Legal Documentation

Privacy Policy

Version 2.4Last Updated: December 20, 2024

At AlgoStack (operated by AlgoFintech Inc.), we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share your personal information when you use our white-label algorithmic trading platform and related services. By using our services, you agree to the terms outlined in this policy.

1. Introduction and Scope

This Privacy Policy applies to the AlgoStack platform (www.algostack.com and all subdomains), agency partner dashboards, client-facing portals, mobile applications, APIs, and all related services.

We collect personal information from:

  • Agency partners (businesses using our white-label platform)
  • End clients (individuals trading through agency partners)
  • Website visitors, job applicants, and vendors

Important Note for White-Label Partners

When you use AlgoStack's white-label platform under your own brand, you are the data controller for your clients' information. AlgoStack acts as a data processor. You are responsible for providing your own privacy policy to your clients and obtaining necessary consents.

AlgoStack is a service provided by AlgoFintech Inc., a Delaware corporation.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email, phone, business info, encrypted passwords, payment details, and tax IDs.
  • Profile & Preferences: Settings, algorithm selections, risk parameters, and notification preferences.
  • Trading Connections: Encrypted API keys, broker identifiers, and OAuth tokens. Note: We do NOT store broker passwords.

2.2 Information Collected Automatically

  • Usage Data: Features used, time spent, click patterns, and navigation paths.
  • Device Data: IP address, browser type, OS, device identifiers, and ISP.
  • Trading Activity: Execution records, strategy status, performance metrics, and system logs.

2.3 Information from Third Parties

  • Integrated Platforms: Account balances and trade confirmations from NinjaTrader, MT5, Schwab, etc.
  • Payment Processors: Transaction status and billing validation.
  • Data Enrichment: Business verification and fraud prevention data.

3. How We Use Your Information

Core Services

  • Execute algorithmic trading strategies
  • Connect to integrated broker platforms
  • Monitor algorithm performance and system health

Operations & Security

  • Process payments and calculate commissions
  • Detect and prevent fraudulent activity
  • Comply with legal and regulatory obligations

Legal Basis (GDPR): We process data based on Contractual Necessity, Legitimate Interests, Legal Obligation, and Consent.

4. How We Share Your Information

We do not sell your personal information. We share data only in these circumstances:

Service Providers

AWS/Google Cloud (Hosting), Stripe (Payments), SendGrid (Email), Zendesk (Support), Cloudflare (Security). Vendors are contractually obligated to protect data.

Trading Integrations

NinjaTrader, MT5, Charles Schwab, HyperLiquid. Shared only as required for trade execution. Login credentials are never shared.

Agency Partners

If you are an end client of a white-label partner, your data is shared with that agency. They act as your data controller.

Legal Requirements

We disclose info if required by law, court orders, subpoenas, or to investigate fraud and protect safety.

5. Data Security

Encryption

  • TLS 1.3 for Data in Transit
  • AES-256 for Data at Rest
  • End-to-End API Encryption

Access Control

  • Multi-Factor Authentication (MFA)
  • Role-Based Access (RBAC)
  • Regular Security Audits

Compliance

  • Annual SOC 2 Type II Audits
  • Regular Penetration Testing
  • 24/7 Threat Monitoring
Breach Response: In the event of a breach, we will investigate immediately and notify affected individuals within 72 hours as required by GDPR.

6. Your Privacy Rights

GDPR (EEA, UK, Switzerland)

Right to AccessRequest a copy of personal data we hold.
Right to RectificationCorrect inaccurate personal data.
Right to Erasure“Right to be Forgotten” – delete your data.
Right to ObjectObject to processing (including marketing).

How to Exercise Your Rights

You can manage most settings in your account dashboard. For formal requests:

Email privacy@algostack.comWrite to: AlgoFintech Inc, [Address]

We verify identity before processing. Response times: 30 days (GDPR) or 45 days (CCPA).

7. Data Retention

Data CategoryRetention Period
Active AccountsDuration of account
Trading ActivityActive + 7 Years
Payment Records7 Years
Closed AccountsDeleted within 90 days*

*Backup copies are overwritten during normal cycles (30-90 days). Legal holds override standard retention.

8. Cookies and Tracking

We use cookies to provide, maintain, and improve our services. You can manage preferences via the Cookie Banner or your browser.

  • NecessaryRequired for security, login, and fraud prevention. Cannot be disabled.
  • FunctionalRemember preferences like language and theme.
  • AnalyticsHelp us understand usage (Google Analytics, Mixpanel).
We honor “Do Not Track” signals for non-essential cookies.

9. International Data Transfers

AlgoStack operates globally. Your data may be processed in the US, EU, or APAC. For transfers from EEA/UK to countries without adequacy decisions, we rely on:

  • Standard Contractual Clauses (SCCs)
  • UK International Data Transfer Agreements (IDTA)
  • Technical safeguards including encryption

10. Children's Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children. If discovered, we delete such data immediately. Contact us if you believe a child has provided us with information.

11. Third-Party Services

We link to third-party services (brokers, payment processors). We are not responsible for their privacy practices. Review their policies before connecting your accounts.

12. California Privacy Rights (CCPA/CPRA)

Residents of California have specific rights:

  • Right to Know: Categories collected/shared.
  • Right to Delete: Request deletion.
  • Right to Correct: Fix inaccuracies.

Sale of Data: We do NOT sell personal information as defined by CCPA.

Shine the Light: We do not share data for third-party direct marketing.

13. Changes to This Policy

We may update this policy. Material changes will be notified via email (30 days prior) or prominent website notice. Continued use implies acceptance.

14. Contact Us

Privacy Team

privacy@algostack.com

For rights requests and data concerns.

Mailing Address

AlgoFintech Inc.
Attn: Privacy Team
[Street Address]
[City, State ZIP]

Regulatory Authorities:

EU Users: Contact your local Data Protection Authority.

UK Users: Information Commissioner's Office (ICO).

Automated Decision Making & DPIAs

We use automated systems for fraud detection and security. We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing. Contact us for details.