1. Who We Are

Vektor ("we", "us", "our") operates the trading research platform at tradevektor.com. For questions about this policy, contact us at privacy@tradevektor.com.

2. What Data We Collect

Account Data

When you register, we collect:

• Username and email address
• Hashed password (we never store plaintext passwords)
• Account creation date and login history
• Subscription tier and billing status
• Risk disclaimer acceptance timestamp and version
• Email verification status

Usage Data

When you use the platform, we collect:

• Trading signal interactions and audit trail views
• Custom symbol preferences and risk parameter overrides (Pro users)
• Dashboard feature usage patterns
• IP address and approximate location (for rate limiting and security)
• Browser type and device information (standard server logs)

Trading Data

The platform generates and stores:

• Simulated paper trade records (open price, close price, PnL, strategy reasoning)
• Signal scan history and AI reasoning logs
• Portfolio performance metrics and equity curves

For paper trading accounts, no real financial transactions occur. For live trading (where enabled), Vektor accesses your exchange via API keys you provide — we do not custody or hold your funds.

Exchange API Keys

If you provide exchange API keys for live trading, these are stored encrypted at rest. We use them solely to execute trades on your behalf as directed by the platform. We never withdraw funds, only place and close orders per the bot's strategy.

Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers or payment details. We receive only subscription status, customer ID, and billing confirmation from Stripe. See Stripe's Privacy Policy for details on how they handle payment data.

3. How We Use Your Data

• To provide the Service — account authentication, dashboard access, trade execution, signal generation
• To communicate with you — account verification emails, trial expiry notices, important service updates
• To improve the Service — aggregate, anonymised usage analytics to understand how features are used
• For security — fraud detection, rate limiting, account protection, abuse prevention
• Legal compliance — to meet our obligations under applicable law

We do not use your data for advertising. We do not serve ads. We do not allow advertisers to target you based on your use of Vektor.

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal bases for processing your data are:

• Contract performance — to provide the Service you signed up for
• Legitimate interests — to operate and improve the platform securely
• Legal obligation — to comply with applicable law
• Consent — for optional communications (you can withdraw consent at any time)

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

• Stripe — for payment processing
• Resend — for transactional email delivery (verification, trial notices)
• Your connected exchanges — API calls made on your behalf when live trading is enabled
• Law enforcement — only when legally required by valid legal process

6. Data Retention

• Active account data is retained for the lifetime of your account
• After account deactivation or deletion, we retain data for up to 30 days before permanent deletion
• Aggregated, anonymised analytics data may be retained indefinitely
• Backup copies may persist for up to 90 days after deletion requests are processed

7. Security

We implement industry-standard security measures including:

• HTTPS/TLS encryption for all data in transit
• Bcrypt hashing for all passwords
• Encrypted storage for exchange API keys
• JWT token-based authentication with short expiry windows
• Rate limiting on all authentication endpoints
• Regular security audits and dependency updates

No system is completely secure. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

8. Your Rights

Depending on your location, you may have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your data in a portable format
• Objection — object to certain types of processing
• Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at privacy@tradevektor.com. We will respond within 30 days. You may also delete your account directly from your account settings, which initiates the data deletion process.

9. Cookies

Vektor uses minimal cookies and browser storage:

• Session storage — authentication tokens (cleared when you close the browser tab)
• Local storage — UI preferences such as last active tab (no personal data)

We do not use third-party tracking cookies, advertising cookies, or analytics cookies that send data to third parties.

10. Children

The Service is not directed at persons under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. International Transfers

Your data may be processed on servers located in the European Union (our primary server location). Any transfers to third-party processors outside the EEA are covered by appropriate safeguards (such as Standard Contractual Clauses where applicable).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or to exercise your rights:

• Email: privacy@tradevektor.com
• For general support: support@tradevektor.com