Legal
Privacy Policy
Last updated: 26 May 2026 · Effective: 26 May 2026
Good Market Trader LTD ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Systemly.ai (the "Platform"). Please read it carefully. If you do not agree with its terms, please discontinue use of the Platform.
1. Information We Collect
We collect several types of information to provide and improve the Platform.
1.1 Personal Information You Provide
- Account Details: name, email address, username, and password
- Profile Information: trading experience level, account size preferences, trading goals, and risk tolerance
- Payment Information: billing address (payment card details are processed directly and securely by our third-party payment processor — we do not store card numbers)
- Communications: support enquiries, feedback, survey responses, and email correspondence
- Onboarding and Quiz Data: responses to our onboarding questionnaire, including trading experience, goals, risk tolerance, and instrument preferences. These responses are stored in our database (Supabase) and used to personalise your experience and, where you have consented, to send relevant educational communications via ActiveCampaign.
1.2 Trading Strategy Data
- Custom strategy configurations and parameters
- Backtesting settings and historical analysis requests
- Risk management preferences and position sizing parameters
- Preferred trading styles, timeframes, and instruments
- Alert preferences and notification settings
- Community-shared strategies (only if you choose to share them)
1.3 Automatically Collected Information
- Usage Data: features accessed, time spent on the Platform, interaction patterns, and click behaviour
- Device Information: IP address, browser type, operating system, device identifiers, and screen resolution
- Cookies & Tracking Technologies: session data, preferences, and analytics data (see Section 9 and our Cookie Policy)
- Performance Data: platform performance metrics, error logs, and crash reports
- Approximate Location: derived from IP address only
1.4 Third-Party Integration Data
- MT5 connection status and authorisation tokens (encrypted at rest and in transit)
- Integration logs and error reports
- WhatsApp notification delivery status (processed via Twilio — we do not store your WhatsApp message content beyond delivery confirmation)
- We do not access your trading account credentials, balances, or transaction history
2. How We Use Your Information
2.1 Service Delivery
- Provide and maintain Platform functionality
- Generate AI-powered trade analysis and alerts based on your configured strategies
- Process subscriptions and payments
- Deliver customer support and respond to enquiries
- Send transactional communications about your account and service
2.2 Service Improvement
- Analyse usage patterns to enhance features and user experience
- Develop and test new AI models and algorithms
- Conduct research and statistical analysis
- Optimise Platform performance and reliability
- Personalise your experience based on stated preferences
2.3 Communications
- Transactional emails: account updates, password resets, and billing notifications
- Customer support responses
- Marketing communications, including newsletters and product updates (only with your consent)
- Educational content and trading insights (only with your consent)
2.4 Legal & Safety
- Comply with applicable legal obligations and regulations
- Enforce our Terms of Service
- Detect and prevent fraud, abuse, and security threats
- Respond to lawful requests from courts or regulatory authorities
- Protect our rights, property, and the safety of our users
3. Legal Basis for Processing (UK GDPR)
We process personal data only where we have a lawful basis to do so. The bases we rely on are:
- Contractual Necessity: to perform services you have subscribed to
- Consent: for marketing communications and optional features — you may withdraw consent at any time without detriment
- Legitimate Interests: for service improvement, fraud prevention, security, and anonymised analytics, where those interests are not overridden by your rights
- Legal Obligation: to comply with UK and applicable international law
4. Data Sharing and Disclosure
4.1 Service Providers
We share data with trusted third-party service providers who assist us in operating the Platform. Named processors include:
- Payment Processing: Stripe (subscription billing and payment handling — card data is processed directly by Stripe and never stored by us)
- Cloud Hosting and Database: Vercel (platform hosting and edge delivery); Supabase (database storage, including quiz responses and user account data)
- Email Marketing and CRM: ActiveCampaign (transactional and marketing email delivery, quiz automation, and contact management)
- Notifications: Twilio (WhatsApp alert delivery)
- Analytics: Google Analytics GA4 (traffic and conversion analysis); Mixpanel (product event analytics); Microsoft Clarity (session recordings and heatmaps — anonymised)
- Advertising: Meta Platforms Inc. (Facebook and Instagram ad attribution via pixel); TikTok (ad attribution via pixel)
- Customer Support Tooling: any third-party helpdesk tool we deploy will be notified to you via an update to this policy
All service providers are bound by data processing agreements that restrict their use of your data to the purposes for which it was shared.
4.2 Legal Requirements
- To comply with court orders, subpoenas, or other legal processes
- To respond to lawful requests from law enforcement or regulatory authorities
- To protect our rights, property, or the safety of our users
- To prevent or investigate fraud or security incidents
- In connection with a business transaction such as a merger, acquisition, or sale of assets (subject to appropriate confidentiality obligations)
4.3 Anonymised and Aggregated Data
We may share aggregated, anonymised data that cannot identify any individual. This may include platform usage statistics, industry research, and product development insights.
4.4 Community-Shared Content
If you choose to share strategies with the community, your username and shared strategy details will be visible to other users. Personal details are not automatically shared. You may delete shared content at any time.
5. Data Security
We implement industry-standard technical and organisational measures to protect your data, including:
- Encryption in Transit: TLS/SSL encryption for all data transmission
- Encryption at Rest: database-level encryption for stored data
- Access Controls: role-based access controls and multi-factor authentication for internal systems
- Security Monitoring: continuous logging, anomaly detection, and periodic vulnerability assessments
- Password Security: passwords hashed using bcrypt or equivalent algorithms — we never store plaintext passwords
- Two-Factor Authentication: available to users for enhanced account security
No method of electronic transmission or storage is completely secure. While we take all reasonable steps to protect your data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us promptly if you suspect unauthorised access.
6. Data Retention
- Active Accounts: data retained for as long as your account remains active
- Inactive Accounts: accounts inactive for more than 24 months may be deleted following advance notice to you
- Deleted Accounts: personal data deleted within 30 days of account deletion, except where retention is required by law
- Financial Records: billing and payment records retained for 7 years in compliance with UK tax and accounting obligations
- Anonymised Data: may be retained indefinitely for research, analytics, and service improvement
7. Your Rights Under UK GDPR
You have the following rights in relation to your personal data. To exercise any of these rights, email us at info@systemly.ai with “Data Subject Request” in the subject line. We will verify your identity and respond within 30 days (extendable to 60 days for complex requests). No fee is charged unless a request is manifestly unfounded or excessive.
These rights apply under UK GDPR (for UK residents) and EU GDPR (for EEA residents). California residents have additional rights under the CCPA/CPRA — see Section 16.
7.1 Right of Access
- Request a copy of all personal data we hold about you
- Receive information about how and why we process it
7.2 Right to Rectification
- Request correction of inaccurate or incomplete personal data
- Update your profile information directly through account settings
7.3 Right to Erasure
- Request deletion of your personal data
- Subject to any legal retention obligations (e.g. financial records)
- Anonymised data derived from your data may be retained for statistical purposes
7.4 Right to Restrict Processing
- Ask us to limit how we process your data in certain circumstances
- Data will be retained but not actively processed during any restriction period
7.5 Right to Data Portability
- Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV)
- Request direct transfer of your data to another controller where technically feasible
7.6 Right to Object
- Object to processing based on our legitimate interests
- Opt out of direct marketing at any time, without giving a reason
7.7 Right to Withdraw Consent
- Withdraw consent for marketing communications at any time via the unsubscribe link in any email or by emailing us
- Adjust cookie preferences at any time through our cookie banner
- Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal
You also have the right to lodge a complaint with the relevant supervisory authority. For UK residents, this is the Information Commissioner’s Office (ICO) — ico.org.uk — 0303 123 1113. For EEA residents, this is the data protection authority in your country of residence. We would, however, appreciate the opportunity to address your concerns before you contact a supervisory authority.
8. International Data Transfers
Our primary platform infrastructure is hosted via Vercel (with edge nodes in the UK, EEA, and United States). We also use US-based service providers including Stripe, ActiveCampaign, Twilio, Google, Meta, and TikTok. Where we transfer personal data outside the UK or EEA, we ensure an adequate level of protection is in place through:
- UK International Data Transfer Agreements (IDTAs) for transfers to countries not covered by an adequacy decision
- EU Standard Contractual Clauses (SCCs) where applicable
- Adequacy decisions recognised under UK GDPR or EU GDPR
- Encryption and security measures for all data in transit and at rest
- Data processing agreements with all named processors requiring them to maintain appropriate security standards
We accept users from the United Kingdom, the European Economic Area, and the United States. We comply with UK GDPR, EU GDPR, and — for California residents — the CCPA/CPRA (see Section 16). We do not represent that the Platform is appropriate for jurisdictions where its use is prohibited by local law.
9. Cookies and Tracking Technologies
We use cookies and similar technologies. For full details, please see our Cookie Policy. In summary:
9.1 Types of Cookies We Use
- Strictly Necessary: essential for core Platform functionality and security — these cannot be disabled
- Analytics: help us understand how users interact with the Platform (e.g. Google Analytics) — requires your consent
- Marketing: used to deliver relevant advertising and measure campaign performance — requires your consent
9.2 Managing Cookies
- Use our cookie consent banner to set your preferences when you first visit the Platform
- Adjust or withdraw consent at any time via the cookie settings link in the footer
- Configure or block cookies through your browser settings — note that disabling necessary cookies may affect Platform functionality
10. Children's Privacy
The Platform is intended solely for users aged 18 and over. We do not knowingly collect personal data from individuals under 18. If we become aware that we have collected data from a minor, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data should contact us immediately at info@systemly.ai.
11. Marketing Communications
11.1 Transactional Emails (cannot be opted out of)
- Account confirmations and password reset emails
- Payment receipts and billing notices
- Security alerts and account notifications
- Material changes to these legal terms
11.2 Marketing Emails (opt-in, can be opted out of)
- Newsletters and trading education content
- Product updates and new feature announcements
- Educational articles and strategy insights
- Promotional offers
11.3 How to Opt Out of Marketing
- Click the 'Unsubscribe' link in any marketing email
- Adjust email preferences in your account settings
- Email info@systemly.ai with an opt-out request
Opting out of marketing emails does not affect transactional communications.
12. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms:
- We will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware of the breach
- Notification will describe the nature of the breach and the categories of data affected
- We will outline the steps being taken to contain and remediate the breach
- We will recommend protective actions you should take
- We will notify the relevant supervisory authority as required by applicable law — for UK users this is the ICO; for EEA users this is the lead supervisory authority under the EU GDPR one-stop-shop mechanism
13. Third-Party Websites and Services
The Platform may contain links to third-party websites or integrate with third-party services (such as MT5 platforms or social media). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing personal information.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Where changes are material, we will notify you by email or via a prominent notice on the Platform prior to the change taking effect. The updated policy will display a revised "Last Updated" date. Continued use of the Platform after that date constitutes acceptance of the revised policy. We encourage you to review this page periodically.
15. Contact Us
For privacy enquiries, data subject requests, or concerns about how we handle your data, please contact us:
- Email: info@systemly.ai (subject line: 'Privacy Inquiry' or 'Data Subject Request')
- Post: Data Protection, Good Market Trader LTD, 128 City Road, London, EC1V 2NX, United Kingdom
We aim to respond to general enquiries within 5 business days and formal data subject requests within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.
16. Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you the following additional rights in relation to your personal information:
- Right to Know: request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it
- Right to Delete: request deletion of your personal information, subject to certain exceptions (e.g. completing a transaction, legal obligations)
- Right to Correct: request correction of inaccurate personal information we hold about you
- Right to Opt Out of Sale or Sharing: we do not sell your personal information, nor do we share it for cross-context behavioural advertising in a way that constitutes a 'sale' under the CCPA. You may still contact us to confirm this
- Right to Limit Use of Sensitive Personal Information: we do not use or disclose sensitive personal information beyond the purposes permitted by the CPRA
- Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights
To exercise any of these rights, email us at info@systemly.ai with “California Privacy Request” in the subject line. We will respond within 45 days as required by the CCPA/CPRA. You may designate an authorised agent to submit a request on your behalf.
For the purposes of the CCPA, we are a "business" that collects personal information from California consumers. The categories of personal information we collect are described in Section 1. We do not knowingly sell personal information of minors under 16 years of age.
Good Market Trader LTD
Company Registration Number: 16249980
128 City Road, London, EC1V 2NX, United Kingdom
This Privacy Policy is effective as of 26 May 2026 and applies to all users of Systemly.ai. For questions, please visit our Cookie Policy or our Terms of Service.