Privacy Policy
Last updated: March 2026 · Effective date: March 2026
Who we are
EmotionLock is a trade name of BIB, a sole proprietorship registered in the Netherlands.
KVK number: 75526972
Contact: support@emotionlock.app
What data we collect and why
We only collect data that is strictly necessary to provide the EmotionLock service. EmotionLock does not have a traditional account system with email and password. Access is managed entirely through Apple In-App Purchase.
Device identifier (UUID)
A random UUID is generated on first launch and stored in your iOS Keychain. It survives reinstall and is not linked to your Apple ID, IDFA, or device serial. Used to identify your account on our backend.
Legal basis: Art. 6(1)(b) GDPR (contract performance)
MT5 connection data
Your MT5 server name and account number are stored in our Supabase database. Your investor password is transmitted encrypted to MetaAPI and never stored on EmotionLock servers.
Legal basis: Art. 6(1)(b) GDPR (contract performance)
Trade count and activity
We store only the count of closed trades per day, not the trade details, instruments, or P&L. The count resets at midnight in your local timezone.
Legal basis: Art. 6(1)(b) GDPR (contract performance)
Push notification token
An Apple Push Notification Service (APNs) token, used only to alert you when your trade limit is reached.
Legal basis: Art. 6(1)(a) GDPR (consent)
App settings
Your daily trade limit, emergency tokens, and countWinningTrades preference.
Legal basis: Art. 6(1)(b) GDPR (contract performance)
App blocking selection (on-device only)
Cryptographic tokens from the Family Controls framework, opaque to the developer. Used only to block your selected apps when locked.
Legal basis: Art. 6(1)(a) GDPR (consent)
Payment data
All payments are processed by Apple via StoreKit 2. We only receive an entitlement confirmation, never your payment details.
Legal basis: Art. 6(1)(b)(c) GDPR
Marketing research (legitimate interest)
We scan public Reddit and X (Twitter) posts for keywords like "revenge trading" and "trading addiction" to understand market needs. We store URL, author, post text, and engagement metrics. We never reach out without separate consent.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest)
Review data (optional)
If you submit a review on our website, we store your name and the review text.
Legal basis: Art. 6(1)(a) GDPR (consent)
Screen Time and app blocking
EmotionLock uses Apple’s Family Controls and Screen Time API to block your selected trading apps when you reach your daily limit.
- Only the apps you explicitly select are blocked.
- Cryptographic tokens from Family Controls are opaque to the developer.
- No usage data, screen time, or app activity is collected.
- All blocking happens on-device only.
- Requires Family Controls authorization, granted explicitly by you.
Legal basis: Art. 6(1)(a) GDPR (consent)
Third-party services
Apple (StoreKit / APNs)
Processes all payments and delivers push notifications. See Apple Privacy Policy.
Supabase
Database hosting. SOC 2 Type 2 certified. EU and US servers, under Standard Contractual Clauses.
Railway
Backend hosting. Stateless, in-memory only.
MetaAPI
MT5 connectivity. Stores your encrypted investor password while connection is active. UK and US servers, SOC 2 Type 2 certified.
We do not sell, rent or share your personal data with any third party for marketing or advertising purposes. We do not use your data for profiling or automated decision-making that produces legal or similarly significant effects on you.
International data transfers
Some of our processors are located outside the EEA. For all non-EEA transfers, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission, ensuring an equivalent level of protection as required under EU law.
Data retention
Your rights under GDPR
You have the following rights under the General Data Protection Regulation (GDPR):
Right to be informed
You have been informed by reading this policy.
Right of access (Art. 15)
You can request a copy of all personal data we hold about you.
Right to rectification (Art. 16)
You can request corrections to inaccurate personal data.
Right to erasure (Art. 17)
You can request deletion of your account and all associated data.
Right to restriction (Art. 18)
You can request that we restrict processing of your data.
Right to portability (Art. 20)
You can request your data in a structured, machine-readable format.
Right to object (Art. 21)
You can object to processing based on legitimate interest.
Automated decision-making (Art. 22)
EmotionLock does not perform automated decision-making with legal effects on you.
We will respond to any rights request within 30 days. If you believe we are not handling your data correctly, you can lodge a complaint with the Dutch Autoriteit Persoonsgegevens (the supervisory authority).
Account deletion
To request deletion of your account and all associated data, email support@emotionlock.app with the subject “Account deletion request”. Your data will be removed within 30 days. Your investor password is removed from MetaAPI the moment you disconnect MT5 in the app.
Cookies and tracking
We use only essential session cookies on our website. We do not use advertising cookies, third-party tracking, or analytics that identify individual users. The iOS app does not access the IDFA, perform cross-app tracking, or share data with data brokers.
Age restriction
EmotionLock is intended for users aged 18 and over.
Security
All connections use HTTPS/TLS. Your investor password is stored in the iOS Keychain on your device and on MetaAPI’s SOC 2 Type 2 certified infrastructure. Our backend uses access-controlled hosting on Railway. In the event of a data breach affecting your rights and freedoms, we will notify you and the supervisory authority within 72 hours as required under Art. 33 and 34 GDPR.
Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced via in-app notice. The “Last updated” date at the top of this page always reflects the most recent revision.
Questions about your data?
Email us at support@emotionlock.app