Privacy Policy

1. Who we are

The data controller / business responsible for personal data processed through the Services is SignalsTrade (as identified in invoices, the product, or enterprise agreements). Contact: support@signalstrade.io unless another address is published for privacy requests.

2. Scope

This policy applies to personal data collected through our websites, web applications, APIs, authentication flows, and support channels. Third-party brokers, exchanges, identity providers (e.g., Google sign-in), payment processors, and analytics tools have their own policies—we describe our role at a high level below.

3. Personal data we may collect

Depending on how you use the Services, we may process:

• Account & identity: name, email address, password hashes, user IDs, referral or coupon codes, multi-factor authentication metadata, OAuth subject identifiers when you choose social login.
• Trading automation context (operational): strategy IDs, webhook URLs or keys, routing configuration, timestamps, execution or order-related messages as transmitted through our systems to provide the service (we do not intend to “rate” investments; this is telemetry and routing data).
• Broker / integration metadata: broker type, connection or bind status, gateway or session identifiers as required to pair your account with supported integrations—not a complete list of positions unless a feature explicitly stores it to show you in the UI you requested.
• Technical & security: IP address, device/browser type, approximate location from IP, logs, cookies or local storage for session and preferences, abuse-prevention signals.
• Billing (if applicable): subscription state, transaction references, limited payment metadata through our payment processor (we typically do not store full card numbers).
• Support communications: messages you send to support, attachments you provide voluntarily.

4. Purposes & legal bases (EEA/UK concepts, where applicable)

We process personal data to:

• Provide and secure the Services (contract / legitimate interests: fraud prevention, integrity of trading automation tooling);
• Authenticate users, manage sessions, enforce terms, and handle incidents;
• Operate webhooks and routing you configure, and display information you request in the product;
• Bill, collect taxes where required, and communicate transactional messages;
• Improve reliability and performance (e.g., diagnostics, aggregated usage), without selling your personal trading instructions as “advisory leads”;
• Comply with law (e.g., subpoenas, regulatory inquiries, sanctions screening where applicable).

Where consent is required (e.g., certain non-essential cookies or marketing emails in some regions), we will request it separately where feasible.

5. Sensitive or special categories

The Services are not intended to collect sensitive categories (e.g., health data). If you voluntarily include such information in support tickets or uploads, we will treat it narrowly for the purpose you provided it and delete or redact where appropriate on request.

6. Cookies & local storage

We use cookies and similar technologies for authentication, security, preferences (e.g., UI theme), and analytics if enabled. You can control cookies through browser settings; blocking essential cookies may impair login or CSRF protections.

7. Sharing with third parties

We may share personal data with:

• Infrastructure & subprocessors: hosting, logging, email delivery, monitoring—bound by contracts requiring appropriate safeguards;
• Identity & payments: e.g., Google OAuth, payment processors—governed by their terms;
• Brokers / gateways only as directed by your use of integrations (data flows necessary to connect your account);
• Professional advisers, acquirers, or authorities where required or permitted by law.

We do not sell personal information in the traditional “data broker” sense. If U.S. state laws require a “Do Not Sell” disclosure, we will update this section accordingly.

8. International transfers

We may process data in countries other than your own. Where required, we use appropriate mechanisms (e.g., Standard Contractual Clauses) or supplementary measures. Enterprise customers may request our subprocessor list or DPA terms.

9. Retention

We retain personal data only as long as needed for the purposes above, including legal, accounting, or dispute resolution needs. Aggregated or de-identified statistics may be retained longer. Broker-specific artifacts may be retained according to auditability settings or legal obligations applicable to SignalsTrade—not as investment advice records unless separately agreed.

10. Security

We implement administrative, technical, and organizational measures designed to protect personal data (e.g., encryption in transit where appropriate, access controls, monitoring). No method of transmission or storage is 100% secure; you must protect credentials, webhook secrets, and API tokens.

11. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing, and to port data where applicable. You may file a complaint with a supervisory authority. To exercise rights, contact support@signalstrade.io. We may verify your request and may deny requests that risk others’ privacy, security, or our legal obligations.

12. Children

The Services are not directed to children under the age required by local law to enter into contracts (often 16–18). We do not knowingly collect children’s personal data for marketing. If you believe we have collected such data, contact us for deletion.

13. Regulatory & compliance note (data, not advice)

Certain regulators (including the SEC and other market authorities) impose recordkeeping, privacy, cybersecurity, or marketing rules on regulated persons. SignalsTrade’s processing of personal data is for platform operation. If you are subject to SEC or other rules (e.g., books and records, customer communications rules, Reg S-P analogs), you remain responsible for your own compliance program, approvals, disclosures, and retention policies for your regulated business. This policy does not create adviser–client or broker–customer relationships between you and SignalsTrade.

14. Changes

We may update this Privacy Policy from time to time. We will post the revised version and adjust the “Last updated” date. Material changes may be communicated through the product or email where appropriate.

15. Contact

Privacy inquiries: support@signalstrade.io (replace with a dedicated privacy inbox if you create one).