Gujjar Trade World ("GTW", "we", "us") is a private trading-call registry operated for invited users. This policy explains what information we collect, how we use it, and the choices you have.
What we collect
Google account identity — when you sign in with Google, we receive your email address, given name, and family name from Google's OpenID Connect profile. We do not request or store any other Google profile fields, and we do not have access to your Gmail, Drive, Calendar, or any other Google services.
Application data you create — trade calls, target prices, execution records, and other entries you make in the app are stored in our database alongside a timestamp and your email as the actor.
Operational logs — standard server logs (request paths, status codes, IP address, user agent) are retained for short-term debugging and security monitoring.
How we use your information
To authenticate you and check that an administrator has added you to the allowlist.
To attribute trade calls and audit events to the operator who created them.
To diagnose errors and protect the service from abuse.
We do not sell, rent, or share your information with third-party marketers. We do not use your data to train AI models.
Where your data lives
All application data is stored in private AWS infrastructure (PostgreSQL on Amazon RDS, application logs on Amazon CloudWatch) in the us-east-1 region. Access is restricted to GTW administrators.
Third parties involved
Google — for sign-in authentication only.
Alpaca Securities — when you place a trade through GTW, the order is sent to your Alpaca brokerage account. Alpaca's own privacy policy governs that relationship.
AWS — infrastructure provider.
Retention
Trade call records are retained for as long as your account is active. When an administrator terminates your account, your app_users row is deleted; trade calls you previously created are retained as historical records (your email remains attached to them for audit purposes).
Your choices
You can request account deletion by contacting an administrator.
You can sign out at any time from the application header.
Session cookies are signed with a server-side secret, marked HttpOnly and Secure, and expire after 24 hours. Database connections use TLS. Application secrets live in AWS Systems Manager Parameter Store, accessed via short-lived IAM credentials.
Contact
Questions or requests: contact a GTW administrator directly.
Changes to this policy
If this policy changes, we will update the date at the top and notify allow-listed users.