Privacy Policy

Last Updated: October 8, 2025

1. Information We Collect

We collect several types of information to provide and improve our Platform:

1.1 Personal Information You Provide

Information you directly provide when using our Platform:

Account Details: Name, email address, username, password
Profile Information: Trading experience level, account size preferences, trading goals, risk tolerance
Payment Information: Billing address (payment card details processed securely by third-party processors)
Communications: Support inquiries, feedback, survey responses, email correspondence
Onboarding Quiz Data: Responses to questions about trading experience, goals, and preferences

1.2 Trading Strategy Data

Custom strategy configurations and parameters
Backtesting settings and historical analysis requests
Risk management preferences and position sizing parameters
Preferred trading styles, timeframes, and instruments
Alert preferences and notification settings
Community-shared strategies (if you choose to share)

1.3 Automatically Collected Information

Usage Data: Features accessed, time spent on Platform, interaction patterns, click behavior
Device Information: IP address, browser type, operating system, device identifiers, screen resolution
Cookies & Tracking: Session data, preferences, analytics data (see Cookie Policy)
Performance Data: Platform performance metrics, error logs, crash reports
Location Data: Approximate geographic location based on IP address

1.4 Third-Party Integration Data

MT4/MT5 connection status and authorization tokens (encrypted)
Integration logs and error reports
We do NOT access your trading account credentials, balances, or transaction history

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Delivery

Provide and maintain Platform functionality
Generate AI-powered trade analysis and alerts based on your configured strategies
Process subscriptions and payments
Deliver customer support and respond to inquiries
Send transactional emails about your account and service

2.2 Service Improvement

Analyze usage patterns to enhance features and user experience
Develop and test new AI models and algorithms
Conduct research and statistical analysis
Optimize Platform performance and reliability
Personalize your experience based on preferences

2.3 Communications

Send transactional emails (account updates, password resets, billing notifications)
Provide customer support responses
Deliver marketing communications (with your consent)
Share educational content and trading insights
Send product updates and feature announcements

2.4 Legal & Safety

Comply with legal obligations and regulations
Enforce our Terms of Service
Protect against fraud, abuse, and security threats
Respond to legal requests and court orders
Protect our rights, property, and safety

3. Legal Basis for Processing (UK GDPR)

Contract Performance: To provide services you've subscribed to
Consent: For marketing communications and optional features (you can withdraw consent anytime)
Legitimate Interests: For service improvement, fraud prevention, security, and analytics
Legal Obligations: To comply with UK/EU laws and regulations

We process your personal data under the following legal bases:

4. Data Sharing and Disclosure

We do NOT sell your personal information to third parties.

We may share your data with:

4.1 Service Providers

Trusted third-party companies that help us operate the Platform:

Payment Processors: Stripe (for subscription billing)
Cloud Hosting: AWS, Vercel, or similar providers (for data storage and platform hosting)
Email Services: SendGrid, Mailgun, or similar (for transactional and marketing emails)
Analytics: Google Analytics, Mixpanel (anonymized usage data)
Customer Support: Intercom, Zendesk, or similar (for support tickets)

4.2 Legal Requirements

We may disclose data when required by law:

To comply with court orders, subpoenas, or legal processes
To respond to lawful requests from law enforcement or regulatory authorities
To protect our rights, property, or safety
To prevent fraud or security threats
In connection with business transactions (merger, acquisition, sale)

4.3 Anonymized Data

We may share aggregated, anonymized data that cannot identify you:

Platform usage statistics and performance metrics
Industry research and market analysis
Community insights and trends
Product development research

4.4 Community Sharing

If you choose to share strategies with the community:

Your username and shared strategy details become visible to other users
You control what you share—personal details are not automatically shared
You can delete shared content at any time

5. Data Security

Encryption in Transit: TLS/SSL encryption for all data transmission
Encryption at Rest: Database encryption for stored data
Secure Infrastructure: Cloud hosting with access controls and monitoring
Regular Security Audits: Periodic vulnerability assessments and penetration testing
Employee Training: Staff educated on data protection best practices
Two-Factor Authentication: Available for enhanced account security
Password Security: Passwords hashed using bcrypt or similar algorithms

We implement industry-standard security measures to protect your data:

6. Data Retention

Active Accounts: Data retained while your account remains active
Inactive Accounts: Data may be deleted after 24 months of inactivity (with advance notice)
Deleted Accounts: Most data deleted within 30 days of account deletion
Legal Obligations: Some data retained longer for compliance (e.g., payment records for 7 years)
Anonymized Data: May be retained indefinitely for research and analytics

We retain your personal data for as long as necessary:

7. Your Privacy Rights (UK GDPR)

Under UK GDPR, you have the following rights regarding your personal data:

7.1 Right to Access

Request a copy of all personal data we hold about you
Receive information about how we process your data
We respond within 30 days (may extend to 60 days for complex requests)

7.2 Right to Rectification

Correct inaccurate or incomplete personal data
Update your profile information at any time through account settings

7.3 Right to Erasure ('Right to be Forgotten')

Request deletion of your personal data
Subject to legal retention requirements (e.g., payment records)
Some anonymized data may remain for statistical purposes

7.4 Right to Restrict Processing

Limit how we process your data in certain circumstances
Data remains stored but not actively processed

7.5 Right to Data Portability

Receive your data in a structured, machine-readable format (JSON/CSV)
Transfer your data to another service provider

7.6 Right to Object

Object to processing based on legitimate interests
Opt-out of direct marketing at any time
Object to automated decision-making (if applicable)

7.7 Right to Withdraw Consent

Withdraw consent for marketing communications anytime
Unsubscribe from emails via link in footer
Adjust cookie preferences through our cookie banner

8. International Data Transfers

Data may be transferred to/from other countries for service provision
We ensure adequate protection through UK GDPR and EU GDPR compliance
Standard Contractual Clauses (SCCs) approved by UK ICO for international transfers
International Data Transfer Agreements with all processors outside UK/EEA
Encryption and security measures for all data in transit and at rest

Our primary servers are located in the United Kingdom/European Economic Area.

9. Cookies and Tracking Technologies

We use cookies and similar technologies. See our Cookie Policy (/cookies) for details.

9.1 Types of Cookies

Necessary Cookies: Essential for Platform functionality (cannot be disabled)
Analytics Cookies: Help us understand usage patterns (Google Analytics) - requires consent
Marketing Cookies: Track ad performance and deliver relevant ads - requires consent

9.2 Managing Cookies

Use our cookie banner to manage preferences
Adjust settings in your browser
Opt-out of analytics: https://tools.google.com/dlpage/gaoptout

10. Children's Privacy

Our Platform is NOT intended for users under 18 years old
We do not knowingly collect data from minors
If we discover data from a minor, we delete it promptly
Parents/guardians concerned about their child's data should contact us immediately

11. Marketing Communications

11.1 Types of Communications

Transactional Emails (cannot opt-out):

Account confirmations and password resets
Payment receipts and billing notices
Security alerts and account notifications
Service announcements and Terms updates

Marketing Emails (can opt-out):

Newsletter and trading education content
Product updates and new features
Educational articles and strategy insights
Special offers and promotions

11.2 Opting Out

Click 'Unsubscribe' link in any marketing email
Adjust email preferences in account settings
Email info@systemly.ai with opt-out request

12. Data Breach Notification

We will notify affected users within 72 hours of discovery
Notification will include details of compromised data
We will outline steps being taken to address the breach
We will recommend protective actions you should take
We will notify the ICO (Information Commissioner's Office) as required by law

In the unlikely event of a data breach affecting your personal data:

13. Third-Party Websites and Services

Our Platform may link to third-party websites (MT4/MT5, social media, etc.)
We are not responsible for the privacy practices of third parties
Third-party services have their own privacy policies
Review their policies before providing personal information
We do not control third-party data collection or use

14. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under CCPA:

Right to Know: What personal information we collect and how we use it
Right to Delete: Request deletion of your personal information
Right to Opt-Out: We do NOT sell personal information
Right to Non-Discrimination: We will not discriminate for exercising your rights

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices
Material changes will be communicated via email or Platform notification
Updated policy will show new 'Last Updated' date
Continued use after changes constitutes acceptance of updated policy
We encourage you to review this policy regularly

16. Your Choices and Controls

Account Settings: Update profile information and preferences
Email Preferences: Manage subscription to marketing emails
Cookie Settings: Control cookie preferences via banner
Data Export: Request copy of your data in portable format
Account Deletion: Delete your account through settings or by request
Third-Party Integrations: Disconnect MT4/MT5 integration anytime

You have control over your data and privacy:

17. Contact Us & Supervisory Authority

17.1 Contact Information

For privacy questions, data subject requests, or concerns:

Email: info@systemly.ai
Subject Line: 'Privacy Inquiry' or 'Data Subject Request'
Post: Data Protection, Good Market Trader LTD, 128 City Road, London, EC1V 2NX, United Kingdom
ICO Registration: [Your ICO Registration Number]

17.2 Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Helpline: 0303 123 1113
Live Chat: Available on ICO website
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

This Privacy Policy is effective as of October 8, 2025 and applies to all users of Systemly.ai. By using our Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal data as described herein. Good Market Trader LTD Company Registration Number: [Your Company Number] ICO Registration Number: [Your ICO Number] 128 City Road, London, EC1V 2NX, United Kingdom Last Updated: October 8, 2025