Privacy checklist

Paper trading data privacy checklist

A paper trading data privacy checklist helps keep simulated trading evidence useful without leaking account identifiers, API keys, private journal notes, or live financial account data.

Open privacy overview Open journal template

Paper review, not live-account exposure

Trading Boy does not execute live trades, hold funds, or provide financial advice. Paper-trading records should be treated as practice evidence. They can include simulated entries, exits, rules, risk notes, and review outcomes, but they should not expose private credentials or live account access.

Privacy review table

Use this table before sending a screenshot to support, pasting journal context into an AI review, or publishing a public paper benchmark alias. The useful part of the record is the simulated decision context, not the private account wrapper around it.

Data type	Keep private	Usually safe for paper review	Reason
Account identity	Email address, billing account, user id, private aliases.	A chosen public benchmark alias if the user opted in.	Search and support pages do not need private identifiers to explain a simulated process.
API credentials	Full Trading Boy keys, exchange API keys, secret keys, seed phrases.	Permission category labels such as read-only, trading disabled, or no key used.	Credential values should never be included in screenshots, prompts, docs, or support messages.
Journal fields	Private notes, unrelated account details, off-platform messages.	Setup, timeframe, thesis, invalidation, simulated size, result, and review note.	AI review needs enough context to judge the process, not every personal detail.
Market context	Private watchlist names that identify a person or firm.	Generic symbol set, timeframe, and rule name.	Context should explain the simulated decision without exposing a private operating model.
Public benchmark data	Account ids, raw internal records, full paper journal rows.	Opted-in alias, simulated PnL fields, rank, methodology link, and limitations link.	Public pages should be useful and transparent without becoming private data exports.
Analytics and events	API keys, account identifiers, journal content in event labels.	Aggregate page views, signup clicks, docs clicks, pricing clicks, and SEO CTA clicks.	Website analytics should measure product usage patterns, not private trading records.

Example privacy review before sharing a paper journal

Scenario: A trader wants help reviewing 30 simulated crypto entries. The exported journal includes setup labels, paper size, entry timing, exit notes, account email, an exchange account nickname, and a screenshot where a partial API key is visible.

Privacy pass: The trader removes the account email, exchange nickname, visible API key fragment, and unrelated notes. The remaining review sample keeps symbol category, timeframe, setup label, invalidation, paper risk, result, and the reviewer question.

Decision: The cleaned sample is enough to use the paper trading results validation checklist and the AI trading agent human review checklist. The private identifiers do not improve the review, so they stay out.

Checklist before sharing paper evidence

Remove secrets: Delete full or partial API keys, seed phrases, exchange secrets, recovery codes, and webhook tokens.
Remove identity: Hide account email, billing details, internal ids, and private exchange account labels.
Keep decision fields: Preserve setup, rule, invalidation, simulated size, risk cap, result, and review note.
Label simulation: Make it obvious that rows are paper records, not live fills or financial advice.
Limit prompt context: Give AI reviewers the minimum context needed to audit the paper process.
Use public aliases carefully: Only publish leaderboard aliases and simulated metrics that are intentionally opted in.

Where this fits in the Trading Boy workflow

Start with the paper trading hub, record simulated decisions with the paper trading journal template, and then run this privacy pass before support, AI review, or public benchmark discussion.

If a record includes exchange credentials or live-account permissions, pause and use the trading API key safety checklist and AI trading agent permission boundaries before sharing anything.

What to keep in an AI review prompt

An AI review prompt should be narrow enough to inspect the process. For example: "Review these 12 simulated entries for rule consistency, oversizing, missing invalidation, and hindsight edits. Do not infer live readiness. Return one paper-mode improvement." That prompt needs journal columns and rule descriptions. It does not need account email, exchange API keys, billing details, wallet addresses, or private support messages.

Good privacy practice also improves SEO content quality. A page that shows realistic sanitized examples is more useful than a generic warning. It lets a reader understand exactly which paper-trading fields matter and which fields should stay out of public pages, support tickets, AI prompts, and screenshots.

Paper trading data privacy FAQ

What data should stay out of a paper trading journal screenshot?

Remove account emails, full API keys, private exchange identifiers, wallet addresses, billing details, and private notes that are not needed to understand the simulated decision.

Can AI review use private paper trading records?

Only share the minimum context needed for the review. A paper review usually needs setup, rule, risk, and outcome fields, not private account credentials or unrelated financial account data.

Are public paper trading benchmarks private by default?

Public benchmarks should use opted-in aliases and simulated metrics. Private account identifiers and full journal records should not be exposed in public benchmark pages.