Privacy Policy

2. Information We Collect

Information You Provide

We collect information you voluntarily provide when you register, verify your identity, or use our Services:

Account Registration:

Name, email address, and phone number
Username and password
Country of residence

Identity Verification (KYC):

Government-issued identification documents
Proof of address documents
Photographs or selfies for identity verification
Date of birth and nationality

Financial Information:

Payment method details (processed by secure payment processors)
Exchange API credentials (encrypted and stored securely)
Tax identification information for revenue sharing participants

Profile and Content:

Profile picture and biography
Trading strategies and their descriptions
Reviews, ratings, and feedback you provide
Communications with our support team

Information Collected Automatically

When you use our Services, we automatically collect:

Device and Technical Information:

IP address and approximate geographic location
Browser type, version, and language preferences
Operating system and device type
Unique device identifiers
Screen resolution and timezone

Usage Information:

Pages visited and features used
Time spent on different sections of the platform
Clickstream data and navigation patterns
Search queries within the platform
Error logs and performance data

Trading Activity:

Strategy configurations and parameters
Backtest requests and results
Trade execution history and performance metrics
Subscription and strategy marketplace activity

Information from Third Parties

Identity Verification Providers: Verification results and risk scores
Payment Processors: Transaction confirmations and payment status
Connected Exchanges: Account balance and trading data (via API with your permission)
Analytics Partners: Aggregated usage insights

3. How We Use Your Information

We use your information for the following purposes:

Providing Our Services

Creating and managing your account
Executing automated trading strategies on your behalf
Processing subscriptions and marketplace transactions
Facilitating communication between strategy creators and subscribers
Providing customer support and responding to inquiries

Improving Our Services

Analyzing usage patterns to enhance user experience
Developing new features and functionality
Conducting research and analytics
Testing and debugging the platform

Security and Compliance

Verifying your identity and preventing fraud
Monitoring for suspicious or malicious activity
Enforcing our Terms of Service and policies
Complying with legal obligations and regulatory requirements
Responding to lawful requests from authorities

Communications

Sending transactional emails (account updates, trade notifications)
Providing security alerts and important service announcements
Sending marketing communications (with your consent, where required)
Responding to your support requests and feedback

4. Legal Basis for Processing

Under applicable data protection laws, we process your personal information based on the following legal grounds:

Contract Performance: Processing necessary to provide the Services you have requested (e.g., executing trades, managing your account)
Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, analytics, and service improvement, balanced against your privacy rights
Legal Compliance: Processing necessary to comply with applicable laws, regulations, or legal processes (e.g., KYC/AML requirements, tax reporting)
Consent: Processing based on your explicit consent, where required (e.g., marketing communications, certain cookies)

5. Information Sharing and Disclosure

OUR COMMITMENT

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your information as described in this policy.

Service Providers

We share information with trusted third-party service providers who assist in operating our business:

Cloud hosting and infrastructure providers (Google Cloud Platform, AWS)
Payment processors (Stripe, PayPal)
Identity verification services
Email and communication services
Analytics and monitoring tools
Customer support platforms

These providers are contractually obligated to protect your information and use it only for the services they provide to us.

Connected Exchanges

When you connect your exchange accounts via API, we interact with those exchanges to execute trades on your behalf. We share only the information necessary for trading operations. Each exchange has its own privacy policy governing data they collect.

Legal Requirements

We may disclose your information when required by law or in response to:

Valid legal processes (subpoenas, court orders, search warrants)
Requests from government agencies or law enforcement
Regulatory investigations or examinations
Protection of our legal rights, safety, or property
Prevention of fraud or other illegal activities

Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of the transaction. You will be notified of any such change and your choices regarding your information.

Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified information that cannot reasonably be used to identify you. This includes platform statistics, market trends, and research insights.

6. Cookies and Tracking Technologies

What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies (local storage, pixels, beacons) to enhance your experience and gather information about usage.

Types of Cookies We Use

Essential Cookies:

Authentication and session management
Security features (CSRF protection)
Load balancing and performance

Functional Cookies:

Remembering your preferences and settings
Language and display preferences
Recently viewed items

Analytics Cookies:

Google Analytics for traffic analysis
Feature usage tracking
Error monitoring and diagnostics

Marketing Cookies:

Conversion tracking for advertising campaigns
Remarketing and targeted advertising

Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to:

View and delete existing cookies
Block all cookies or third-party cookies
Set preferences for specific websites

Note that disabling essential cookies may affect platform functionality.

7. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods

Account Data: Retained for the duration of your account, plus 2 years after deletion request
Trading History: Retained for 7 years for regulatory and tax compliance
KYC Documentation: Retained for 5 years after account closure (AML requirements)
Support Communications: Retained for 3 years
Server Logs: Retained for 90 days
Analytics Data: Aggregated and retained indefinitely; individual data retained for 26 months

When retention periods expire or you request deletion, we will securely delete or anonymize your information, except where retention is required by law.

8. Data Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

TLS/SSL encryption for all data in transit
AES-256 encryption for sensitive data at rest
Encrypted storage of exchange API credentials
Multi-factor authentication options for user accounts
Regular security audits and penetration testing
Web application firewalls and DDoS protection

Organizational Measures

Access controls and least-privilege principles
Employee security training and confidentiality agreements
Incident response procedures and breach notification protocols
Regular security awareness training

IMPORTANT

While we implement robust security measures, no system is completely secure. You are responsible for maintaining the confidentiality of your account credentials and should notify us immediately if you suspect unauthorized access.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information (subject to legal retention requirements)
Portability: Request your data in a structured, commonly used format
Restriction: Request restriction of processing in certain circumstances
Objection: Object to processing based on legitimate interests
Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@amaltash.com. We will respond to your request within thirty (30) days, or as required by applicable law.

We may need to verify your identity before processing your request. We will not discriminate against you for exercising your privacy rights.

10. Rights for EEA, UK, and Swiss Users (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and equivalent laws.

Additional GDPR Rights

Right to Erasure ("Right to be Forgotten"): Request deletion of your data when processing is no longer necessary
Right to Object: Object to processing for direct marketing or based on legitimate interests
Automated Decision-Making: Right not to be subject to solely automated decisions with legal or significant effects
Supervisory Authority Complaint: Right to lodge a complaint with your local data protection authority

Data Transfer Mechanisms

For transfers of personal data from the EEA/UK to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
The EU-U.S. Data Privacy Framework, where applicable
Additional supplementary measures to ensure adequate protection

11. Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with specific rights regarding your personal information.

Your California Privacy Rights

Right to Know: Request disclosure of what personal information we collect, use, and share
Right to Delete: Request deletion of your personal information (with exceptions)
Right to Opt-Out: Opt out of the sale or sharing of personal information (Note: We do not sell personal information)
Right to Correct: Request correction of inaccurate personal information
Right to Limit: Limit the use of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Categories of Information

In the preceding 12 months, we have collected the following categories of personal information:

Identifiers (name, email, IP address)
Financial information (payment method, transaction history)
Internet activity (browsing history, interactions with our Services)
Geolocation data (approximate location from IP address)
Inferences drawn from the above (preferences, characteristics)

Do Not Sell or Share

We do not sell or share your personal information for cross-context behavioral advertising. Therefore, we do not offer an opt-out mechanism for sales, as no sales occur.

12. International Data Transfers

Amaltash is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States and potentially other countries where our service providers operate.

These countries may have data protection laws that differ from those in your country. By using our Services, you consent to the transfer of your information to these countries.

We implement appropriate safeguards for international transfers, including:

Standard Contractual Clauses for transfers from the EEA/UK
Data Processing Agreements with service providers
Technical and organizational security measures

13. Children's Privacy

Our Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@amaltash.com.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes, we will:

Update the "Last Updated" date at the top of this policy
Notify you via email or prominent notice on the platform
Where required by law, obtain your consent to the changes

Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Privacy Policy.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Amaltash, Inc.

Attn: Privacy Officer

2261 Market St

San Francisco, CA 94114

United States

Privacy Inquiries: privacy@amaltash.com

Data Subject Requests: dpo@amaltash.com

For users in the European Economic Area, you may also contact your local data protection authority if you have concerns about our data processing practices.

By using the Amaltash platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use our Services.

1. Introduction