Privacy Policy

The data controller responsible for your personal data is YellowParadox, operating under its fintech division TradeQuantica.

For all data protection inquiries, including exercising your rights under GDPR, please contact us at:

[email protected]

We collect and process the following categories of personal data:

Data You Provide Directly

• Full name, as provided during account registration
• Email address, used for account management, communication, and signal delivery
• Payment information, processed securely by Stripe (we do not store full card numbers on our servers)
• Any information you provide in correspondence with us (support emails, contact form messages)

Data Collected Automatically

• IP address and approximate geolocation
• Browser type, version, and language preferences
• Pages visited, time spent on site, navigation patterns, and referral sources
• Cookie data and similar tracking technologies (see our Cookie Policy)
• Device type, operating system, and screen resolution

Under GDPR, we process your personal data based on the following legal grounds:

• Performance of Contract (Article 6(1)(b)): Processing necessary to provide you with the Service you have subscribed to, including account management, signal delivery, and payment processing.
• Consent (Article 6(1)(a)): Processing based on your explicit consent, such as marketing emails and newsletter subscriptions. You may withdraw consent at any time.
• Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security, provided these interests are not overridden by your data protection rights.
• Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements.

We process your personal data for the following purposes:

• Providing, maintaining, and improving the FX Signals AI service
• Processing payments and managing your subscription
• Communicating with you about your account, service updates, and support requests
• Analyzing usage patterns to improve the Service and user experience
• Protecting against fraud, unauthorized access, and other security threats
• Complying with legal obligations and resolving disputes

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: retained for the duration of your account and up to 30 days after account deletion to allow for account recovery
• Financial and transaction records: retained for a minimum of 7 years to comply with EU tax and accounting regulations
• Support correspondence: retained for up to 3 years after resolution to maintain service quality
• Analytics and usage data: retained in anonymized form for up to 26 months

When data is no longer required, it is securely deleted or anonymized in accordance with our data retention procedures.

We share your personal data with the following trusted third-party processors who act on our behalf:

• Stripe - Payment processing. Stripe processes your payment card information and transaction data. Stripe is PCI-DSS Level 1 certified. Privacy policy: https://stripe.com/privacy
• Brevo (Sendinblue) - Email communication and marketing. Used for transactional emails and, with your consent, marketing communications. Privacy policy: https://www.brevo.com/legal/privacypolicy/
• Vercel - Website hosting and content delivery. Privacy policy: https://vercel.com/legal/privacy-policy
• Google Analytics - Website analytics (if implemented). Used with anonymized data for understanding site usage. Privacy policy: https://policies.google.com/privacy

All third-party processors are contractually bound to process data only on our instructions and in compliance with GDPR. We ensure appropriate data processing agreements are in place with each processor.

Some of our third-party processors operate outside the European Economic Area (EEA). When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place.

These safeguards include: EU Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions by the European Commission, or the EU-US Data Privacy Framework where applicable.

You may request information about the specific safeguards applied to your data by contacting us at [email protected].

As a data subject under GDPR, you have the following rights regarding your personal data:

• Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of the data we hold about you.
• Right to Rectification (Article 16): You have the right to request correction of inaccurate personal data and completion of incomplete data.
• Right to Erasure (Article 17): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, subject to legal retention requirements.
• Right to Restriction (Article 18): You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data.
• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at [email protected]. We will verify your identity before processing your request.

We will respond to your request within one month of receipt. This period may be extended by two further months in cases of complex or numerous requests, in which case we will inform you of the extension within the initial one-month period.

If you believe that our processing of your personal data infringes GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

We encourage you to contact us first at [email protected] so we can attempt to resolve any concerns before you escalate to a supervisory authority.

We use cookies and similar technologies on our websites. For detailed information about the cookies we use, their purposes, and how to manage them, please refer to our Cookie Policy.

You can manage your cookie preferences through your browser settings or through our cookie consent mechanism on the website.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• TLS/SSL encryption for all data in transit
• Strict access controls limiting data access to authorized personnel only
• Regular security assessments and monitoring
• PCI-DSS compliant payment processing through Stripe (we never store full card details)

While we take reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your personal data.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children under 18.

If we become aware that we have collected personal data from a child under 18, we will take immediate steps to delete such data. If you believe we have inadvertently collected data from a minor, please contact us at [email protected].

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via email or a prominent notice on our website at least 30 days before taking effect.

We encourage you to review this Privacy Policy periodically. The "Last updated" date at the top indicates when the most recent changes were made.

For any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact our data protection team at:

[email protected]