Privacy Policy

1. Data We Collect

1.1 Information You Provide

• Account information: Name, email address, and password when you create an account
• Payment information: Billing details processed through Stripe. We do not store your full credit card number on our servers; this is handled entirely by Stripe in accordance with PCI DSS standards
• MT5 account details: MT5 account number, server name, and connection credentials required to operate the bridge integration
• Support communications: Any information you provide when contacting our support team

1.2 Information Collected Automatically

• Usage data: Information about how you interact with the Service, including features used, strategies created, backtests run, and time spent on the platform
• Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL
• Cookies and similar technologies: See Section 7 for details on our cookie usage

1.3 Strategy and Trading Data

We store the trading strategies, configurations, backtest results, and related data that you create using the Service. This data is necessary to provide the Service and is treated as your User Content as described in our Terms of Service.

2. How We Use Your Data

We use your personal data for the following purposes:

• Providing the Service: Operating and maintaining your account, executing strategies, processing backtests, and delivering the features you subscribe to
• Processing payments: Managing subscriptions, processing charges through Stripe, and handling billing enquiries
• Improving the platform: Analysing usage patterns to identify bugs, improve performance, develop new features, and enhance user experience
• Communication: Sending service-related notifications (such as downtime alerts, security notices, and billing confirmations), responding to support requests, and with your consent, sending product updates and marketing communications
• Security and fraud prevention: Detecting and preventing unauthorised access, abuse, and fraudulent activity
• Legal compliance: Fulfilling our legal obligations and responding to lawful requests from authorities

3. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

• Performance of a contract (Article 6(1)(b)): Processing necessary to provide you with the Service under our Terms of Service, including account management, strategy execution, and payment processing
• Legitimate interests (Article 6(1)(f)): Processing necessary for our legitimate interests, including platform improvement, analytics, security monitoring, and fraud prevention, where such interests are not overridden by your rights and freedoms
• Consent (Article 6(1)(a)): Where you have given explicit consent, such as opting in to marketing communications or non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
• Legal obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations, such as tax and accounting requirements

4. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share your data only in the following limited circumstances:

• Stripe:Your payment information is shared with Stripe, our payment processor, for the purpose of processing subscription payments. Stripe's handling of your data is governed by their own privacy policy
• MT5 bridge: Your MT5 account credentials and trade instructions are transmitted to your MT5 broker through our bridge integration, solely for the purpose of executing your strategies
• Infrastructure providers: We use cloud hosting and infrastructure services to operate the platform. These providers process data on our behalf under data processing agreements that ensure adequate protection of your data
• Analytics providers: We use analytics tools to understand how users interact with the Service. Data shared with analytics providers is aggregated or pseudonymised where possible
• Legal requirements: We may disclose your data if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required or permitted by law. Specifically:

• Account data: Retained for the duration of your account and for up to 30 days after account deletion to allow for reactivation
• Payment records: Retained for up to 7 years after the last transaction, as required by UK tax and accounting regulations
• Usage and analytics data: Aggregated and anonymised usage data may be retained indefinitely for analytics purposes. Identifiable usage data is deleted within 24 months of collection
• Support communications: Retained for up to 3 years after the last interaction for quality assurance and legal purposes

6. Your Rights Under GDPR

Under the UK GDPR, you have the following rights in relation to your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data
• Right to erasure: You have the right to request that we delete your personal data, subject to certain legal exceptions (such as data retained for tax compliance)
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller
• Right to object: You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis, including objecting to direct marketing
• Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of your data
• Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time
• Right to lodge a complaint: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated. The ICO can be contacted at ico.org.uk

To exercise any of these rights, please contact us at support@rawedge.io. We will respond to your request within one month, as required by the UK GDPR. In certain circumstances, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it.

7. Cookies

We use cookies and similar technologies on the Service. Cookies are small text files placed on your device that help us provide and improve the Service.

7.1 Essential Cookies

These cookies are strictly necessary for the Service to function. They include session cookies for authentication, security tokens, and cookies that remember your preferences (such as theme selection). These cookies cannot be disabled without affecting the functionality of the Service.

7.2 Analytics Cookies

With your consent, we use analytics cookies to understand how visitors interact with the Service. These cookies collect information such as pages visited, time spent on pages, and navigation patterns. This data is used in aggregate to improve the Service and is not used to identify individual users.

7.3 Preference Cookies

These cookies remember your settings and preferences, such as language, display preferences, and feature configurations, to provide a more personalised experience.

You can manage your cookie preferences through your browser settings. Please note that disabling essential cookies may impair the functionality of the Service.

8. International Transfers

Your personal data may be transferred to and processed in countries outside the United Kingdom, including countries where our infrastructure providers and sub-processors are located. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Transfers to countries that the UK government has determined provide an adequate level of data protection
• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
• Other legally recognised transfer mechanisms that ensure your data receives equivalent protection

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/SSL
• Encryption of sensitive data at rest
• Regular security assessments and vulnerability testing
• Access controls limiting data access to authorised personnel only
• Secure coding practices and code review processes
• Incident response procedures for handling data breaches

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data but are committed to maintaining industry-standard protections.

10. Children's Privacy

The Service is intended for users who are at least 18 years of age. Trading in financial markets is an activity restricted to adults, and we do not knowingly collect personal data from anyone under the age of 18.

If we become aware that we have collected personal data from a person under 18, we will take steps to delete that data as soon as possible. If you believe that we may have collected data from a minor, please contact us immediately at support@rawedge.io.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email and/or by posting a notice on the Service at least 30 days before the changes take effect.

We encourage you to review this policy periodically. The "Last updated" date at the top of this page indicates when the policy was most recently revised.

12. Contact and Data Protection Officer

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed, please contact us:

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk if you are not satisfied with our response.