Privacy Policy
Tradiomatic ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.
1. Information We Collect
1.1 Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Account Information | Email, password, username | Account creation and authentication |
| Profile Information | Display name, preferences | Personalization of service |
| Payment Information | Billing address, payment method (processed by Stripe) | Subscription billing |
| Communications | Support requests, feedback | Customer support |
1.2 Information Collected Automatically
| Data Type | Examples | Purpose |
|---|---|---|
| Usage Data | Features used, charts viewed, time spent | Service improvement, analytics |
| Device Information | Browser type, OS, screen resolution | Compatibility and optimization |
| Log Data | IP address, timestamps, error logs | Security, troubleshooting |
| Cookies | Session cookies, preference cookies | Authentication, personalization |
1.3 Information from Third Parties
- OAuth Providers: If you sign in with Google or Apple, we receive basic profile information (email, name)
- Broker Connections: When you connect a broker account, we may receive account identifiers and trading data as authorized by you
- Payment Processor: Stripe provides transaction status (we do not store full payment card details)
2. How We Use Your Information
We use your information to:
- Provide, maintain, and improve our services
- Process transactions and send related information
- Send administrative messages, updates, and security alerts
- Respond to your comments, questions, and support requests
- Monitor and analyze usage patterns and trends
- Detect, prevent, and address technical issues and fraud
- Personalize your experience and provide relevant content
- Comply with legal obligations
3. Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA), we process personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services
- Legitimate Interests: Improving our services, security, and fraud prevention
- Consent: Marketing communications (where applicable)
- Legal Obligation: Compliance with applicable laws
4. Information Sharing and Disclosure
We do not sell your personal information. We may share your information with:
4.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| AWS (Amazon Web Services) | Cloud hosting, authentication | Account data, usage data |
| Stripe | Payment processing | Billing information |
| Massive.com / Polygon.io | Market data provider | API requests (no personal data) |
| Alpaca (if connected) | Brokerage services | As authorized by you |
4.2 Other Disclosures
We may also disclose information:
- To comply with legal process or government requests
- To protect our rights, privacy, safety, or property
- In connection with a merger, acquisition, or sale of assets
- With your consent
5. Data Retention
We retain your personal information for as long as necessary to provide services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods:
- Account Data: Until account deletion + 30 days
- Transaction Records: 7 years (legal requirement)
- Usage Analytics: 24 months (anonymized thereafter)
- Support Communications: 3 years
6. Your Rights and Choices
6.1 Access and Portability
You can access your personal data through your account settings. You may request a copy of your data in a portable format.
6.2 Correction and Deletion
You can update your account information at any time. You may request deletion of your account and associated data, subject to legal retention requirements.
6.3 Opt-Out
You can opt out of:
- Marketing emails by clicking "unsubscribe"
- Non-essential cookies through your browser settings
- Analytics tracking where permitted
6.4 GDPR Rights (EEA Residents)
If you are in the EEA, you have additional rights including the right to lodge a complaint with a supervisory authority.
6.5 CCPA Rights (California Residents)
California residents have the right to know what personal information is collected, request deletion, and opt-out of the sale of personal information (we do not sell personal information).
7. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure authentication through AWS Cognito
- Regular security assessments and monitoring
- Access controls and employee training
However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.
8. International Data Transfers
Your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place, such as standard contractual clauses, to protect your data during international transfers.
9. Children's Privacy
Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our website or sending you an email. Your continued use of the Service after such changes constitutes acceptance.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@tradiomatic.com
Data Protection Officer: dpo@tradiomatic.com