AlfaTactix Logo
Try DemoAcademyFeaturesPricingDocs
Start Free TrialSign In

Privacy Policy

Last Updated: [DATE - Format: Month Day, Year]

1. Introduction

AlfaTactix ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our no-code MetaTrader 5 strategy builder platform (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Username, email address, and password
  • Profile Information: User role/subscription plan (free, basic, pro), billing country, VAT number (for B2B customers)
  • Payment Information: Payment processing is handled by Stripe. We do not store credit card details. Stripe processes and stores payment information according to their Privacy Policy.
  • Strategy Data: Trading strategies you create, including indicators, conditions, filters, and risk management settings
  • Communication Data: Information you provide when contacting our support team

2.2 Information Automatically Collected

  • Session Information: Device type, IP address, browser type, user agent
  • Technical Data: Login timestamps, session duration, failed login attempts, account lockout status
  • Local Storage Data: Authentication tokens, user preferences, and temporary strategy data stored in your browser's local storage
  • Cookies: We use cookies for security purposes (CSRF tokens) to protect against cross-site request forgery attacks

2.3 Information from Third-Party Services

  • Stripe: Payment processing data (customer ID, subscription status, invoice information) - processed according to Stripe's Privacy Policy
  • Payment Events: Webhook data from Stripe regarding subscription status and payment outcomes

3. How We Use Your Information

  • Service Provision: To provide, maintain, and improve our Service
  • Account Management: To create and manage your account, process subscriptions, and handle billing
  • Security: To protect against fraud, unauthorized access, and security threats
  • Communication: To send you service-related notifications, updates, and respond to your inquiries
  • Service Improvement: To analyze platform performance and improve user experience (internal monitoring only)
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes
  • Business Operations: To operate our business, including data analysis, auditing, and internal operations

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data based on:

  • Contract Performance: To fulfill our contract with you (providing the Service)
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

5.1 Service Providers

Stripe: Payment processing and subscription management. Stripe's Privacy Policy: https://stripe.com/privacy

5.2 Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities (e.g., court orders, government agencies).

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

6. Data Security

  • Encryption: Data in transit is encrypted using HTTPS/TLS
  • Password Security: Passwords are hashed using bcrypt and never stored in plain text
  • Token Security: Authentication tokens are signed and have expiration times
  • Access Controls: Limited access to personal data on a need-to-know basis
  • Session Management: Secure session management with automatic expiration
  • Security Monitoring: Login attempt monitoring and account lockout mechanisms
  • CSRF Protection: Cross-site request forgery protection using tokens

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Account Data: Retained while your account is active. You may request deletion at any time.
  • Payment Records: Retained for 7 years as required by financial regulations
  • Session Data: Active sessions retained for 7 days. Expired sessions are automatically deleted.
  • Refresh Tokens: Retained for up to 30 days, then automatically deleted when expired
  • Strategy Data: Retained until you delete your account or the specific strategy
  • Backtest Progress Data: Retained for 3 days, then automatically deleted
  • Local Storage Data: Stored in your browser until you clear your browser data or delete your account

You may request deletion of your data at any time (see Section 8).

8. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights regarding your personal information:

  • Access You have the right to request access to the personal information we hold about you.
  • Rectification You have the right to request correction of inaccurate or incomplete personal information.
  • Erasure (Right to be Forgotten) You have the right to request deletion of your personal information, subject to legal obligations.
  • Data Portability You have the right to receive your personal information in a structured, commonly used format.
  • Objection You have the right to object to processing of your personal information for certain purposes.
  • Restriction You have the right to request restriction of processing of your personal information.
  • Withdraw Consent You have the right to withdraw your consent at any time where we rely on consent to process your information.
  • Opt-Out (CCPA) If you are a California resident, you have the right to opt-out of the sale of personal information (we do not sell personal information).

To exercise these rights, please contact us at: [EMAIL ADDRESS]

We will respond to your request within 30 days (or as required by applicable law).

9. Cookies and Local Storage

9.1 Cookies

CSRF Token Cookie: Required for security to protect against cross-site request forgery attacks. This cookie is essential for the Service to function securely.

9.2 Local Storage

  • Authentication Tokens: Access tokens and refresh tokens for maintaining your login session
  • User Preferences: Theme settings, notification preferences, and other account settings
  • Temporary Data: Strategy autosave data and temporary application state

You can clear local storage data at any time through your browser settings. However, clearing local storage will log you out and may result in loss of unsaved strategy data.

9.3 Managing Cookies and Local Storage

You can control cookies and local storage through your browser settings. However, disabling cookies or clearing local storage may affect the functionality of our Service and may log you out.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country.

  • Standard contractual clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

11. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a child under 18, please contact us immediately, and we will delete such information.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You can request information about the categories and specific pieces of personal information we collect
  • Right to Delete: You can request deletion of your personal information
  • Right to Opt-Out: You can opt-out of the sale of personal information (we do not sell personal information)
  • Non-Discrimination: We will not discriminate against you for exercising your privacy rights

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), as detailed in Section 8 above.

You also have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date
  • Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Data Controller Information

Company Name: AlfaTactix

Contact Email: [EMAIL ADDRESS]

For privacy-related inquiries, please contact us at: [EMAIL ADDRESS]

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [EMAIL ADDRESS]

Subject Line: Privacy Policy Inquiry

We will respond to your inquiry within 30 days.

Note: This Privacy Policy is effective as of [DATE] and applies to all users of the AlfaTactix platform. By using our Service, you acknowledge that you have read and understood this Privacy Policy.

Join AlfaTactix and start building MetaTrader 5 strategies today

Create your free account to explore the Strategy Builder, then upgrade to MetaTrader 5 Basic when you are ready to generate production‑ready MQL5 Expert Advisors.