Privacy Policy

1. Who we are and what this policy covers

JTM Financial LLC (“JTM Financial,” “we,” “us,” “our”) provides Execution Watchdog™ (the “Software”), a Windows desktop trade-journaling and execution-discipline tool for futures traders. This Privacy Policy explains what personal information we collect, how we use it, with whom we share it, how long we keep it, and the rights you have over it.

This policy applies to (a) the Execution Watchdog desktop application, (b) the JTM Financial website at jtmfin.com (the “Site”), and (c) related interactions such as license verification, account communications, and customer support. It does not apply to any third-party platform you separately use with the Software, such as NinjaTrader 8 or a third-party AI service. Those platforms have their own privacy policies.

By installing the Software or using the Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, do not install the Software or use the Site.

2. What personal information we collect

The Software is designed to collect as little personal information as possible. The Software journals trades and archives sessions locally on the user's device. The only data that crosses the network to JTM Financial is the license-verification data described in Section 2.2. Two other network interactions occur outside JTM Financial's systems: an optional AI analysis feature that sends trade data directly to Anthropic under the user's own API key (Section 2.4), and the user's own internet connection used to reach the JTM Financial license server (Section 2.2).

The following sections describe the categories of information collected and the limited purposes for which JTM Financial collects it.

2.1 Information you give us

• Account and license information. When you purchase a license or create an account, we collect your name, email address, and the license key that we issue to you.

• Billing information. Payment is processed by our payment processor, Stripe, Inc. We receive only a Stripe customer identifier and subscription identifier in return; we do not receive, store, or transmit your full payment card number or banking details.

• Communications. If you contact us by email, through a website form (waitlist or demo request), or through customer support, we collect the information you provide in that communication, including your name, email address, and the contents of your message.

2.2 Information collected automatically by the Software

• License verification data. When the Software activates or performs a periodic license check (no more than once every thirty days, with up to fourteen days of offline grace), it transmits to our verification server (a) your license key and (b) a machine identifier. The machine identifier is a one-way SHA-256 cryptographic hash derived from your operating system’s machine identifier and your username; the underlying values themselves are never transmitted, and the hash cannot be reversed to recover them.

• Server-side log data. JTM Financial's verification server records standard request metadata for security and reliability purposes, including IP address, request timestamp, and the endpoint requested.

2.3 Information that stays on your device and is not collected by us

The following data is created and stored locally on your device and is not transmitted to JTM Financial:

• Trade journal and session archive. All logged trades, scores, grades, notes, emotional-state tags, related entries you create in the Software, and any saved sessions. Sessions and trade data are saved to a local folder on your device and are not uploaded to JTM Financial or any other party.

• Settings and preferences. Application settings, including your optional third-party AI API key (stored only on your device).

• Cached license file. A local copy of your license status.

2.4 Information you may send to third parties through the Software

• Optional AI analysis (Anthropic). If you choose to use the Software’s optional AI analysis feature, the Software sends an analysis prompt summarizing your trade statistics directly from your device to Anthropic’s API, authenticated with your own Anthropic API key. JTM Financial does not receive, store, log, or proxy this traffic. Your use of Anthropic’s services is governed by Anthropic’s own privacy policy and terms.

• Optional NinjaTrader 8 integration. The Software interoperates with NinjaTrader 8 over a local WebSocket connection on your own machine (loopback only). No NinjaTrader data or brokerage credentials are transmitted to JTM Financial.

2.5 Website information

• Form submissions. When you submit a waitlist or demo-request form on jtmfin.com, the form data (name where requested, email address, message contents) is collected by our form provider, Netlify, and forwarded to us by email.

• Server logs and limited analytics. Our Site host (Netlify) maintains standard server logs (IP address, user agent, referrer, pages visited). We do not deploy third-party advertising trackers or cross-site behavioral-advertising pixels on the Site.

2.6 What we do not collect

We affirmatively do not collect the following:

• Sensitive categories of personal information: no biometric data, no precise geolocation, no government ID numbers, no racial or ethnic origin, no health information, no information about sexual orientation or religion, and no financial account numbers.

• Trade journal contents and saved session data. These are stored only on the user's device and are not transmitted to JTM Financial.

• Brokerage credentials or brokerage account data.

• Advertising identifiers.

• Browsing activity on websites other than ours.

• Information from other applications running on your computer.

3. How we use your information

We use the limited information we collect only for the following purposes:

• Providing the Software. To activate and verify your license, deliver software updates, and provide customer support.

• Processing payments. To bill your subscription through Stripe, manage renewals, and resolve billing issues.

• Communicating with you. To respond to inquiries, send service-related notices (security alerts, billing notices, material changes to this policy or the End User License Agreement), and, with your consent where required, send occasional product updates.

• Security and abuse prevention. To detect and prevent unauthorized use of the Software, suspicious license activity, or abuse of our systems.

• Legal compliance. To comply with applicable law, respond to lawful requests from authorities, and enforce our agreements.

3.1 Lawful bases under GDPR (for visitors in the EEA, UK, or Switzerland)

To the extent the General Data Protection Regulation, UK GDPR, or Swiss equivalent applies to you, our lawful bases for processing personal information are:

• Contract. Activation, license verification, billing, and customer support are necessary to perform our contract with you.

• Legitimate interests. Security monitoring, fraud prevention, and limited service-related communications are based on our legitimate interest in running a secure commercial service, balanced against your interests.

• Consent. Where consent is required (for example, optional marketing emails), we ask for and rely on your consent and you may withdraw it at any time.

• Legal obligation. Where law requires us to retain or disclose information.

4. Who we share information with

We do not sell your personal information, and we do not share your personal information with third parties for those parties’ own marketing purposes. We share limited information only with the service providers we need to operate the Software, and only as described below.

4.1 Service providers (sub-processors)

• Stripe, Inc. — payment processing. Stripe processes your subscription payments on our behalf. We share with Stripe the information needed to bill you; Stripe collects and stores your payment-card details directly. Stripe’s privacy policy: https://stripe.com/privacy.

• Railway Corp. — cloud hosting. Our verification server and database are hosted on Railway. Railway therefore processes the license verification data described in Section 2.2 in its capacity as our hosting provider.

• Netlify, Inc. — website and form hosting. Our website is hosted on Netlify and Netlify processes form submissions on our behalf.

• Email and customer-support providers. We use commercial email services to communicate with you. Those providers process the contents of our messages to and from you.

4.2 Required by law

We may disclose information when we believe in good faith that disclosure is necessary to (a) comply with a lawful court order, subpoena, or other legal process; (b) protect our rights, safety, or property; or (c) investigate, prevent, or respond to suspected fraud, security incidents, or violations of our agreements.

4.3 Business transfers

If JTM Financial is involved in a merger, acquisition, sale of assets, or similar transaction, your information may be transferred to the acquiring party as part of that transaction, subject to the obligations of this Privacy Policy.

4.4 No sale; no sharing for cross-context behavioral advertising

JTM Financial does not sell personal information, and does not share personal information for cross-context behavioral advertising.

5. How long we keep information

We keep personal information only as long as we need it for the purposes described in this Policy, then delete or anonymize it. Specific retention periods:

• Active license and account information. While your license or account is active.

• Billing and tax records. Up to seven (7) years after the end of the subscription, to comply with U.S. tax and accounting requirements.

• Customer-support and communications records. Up to two (2) years from the last communication, unless a longer period is required for legal, dispute, or audit purposes.

• Verification-server logs. Ninety (90) days for routine logs; longer for security-investigation records as necessary.

• Website form submissions. Up to twenty-four (24) months from submission, unless an active customer relationship requires longer.

When the retention period ends, we delete or de-identify the information.

6. How we protect information

We use reasonable administrative, technical, and physical safeguards designed to protect your personal information against accidental loss and unauthorized access, alteration, disclosure, or destruction. These include:

• Encryption in transit. All connections between the Software and our verification server, and between our website and visitors’ browsers, use TLS/HTTPS.

• Hashed machine identifiers. The machine identifier transmitted by the Software is a one-way SHA-256 hash; raw identifiers are never transmitted.

• Encrypted local storage. The Software stores the cached license file in encrypted form on your device.

• Payment isolation. We never see or store your full payment card information; Stripe handles this directly.

• Vendor due diligence. We rely on established service providers (Stripe, Railway, Netlify, etc.) with their own security programs.

No method of transmission over the internet or electronic storage is 100% secure. While we use reasonable safeguards, we cannot guarantee absolute security.

7. Your privacy rights

Depending on your jurisdiction, you may have some or all of the rights below. We extend the core rights (access, correction, deletion, and portability) to all users regardless of jurisdiction, because we believe it is the right approach.

• Right to know / access. Request a copy of the personal information we hold about you.

• Right to correct. Ask us to correct inaccurate information.

• Right to delete. Ask us to delete personal information we hold about you, subject to limited exceptions (such as a legal-retention requirement).

• Right to portability. Receive a copy of your information in a portable, machine-readable format. Note: your trade journal is already accessible to you locally and can be exported from within the Software as a CSV file at any time, without needing to contact us.

• Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of. If our practices change, we will provide a clear opt-out and notify you in advance.

• Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

• Right to withdraw consent. Where we rely on your consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

7.1 How to exercise your rights

To exercise any of these rights, email us at info@jtmfin.com or write to us at the address in Section 12. We may need to verify your identity, typically by confirming the email address associated with your license, before fulfilling your request, to protect against unauthorized access to your information. JTM Financial will respond within the time required by applicable law.

7.2 Authorized agents

If you are a California resident, you may designate an authorized agent to make requests on your behalf. We may require proof of the agent’s authority and your verified identity before processing such a request.

7.3 Right to appeal

If JTM Financial denies your privacy request, you may appeal that decision by emailing info@jtmfin.com with the subject line “Privacy Appeal.” If the appeal is denied, you may contact your state attorney general.

8. Children’s privacy

The Software and the Site are not directed to children under thirteen (13) years of age. JTM Financial does not knowingly collect personal information from children under 13. If you are a parent or legal guardian and you believe that a child under 13 has provided personal information to us, please contact us at info@jtmfin.com and we will promptly delete that information and terminate any related account.

Users between 13 and the age of majority in their jurisdiction (typically 18 in the United States) may use the Software only with the involvement and consent of a parent or legal guardian, consistent with our End User License Agreement.

9. International users and cross-border processing

JTM Financial is based in the United States, and our service providers (Stripe, Railway, Netlify, Anthropic) primarily process data in the United States. If you access the Software or the Site from outside the United States, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction.

For visitors in the EEA, UK, or Switzerland, where required, we rely on appropriate safeguards for these transfers, such as the U.S. processors’ own commitments under the EU-U.S. Data Privacy Framework or Standard Contractual Clauses incorporated into the agreements with our processors.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes (changes that reduce your rights or significantly expand our processing), we will notify you by email to the address associated with your license, and, where required, obtain your affirmative consent before the changes take effect for you. Non-material changes (such as clarifications, typo fixes, or updates to a service-provider list) take effect on posting. The “Last updated” date at the top of this Policy reflects the date of the most recent revision.

11. California disclosures

This section provides additional information for California residents under the California Online Privacy Protection Act.

11.1 Categories of personal information collected

JTM Financial collects the following categories of personally identifiable information from California residents through the Software and the Site:

• Identifiers. Name, email address, license key, machine-identifier hash, Stripe customer and subscription identifiers.

• Commercial information. Subscription tier, subscription status, billing-related metadata returned by Stripe.

• Internet or other electronic network activity. Server logs (IP address, timestamps, endpoints) for license-verification calls and website visits.

• Inferences. JTM Financial does not draw inferences about you.

11.2 Sources, purposes, retention, and recipients

Sources, purposes, and retention periods are described in Sections 2, 3, and 5 above. The categories of third parties with whom JTM Financial may share personally identifiable information are described in Section 4 (payment processor, cloud hosting provider, website and form host, and email and customer-support providers).

11.3 Do Not Track signals

The Software and the Site do not track users across other websites or online services. JTM Financial does not respond differently when a browser sends a Do Not Track signal because JTM Financial does not engage in the kind of cross-site tracking that a Do Not Track signal is designed to address.

11.4 Third-party tracking

JTM Financial does not permit third parties to collect personally identifiable information about an individual consumer’s online activities over time and across different websites when that consumer uses the Site or the Software.

11.5 California Consumer Notice

California residents may contact the Complaint Assistance Unit of the Division of Consumer Services of the California Department of Consumer Affairs in writing at 1625 North Market Blvd., Suite N 112, Sacramento, California 95834, or by telephone at (800) 952-5210.

12. How to contact us

Questions, comments, or privacy requests about this Policy can be sent to:

JTM Financial LLC
2520 Venture Oaks Way, Suite 120, Sacramento, CA 95833
Email: info@jtmfin.com
Website: https://jtmfin.com

This document is a working draft awaiting attorney review. Do not publish.