Privacy Policy
Last updated: June 24, 2026
Larinera operates TradeScript AI. Questions: hello@larinera.com
1. Data Controller
Larinera ("we", "us", or "our") is the data controller responsible for personal data processed through TradeScript AI and tradescript.online.
Privacy questions and requests can be sent to hello@larinera.com.
2. Scope
This Privacy Policy describes how we collect, use, share, and protect information when you use the TradeScript AI iOS application and visit tradescript.online (collectively, the "Service").
By using the Service, you acknowledge the practices described in this policy. If you do not agree, do not use the Service.
3. Information We Collect
We may collect the following categories of information:
- Account identifiers: an anonymous Firebase authentication user ID used to authenticate API requests and associate your account with purchases and credits. This ID is also used as your RevenueCat app user ID.
- Product interaction and usage data: app events such as screen views, feature usage, and purchase funnel events, collected via Firebase Analytics and Mixpanel. We do not use these tools for cross-app tracking.
- Purchase and entitlement data: subscription status, credit balance, product identifiers, and transaction references processed through RevenueCat and the Apple App Store. We do not receive your full payment card details.
- Device information: a device identifier stored in your device keychain to support API access, device registration, and analytics.
- Push notification data: a Firebase Cloud Messaging (FCM) token if you grant notification permission, used to deliver service-related notifications.
- User-submitted content: strategy descriptions, chat messages, generated code you submit for review or refinement, and optional chart screenshots you provide for AI processing.
- Diagnostics and security data: request metadata in server logs (such as request ID, endpoint name, billing path, duration, and HTTP status). We do not log full prompts, chat content, or images in these logs.
4. What We Do Not Store
Strategy text, chat messages, generated code, and chart images you submit are transmitted to our servers only for the purpose of fulfilling your AI request. We do not persist this content in our application database after processing completes.
Strategy history you save in the app is stored locally on your device (SwiftData) and is not synced to our cloud servers.
Short-lived operational data such as daily free-quota counters and rate-limit state may be held in Redis with a brief time-to-live and is deleted when no longer needed or when you delete your account.
5. How We Use Information
We use collected information to:
- Provide and operate the Service, including AI code generation, evaluation, refinement, and chat.
- Authenticate requests, register devices, and enforce usage limits (such as credits and rate limits).
- Process subscriptions, consumable credit packs, and entitlements.
- Send push notifications you have opted into.
- Monitor performance, detect abuse, fix bugs, and improve features.
- Respond to support requests and legal obligations.
6. Legal Bases (GDPR and KVKK)
If you are located in the European Economic Area (EEA), United Kingdom, or Turkey, we process personal data on the following bases, as applicable:
- Performance of a contract: to provide the Service you request, including AI features, credits, and subscriptions.
- Legitimate interests: to secure the Service, prevent abuse, and understand product usage in a way that does not override your rights.
- Consent: where required for push notifications or other optional processing. You may withdraw consent through device settings or by contacting us.
- Legal obligation: where we must retain or disclose data to comply with applicable law.
EEA and UK users retain mandatory data protection rights under GDPR. Users in Turkey retain rights under KVKK (Law No. 6698). Nothing in this policy limits non-waivable statutory rights.
7. AI Processing
When you submit text or images, that content is sent to our backend API (hosted on Railway) and processed by OpenAI to generate, evaluate, refine, or discuss trading-script code.
AI outputs may be inaccurate or incomplete. Do not submit sensitive personal information, government IDs, or confidential brokerage or exchange credentials through the Service.
We use OpenAI's API services to process your requests. We do not use your submissions to train our own public models. OpenAI processes data according to its API terms and privacy policy.
8. Third-Party Processors
We use the following categories of third-party processors:
- Firebase (Google) — anonymous authentication, analytics, and cloud messaging.
- Mixpanel — product analytics.
- RevenueCat — subscription and purchase entitlement management.
- Apple App Store — payment processing for in-app purchases.
- Railway — hosting for our backend API.
- OpenAI — AI inference for code generation and related features.
Each provider processes data according to its own privacy policy. We recommend reviewing their policies for more detail.
9. International Data Transfers
Your information may be processed in countries other than your own, including the United States and countries where our subprocessors operate.
Where required by applicable law (such as GDPR), we rely on appropriate safeguards for international transfers, including standard contractual clauses or equivalent mechanisms offered by our processors.
10. Data Retention
We retain information for as long as needed to provide the Service and for the periods below, unless a longer period is required by law:
- Account, credit balance, subscription status, device registrations, and usage metadata: until you delete your account or we no longer need the data to operate the Service.
- Purchase transaction records linked to your account: until account deletion, subject to retention by Apple and RevenueCat under their own policies.
- Redis quota and rate-limit data: short retention (typically hours to one day).
- Server diagnostic logs: for a limited operational period, then deleted or aggregated.
- Analytics data held by Firebase and Mixpanel: according to each provider's retention settings and our project configuration.
11. Account Deletion
You may delete your account at any time from Settings → Delete Account in the iOS app.
When you delete your account, we delete your server-side account data, including your user record, device registrations, credit transactions, and AI usage logs associated with your Firebase user ID. We also delete your Firebase authentication user and clear associated Redis keys.
Local strategy history on your device is removed as part of the in-app deletion flow. Deleting the app alone does not delete server-side account data.
Third-party services may retain certain data under their own policies. For example, Apple and RevenueCat may retain purchase records tied to your Apple ID, and analytics providers may retain event data until their retention periods expire or you exercise rights directly with them.
Deleting your account does not automatically cancel an active App Store subscription. Cancel subscriptions separately in Settings → Apple ID → Subscriptions.
You may also contact us at hello@larinera.com if you need help with deletion or have questions about residual data.
12. Your Rights and Choices
Depending on your location, you may have the right to access, correct, delete, restrict, or object to certain processing of your personal data, and to request data portability where applicable.
To exercise these rights, use in-app account deletion where available or email hello@larinera.com. We aim to respond within 30 days.
EEA and UK residents may lodge a complaint with their local data protection supervisory authority. Users in Turkey may apply to the Personal Data Protection Authority (KVKK).
We do not sell your personal data. We do not use Firebase Analytics or Mixpanel for cross-app tracking.
You can manage App Store subscriptions and purchase history through your Apple ID settings. Push notifications can be disabled in iOS Settings.
13. Children
The Service is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children.
Use of the Service requires you to be at least 16 years old (or the age of majority in your jurisdiction), as stated in our Terms & Conditions.
14. Security
We implement reasonable technical and organizational measures to protect information, including encrypted transport (HTTPS) and access controls on our infrastructure.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
15. Changes
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the latest revision. Material changes may also be communicated through the app or App Store listing where required.
Continued use of the Service after an update becomes effective constitutes acknowledgment of the revised policy, except where applicable law requires additional consent.
16. Contact
Privacy questions and requests can be sent to hello@larinera.com.