Journalyze

Privacy policy

This policy explains how Journalyze processes your personal data and the rights you have under the EU General Data Protection Regulation (GDPR). Journalyze is an online trading journal operated by APX Software UG (haftungsbeschränkt).

1. Controller

The controller responsible for the processing of your personal data is:

APX Software UG (haftungsbeschränkt)
Sudbrackstr. 17, 33611 Bielefeld, Germany
Email: [email protected] · Phone: +49 (0)521 44693440

For any data protection enquiry, please contact us at the address above. See our Imprint for further company details.

2. Data we process

  • Account data: name, email address, password (hashed), and authentication metadata when you register and sign in.
  • Trading content you upload: trade executions (via CSV upload or API import), notes, tags, journal entries, screenshots and screen recordings. This content is private to your account unless you choose to share or publish it.
  • Billing data: subscription plan, billing address, VAT ID (if provided) and payment status. Card details are handled directly by our payment provider and are not stored on our servers.
  • Usage and log data: IP address, browser and device information, and server logs needed to operate and secure the service.
  • Analytics data: usage statistics collected only with your consent (see section 6).
  • Communications: the content of messages you send us for support.
  • Performance of a contract (Art. 6(1)(b) GDPR) – to provide your account and the journaling features, and to handle billing.
  • Legal obligation (Art. 6(1)(c) GDPR) – to retain invoices and accounting records.
  • Legitimate interests (Art. 6(1)(f) GDPR) – to keep the service secure, prevent abuse and maintain logs.
  • Consent (Art. 6(1)(a) GDPR) – for analytics cookies and any non-essential tracking. You can withdraw consent at any time with future effect.

4. Hosting & infrastructure

Our application and databases are hosted on servers operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, located in data centres in Germany. Hetzner acts as a processor on our behalf under a data processing agreement.

We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a DNS, content delivery and caching provider and to protect the service against attacks. When you access Journalyze, your request is routed through Cloudflare’s network, which processes connection data such as your IP address for these purposes. The legal basis is our legitimate interest in a fast and secure service (Art. 6(1)(f) GDPR).

Uploaded media (screenshots and screen recordings) are stored in object storage and served via the infrastructure described above.

5. Payments

Our subscriptions are sold and processed by Paddle (Paddle.com Market Ltd, Judd House, 18–29 Mora Street, London EC1V 8BT, United Kingdom) acting as our Merchant of Record (reseller). When you subscribe, the payment and billing data you enter is provided to and processed by Paddle to complete the transaction, issue the invoice, and collect and remit any applicable VAT or sales tax. We do not receive or store your full card number. Paddle’s processing is governed by its own privacy policy at paddle.com/legal/privacy. The legal basis is performance of the contract (Art. 6(1)(b) GDPR).

6. Analytics & cookies

We use Google Analytics, a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland), to understand how the website is used so we can improve it. Google Analytics uses cookies and similar technologies and processes data such as a truncated IP address, device and usage information.

Google Analytics and any other non-essential cookies are only loaded after you give your consent via our cookie banner (Art. 6(1)(a) GDPR). Until then, no analytics cookies are set and no analytics requests are sent. You can change or withdraw your choice at any time by selecting “Cookie settings” in the footer. Essential cookies that are strictly necessary to operate the site and keep you signed in are always set and do not require consent.

7. Error tracking

We use Sentry (Functional Software, Inc., USA) to capture technical errors and exceptions so we can diagnose and fix problems. This may include limited technical data such as the IP address and the actions leading to an error. The legal basis is our legitimate interest in a stable and secure service (Art. 6(1)(f) GDPR).

8. Recipients & processors

We share personal data only with service providers acting as processors on our behalf, each bound by a data processing agreement:

  • Hetzner Online GmbH – hosting (Germany)
  • Cloudflare, Inc. – DNS, CDN, caching and security
  • Paddle.com Market Ltd – payment processing and Merchant of Record
  • Google Ireland Limited – analytics (consent-based)
  • Functional Software, Inc. (Sentry) – error tracking

We do not sell your personal data.

9. International data transfers

Some of the providers above are based in or process data in the United States. Where personal data is transferred outside the EU/EEA, the transfer is safeguarded by the EU Standard Contractual Clauses and/or by the provider’s certification under the EU–U.S. Data Privacy Framework, together with appropriate additional measures.

10. How long we retain your data

We keep your account and trading content for as long as your account exists. When you delete your account, the associated content is deleted, except for data we are legally required to keep – in particular invoices and accounting records, which are retained for the statutory retention periods (generally up to 10 years under German tax and commercial law). Server and security logs are kept only for as long as necessary.

11. Your rights

Under the GDPR you have the right to:

  • access your personal data (Art. 15);
  • rectification of inaccurate data (Art. 16);
  • erasure (Art. 17);
  • restriction of processing (Art. 18);
  • data portability (Art. 20);
  • object to processing based on legitimate interests (Art. 21); and
  • withdraw consent at any time with future effect.

To exercise these rights, contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Postfach 20 04 44, 40102 Düsseldorf, Germany.

We may update this privacy policy from time to time. The current version is always available on this page.

May 31, 2026
<- Imprint
Terms of service ->