Privacy Policy

This Privacy Policy explains how Vantix Wealth Labs B.V. ("VantageGrid", "we", "us", or "our") collects, uses, stores, and protects personal data when you use VantageGrid.pro, our applications, dashboards, integrations, APIs, and related services (the "Service").

1. Controller and Contact

For GDPR purposes, Vantix Wealth Labs B.V., Netherlands, is the controller of personal data processed through the Service unless we state otherwise. You can contact us at privacy@vantagegrid.pro.

• Registered office: Netherlands. Full registered address pending publication in production configuration.
• Chamber of Commerce number: pending production configuration.
• VAT ID: pending production configuration.
• Support email: support@vantagegrid.pro.

2. Personal Data We Collect

Account Data

• Name, email address, password hash, account settings, subscription tier, legal acceptance timestamps, accepted legal document versions, and authentication metadata.
• Optional profile information such as public username, avatar, biography, and leaderboard preferences.

Trading and Journal Data

• Imported or manually entered trades, instruments, direction, quantities, prices, commissions, timestamps, tags, screenshots, notes, playbooks, and journal entries.
• Performance metrics generated from your data, including PnL, drawdown, expectancy, risk metrics, tax estimates, and coaching insights.

Integration and Security Data

• API keys, webhook identifiers, broker connection metadata, platform names, sync status, and integration logs.
• If you connect supported broker or exchange integrations, credentials or tokens may be stored in encrypted form and used only to provide the requested integration.

Billing Data

• Stripe customer ID, subscription status, plan, invoices, payment events, and billing portal activity.
• We do not store full card numbers. Stripe processes payment card details.

Usage and Device Data

• IP address, browser type, pages visited, timestamps, session identifiers, event logs, error logs, rate-limit data, and security telemetry.

3. How We Use Personal Data

1. To create and manage your account.
2. To provide journaling, analytics, dashboards, imports, exports, integrations, AI coaching, and alerts.
3. To calculate metrics such as win rate, PnL, expectancy, Kelly Criterion, Risk-of-Ruin, drawdown, and tax estimates.
4. To process subscriptions and payments through Stripe.
5. To secure the Service, prevent abuse, enforce rate limits, investigate incidents, and protect users.
6. To respond to support requests, legal requests, and data-rights requests.
7. To improve the Service using aggregated, de-identified, or anonymized analytics where possible.

4. GDPR Legal Bases

1. Contract: processing needed to provide the Service, account access, support, subscriptions, and requested integrations.
2. Legitimate interests: platform security, fraud prevention, product improvement, service reliability, and abuse detection.
3. Consent: optional communications, optional public profile or leaderboard features, and any processing where consent is legally required.
4. Legal obligation: tax, accounting, compliance, dispute, and regulatory recordkeeping where applicable.

5. AI Processing and Data Accuracy

1. AI features may process trade summaries, journal notes, performance statistics, and relevant context to generate coaching responses and educational insights.
2. AI outputs may be inaccurate, incomplete, or based on historical data. They do not provide financial advice and do not guarantee future results.
3. Where practical, we limit the data sent to AI providers to what is needed for the requested feature.

6. API Keys, Broker Credentials, and Encryption

1. API keys, broker credentials, and integration secrets are treated as sensitive data.
2. Where stored, these secrets are protected using encryption and access controls designed to prevent unauthorized access.
3. You should revoke and rotate keys immediately if you suspect compromise.
4. We will never ask you for passwords or secrets outside the secure product flows intended for that integration.

7. Sharing and Processors

We do not sell your personal data or trade data. We may share data with service providers only as needed to operate VantageGrid, including:

• Stripe for billing, checkout, invoices, and subscription management.
• AI API providers for optional AI coaching and insight generation.
• Email providers for account, security, support, and billing messages.
• Hosting, database, logging, security, and infrastructure providers.
• Professional advisers, authorities, or courts where required by law or necessary to protect rights.

8. International Transfers

Some processors may operate outside the European Economic Area. Where required, we use appropriate safeguards such as Standard Contractual Clauses, data processing agreements, adequacy decisions, or equivalent transfer mechanisms.

9. Cookies and Similar Technologies

1. We use essential cookies for authentication, session security, CSRF protection, and account access.
2. We use functional cookies only after you accept them to remember preferences such as theme settings, dashboard layout, and product configuration.
3. We use first-party analytics identifiers only after you accept analytics cookies. Functional and analytics cookies can be accepted or rejected independently through Cookie settings, and you can keep using essential product features either way.
4. We do not use advertising cookies to sell or broker your trading data.

10. Retention

1. Account and trade data are retained while your account is active.
2. After account deletion, we aim to delete or anonymize personal data within 30 days unless longer retention is required for legal, accounting, security, backup, dispute, or fraud-prevention purposes.
3. Aggregated or anonymized analytics may be retained indefinitely where they no longer identify you.

11. Security

1. We use technical and organizational measures designed to protect personal data, including HTTPS/TLS, password hashing, encryption for sensitive secrets, access controls, logging, rate limiting, and security monitoring.
2. No online service can guarantee absolute security. You are responsible for strong passwords, device security, and protecting your account credentials.
3. If we identify a personal data breach requiring notice, we will notify affected users and regulators as required by applicable law.

12. Your GDPR Rights

Subject to legal conditions and limitations, you may have the right to:

• Access your personal data.
• Correct inaccurate or incomplete personal data.
• Request deletion of personal data.
• Restrict or object to processing.
• Receive a portable copy of certain data.
• Withdraw consent where processing is based on consent.
• Complain to a supervisory authority, including the Dutch Autoriteit Persoonsgegevens.

To exercise these rights, contact privacy@vantagegrid.pro. We may need to verify your identity before completing a request.

13. Public Features

If you opt into public profiles, leaderboard visibility, shared links, or similar public features, selected information may become visible to other users or the public. You can disable optional public features where available in your account settings.

14. Children

The Service is not intended for persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us so we can review and delete the account where appropriate.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email, in-app notice, or a prominent website notice where appropriate. Continued use of the Service after the effective date means the updated policy applies.

16. Contact

For privacy questions or data requests, contact privacy@vantagegrid.pro. For general support, contact support@vantagegrid.pro. Business customers can review our Data Processing Agreement template.