR computer alongside your MetaTrader 5 terminal
• —It reads trade data locally from your own MT5 installation
• —Only trade event data (ticket, symbol, direction, P/L, timestamps) is transmitted to our servers
• —Your MT5 login credentials are never transmitted to or stored on our servers
• —The connection is strictly read-only — X-Ray cannot and will not place, modify, or close any trade
• —You can disconnect the connector at any time

6. Anonymized Aggregate Data

We may use anonymized, non-identifiable aggregate data to:

• —Calculate platform-wide benchmarking percentiles
• —Improve diagnostic model accuracy
• —Generate platform statistics (e.g., "2,400+ trades diagnosed")
• —Train proprietary diagnostic models

No individual trader can be identified from aggregate data.

7. Data Retention and Deletion

• —Free tier (SIGNAL): analysis data retained for 30 days, then automatically deleted
• —Paid tiers: data retained for the duration of your subscription plus 90 days after cancellation
• —You may request complete deletion of all your data at any time by contacting hello@xray.trade
• —Upon deletion request, all trade data, reports, and profile information are permanently removed within 14 business days

8. Cookies and Tracking

• —We use essential cookies for authentication and session management only
• —We do not use advertising cookies or tracking pixels
• —We do not share data with advertising networks
• —Basic analytics (page views, feature usage) may be collected to improve the platform

9. Third-Party Services

We use the following third-party services:

• —Stripe (payment processing) — stripe.com/privacy
• —Supabase (database and authentication) — supabase.com/privacy
• —Vercel (hosting) — vercel.com/legal/privacy-policy
• —Anthropic Claude API (AI analysis) — anthropic.com/privacy

Note: trade data sent to the Claude API for analysis is not used by Anthropic to train their models per their API data policy.

10. Your Rights

You have the right to:

• —Access all data we hold about you
• —Request correction of inaccurate data
• —Request complete deletion of your data
• —Export your reports and analysis history
• —Withdraw consent for data processing at any time

Contact: hello@xray.trade

11. Changes to This Policy

We may update this policy as the platform evolves. Material changes will be communicated via email to registered users. Continued use of the platform after changes constitutes acceptance.

12. Jurisdiction

This platform is operated from Lebanon. By using X-Ray, you agree that any disputes will be governed by applicable Lebanese law, without prejudice to any mandatory consumer protection laws in your jurisdiction.