Privacy Policy

Last updated: March 15, 2026

1. Overview

Shadow Clone is designed with privacy as a core architectural principle. This policy explains what data is stored where and why.

2. Data Stored Locally (Your Browser Only)

The following data is stored exclusively in your browser via chrome.storage.local and is never transmitted to our server:

  • Tradovate passwords - Stored locally for one-click login functionality
  • Tradovate access tokens - Captured from your browser sessions, used to execute trades
  • Trade details - Symbol, direction, quantity, and execution results
  • Discord Webhook URL - Your personal notification endpoint
  • Account sync settings - Which accounts are enabled/disabled
  • Leader/Follower configuration - Copy trading settings

3. Data Stored on Our Server

Our server stores the minimum data necessary to relay trading signals:

  • Email address - For account authentication
  • Hashed password - Securely hashed, never stored in plain text
  • Webhook token - Unique identifier for receiving TradingView alerts
  • Account metadata - Tradovate account names, prop firm identifiers, connection status (no passwords or tokens)
  • Connection logs - WebSocket connection timestamps and IP addresses for system monitoring
  • Order metadata - Signal ID, status (sent/filled/failed), timestamps (no trade details like symbol or direction)
  • Missed signal records - When you were offline during a signal
  • Discord Webhook URL - Synced to server only for offline notification delivery

4. Data Flow

Trading signals: TradingView sends a webhook to our server containing symbol, action, and quantity. The server forwards this to your Extension via WebSocket. Your Extension executes the trade directly with Tradovate. Trade results are sent directly from your Extension to your Discord - not through our server.

Order results: Your Extension reports only success/failure status back to our server for tracking. The server never sees the full trade details.

5. Third-Party Services

  • Tradovate - Your Extension communicates directly with Tradovate APIs using your credentials
  • Discord - Your Extension sends trade notifications directly to your Discord Webhook URL
  • TradingView - Sends webhook alerts to our server (you configure this)
  • Google Fonts - Our website loads fonts from Google Fonts

6. Data Retention

Server data is retained as long as your account is active. You can request account deletion by contacting us. Local browser data is removed when you uninstall the Extension or clear browser storage.

7. Security

Passwords are hashed using bcrypt. WebSocket connections are authenticated via JWT tokens. All communications use HTTPS/WSS encryption. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Changes to This Policy

We may update this Privacy Policy at any time. Continued use of the Service after changes constitutes acceptance.

9. Contact

For privacy-related questions, contact us via Discord or the support channels listed on our website.