# Trading Journal Privacy - Keeping Your Data Safe > Your trading journal contains sensitive financial data. Here is what to look for in a journal app's data handling and how to protect your information. **Tags:** trading-journal, privacy, data-security, api-key **URL:** https://traderjournal.app/trading-journal/trading-journal-privacy-data-safe --- # Trading Journal Privacy - Keeping Your Data Safe A trading journal stores detailed information about your financial activity - every trade, your account balance, your overall performance, and potentially your broker and account details. This is sensitive data and it is worth understanding how it is handled before committing to any journal platform. --- ## What Data a Journal App Stores When you connect an MT4 or MT5 account to a journal app via an EA sync, the following data is transmitted and stored: - Every closed trade: symbol, direction, prices, times, lot size, P&L, commission, swap - Open position snapshots at regular intervals - Balance and equity snapshots over time - Notes, tags, screenshots, and ratings you add manually This is a detailed financial record. The EA sends it to a server operated by the journal platform. Understanding where that data lives and how it is secured matters. --- ## Key Privacy Questions to Ask **Is data encrypted in transit?** All requests between the EA and the server should use HTTPS, not plain HTTP. This prevents interception of data as it moves from your terminal to the server. **Where is data stored?** Cloud-based journal apps store your data on third-party infrastructure (AWS, Google Cloud, Cloudflare, etc.). This is industry standard and generally well-secured, but it means your data exists outside your direct control. **Who can access your data?** A reputable journal app will not sell or share your trade data with third parties. Read the privacy policy before signing up. **Can you export your data?** If you stop using the app, can you download a complete export of all your historical trades? If not, you are locked in and your data is not truly yours. **What does the API key give access to?** The API key used by the EA only has permission to push data to the journal server. It does not grant access to your trading account, cannot place or close trades, and cannot be used to log into your broker account. --- ## The API Key - What It Is and Is Not Many traders are concerned about the EA configuration requiring an API key. Here is what that key actually does: The API key is a credential that the journal server uses to verify that the data push is coming from your authorized EA installation. It is specific to your journal account. It has no relationship to your broker login credentials. Giving someone your journal API key allows them to push fake trade data to your journal. It does not give them access to your trading account, your funds, or your broker platform. The two systems are completely separate. That said, do not share your API key unnecessarily. Keep it in the EA configuration only. If you suspect it has been exposed, rotate it from the app's account settings. --- ## What Data Never Leaves Your Terminal The EA does not transmit your broker login credentials. It does not need them - it reads trade data from the already-logged-in terminal. Your username and password remain entirely local. The EA also does not have access to your funds or the ability to place trades. --- ## Anonymous Authentication Trader Journal uses anonymous authentication via RevenueCat. There is no email address linked to your account. Your account is identified by an anonymous ID string. This means your journal is not linked to your real identity in any database. The trade-off is that if you lose your RevenueCat ID and cannot access your original device, account recovery is limited. Store your ID somewhere safe. --- ## Best Practices - Keep your API key private - treat it like a password - Export your journal data periodically as a backup - Store your RevenueCat user ID in a secure location - Use a strong, unique password for any linked accounts (App Store, Google Play) - Review the privacy policy of any journal platform before connecting your trading account Trader Journal is built on Cloudflare Workers and D1 infrastructure with HTTPS on all data transmission. Data is stored per-account with API key authentication. Download at android.traderjournal.app or ios.traderjournal.app.