Privacy Policy

GDPR Compliant Data Protection & Privacy Notice

Version: 2.0 | Last Updated:

This Privacy Policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679

1. Data Controller Information

Company: eTrades.ai

Registered Address: [Your Company Address]

Data Protection Officer: dpo@etrades.ai

EU Representative: [EU Representative Details]

ICO Registration Number: [Your ICO Number]

2. Legal Basis for Processing

We process your personal data under the following legal bases pursuant to GDPR Article 6:

Contract Performance (Article 6(1)(b))

Processing necessary to provide our PDF conversion services you've requested

Legitimate Interests (Article 6(1)(f))

Service improvement, fraud prevention, and security monitoring

Legal Obligations (Article 6(1)(c))

Compliance with financial regulations and anti-money laundering laws

Consent (Article 6(1)(a))

Marketing communications and optional analytics (where applicable)

3. Categories of Personal Data Collected

3.1 Data You Provide Directly

  • Account Information: Email address, name (if provided)
  • Financial Documents: PDF brokerage statements containing trading data
  • Payment Information: Processed via Stripe (we never access card details)
  • Communications: Support inquiries and feedback

3.2 Data Collected Automatically

  • Technical Data: IP address, browser type, device information
  • Usage Data: Pages visited, features used, conversion metrics
  • Session Data: Temporary identifiers for service continuity
  • Location Data: Country/region based on IP (not precise location)

3.3 Special Categories of Data

⚠️ Important: Financial trading data may reveal information about your economic situation. We process this data solely for service provision and delete it within 5 minutes of processing completion.

4. Third-Party Data Processors

We share data with the following processors, all bound by GDPR-compliant Data Processing Agreements:

Processor Purpose Data Shared Location
Stripe Payment processing Email, payment details EU/US (Privacy Shield)
OpenAI PDF data extraction Document content (deleted after processing) US (Standard Contractual Clauses)
Google Analytics Usage analytics Anonymized IP, usage patterns EU/US (Privacy Shield)
AWS Infrastructure hosting All service data (encrypted) EU (Frankfurt region)
Cloudflare DDoS protection, CDN IP address, request data Global (EU data centers)

5. Data Retention Periods

⏱️ 5-MINUTE DELETION GUARANTEE

All uploaded PDFs and extracted data are permanently deleted within 5 minutes of processing completion.

Data Type Retention Period Justification
Uploaded PDFs 5 minutes Service delivery only
Extracted Excel files 5 minutes Download availability
Session data 30 days Service continuity
Payment records 7 years Legal/tax requirements
Support tickets 2 years Service improvement

6. International Data Transfers

When we transfer data outside the EEA, we ensure appropriate safeguards:

  • EU-US Privacy Shield: For certified US companies
  • Standard Contractual Clauses (SCCs): EU Commission approved contracts
  • Adequacy Decisions: Countries deemed adequate by the EU Commission
  • Binding Corporate Rules: For intra-group transfers

You may request copies of these safeguards by contacting our DPO.

7. Your Rights Under GDPR

As an EU data subject, you have the following rights:

Right to Access (Article 15)

Request copies of your personal data

Right to Rectification (Article 16)

Correct inaccurate or incomplete data

Right to Erasure (Article 17)

"Right to be forgotten" - request deletion

Right to Restrict (Article 18)

Limit processing of your data

Right to Portability (Article 20)

Receive data in machine-readable format

Right to Object (Article 21)

Object to processing based on legitimate interests

Rights on Automated Decisions (Article 22)

Not be subject to solely automated decisions

Right to Withdraw Consent

Withdraw consent at any time

How to Exercise Your Rights:

Email: dpo@etrades.ai

Response time: Within 30 days (may extend to 60 days for complex requests)

You have the right to lodge a complaint with your supervisory authority.

8. Cookie Policy

We use the following types of cookies:

Essential Cookies (Always Active)

Required for basic site functionality and security

  • Session management
  • Security tokens
  • Load balancing

Analytics Cookies (Consent Required)

Help us understand site usage

  • Google Analytics (_ga, _gid) - 2 years
  • Conversion tracking - 90 days

Marketing Cookies (Consent Required)

Used for targeted advertising

  • Google Ads - 540 days
  • Facebook Pixel - 180 days

You can manage cookie preferences through our cookie banner or browser settings.

9. Data Security Measures

We implement state-of-the-art security measures:

Technical Measures

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Web Application Firewall (WAF)
  • DDoS protection
  • Regular penetration testing
  • Automated vulnerability scanning

Organizational Measures

  • Staff training on data protection
  • Access control and authentication
  • Regular security audits
  • Incident response procedures
  • Data minimization practices
  • Privacy by design implementation

10. Data Breach Notification

In the unlikely event of a data breach:

  • We will notify the relevant supervisory authority within 72 hours
  • If the breach poses high risk to your rights, we will notify you directly
  • We maintain detailed breach records as required by Article 33(5)
  • Our incident response team is available 24/7

11. Children's Privacy

Our service is not directed to individuals under 18. We do not knowingly collect data from children. If we become aware of such collection, we will delete the data immediately.

12. Automated Decision Making

We use AI for PDF processing which constitutes automated decision-making. However:

  • This processing is necessary for contract performance
  • You can request human review of extracted data
  • We provide transparency about our AI processing methods
  • You can object to fully automated processing

13. Updates to This Policy

We may update this policy to reflect changes in law or our practices. Material changes will be notified via:

  • Email notification to registered users
  • Prominent website notice for 30 days
  • Requiring acknowledgment for continued service use

14. Contact Information & Complaints

Data Protection Inquiries

Data Protection Officer: dpo@etrades.ai

Privacy Team: privacy@etrades.ai

Phone: [Your Phone Number]

Address: [Your Full Address]

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:

EU Citizens: Your national data protection authority

UK Citizens: Information Commissioner's Office (ICO)

← Back to Home View Terms of Service →