Privacy Policy
This Privacy Policy explains how TTerminal ("we", "us", "our") collects, uses, discloses, and protects personal data when you use our website at tterminal.com and our trading intelligence platform (collectively, the "Service"). We are committed to protecting your privacy and processing your personal data lawfully and transparently in accordance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the Czech Act No. 110/2019 Coll. on personal data processing, and other applicable data protection laws.
On this page
- 1. Data controller
- 2. Data we collect
- 3. How and why we use your data
- 4. Legal bases for processing
- 5. How we share your data
- 6. International transfers
- 7. Retention periods
- 8. Your data subject rights
- 9. Security measures
- 10. Cookies and tracking
- 11. Children's privacy
- 12. Changes to this policy
- 13. Contact us
1. Data controller
The data controller responsible for your personal data is TTerminal (operating under Signal Core s.r.o. or successor entity). For all data protection matters, including exercising your rights or raising concerns, contact our Data Protection Officer at contact form.
2. Data we collect
We collect the following categories of personal data, depending on how you interact with the Service:
Account data
- Full name, email address, password (hashed using bcrypt or equivalent)
- Date of birth (where required for age verification)
- Country of residence and timezone
- Optional profile photo and display name
Billing data
- Billing address and VAT identification number
- Payment method details (card brand, last four digits, expiry) - card numbers themselves are processed exclusively by Stripe and never touch our servers
- Invoice history, subscription tier, trial status
Usage data
- IP address, browser type and version, device identifiers, operating system
- Pages viewed, features used, watchlists, saved searches, query history
- Timestamps and duration of sessions
- Diagnostic logs and crash reports
Communications
- Support tickets, chat transcripts, and email correspondence
- Newsletter subscription preferences and clickstream within emails
3. How and why we use your data
We process your personal data for the following purposes:
- Provide the Service - authenticate you, deliver market data, run subscriptions, sync watchlists and alerts across devices.
- Billing and tax compliance - process payments, issue invoices, comply with VAT/MOSS and OECD reporting obligations.
- Security and abuse prevention - detect fraud, unauthorised access, multi-account abuse, and enforce our Terms.
- Service improvement - analyse aggregated usage patterns to improve features, reliability, and performance. We do not sell individual user data.
- Customer support - respond to your questions and resolve issues.
- Marketing (with consent) - send product updates, market commentary, and offers via email. You may opt out at any time.
- Legal obligations - respond to lawful requests from regulators, courts, and law enforcement.
4. Legal bases for processing
Under GDPR Article 6, we rely on the following legal bases:
- Contract performance (Art. 6(1)(b)) - to deliver the Service you have subscribed to.
- Legitimate interests (Art. 6(1)(f)) - to secure the Service, prevent fraud, and improve our product, balanced against your rights.
- Consent (Art. 6(1)(a)) - for non-essential cookies, marketing emails, and certain analytics. You can withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)) - for tax, accounting, anti-money-laundering, and regulatory reporting.
5. How we share your data
We share personal data only with the following categories of recipients:
- Payment processors - Stripe Payments Europe Ltd (Ireland) for card processing.
- Cloud infrastructure - DigitalOcean LLC for hosting, located in the EU (Frankfurt and Amsterdam regions where possible).
- Email delivery - transactional and newsletter providers (Postmark, Mailgun, or successors).
- Analytics - privacy-preserving, server-side analytics. We do not use Google Analytics or comparable third-party trackers by default.
- Professional advisors - accountants, auditors, lawyers, and consultants bound by confidentiality.
- Law enforcement - only where required by a valid legal request.
- Successors - in the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring party under equivalent privacy protections.
We do not sell personal data and we do not share it with data brokers or advertisers.
6. International transfers
Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards including the European Commission's Standard Contractual Clauses (SCCs), adequacy decisions, or your explicit consent. You can request a copy of the SCCs by emailing us.
7. Retention periods
- Account data - retained while your account is active and for up to 90 days after deletion for backup recovery, then permanently erased.
- Billing records - retained for 10 years to comply with VAT and accounting law (Czech Act No. 235/2004 Coll.).
- Usage logs - retained for up to 90 days, then aggregated and anonymised.
- Support tickets - retained for up to 3 years for quality review and dispute resolution.
- Marketing data - retained until you unsubscribe.
8. Your data subject rights
Under GDPR you have the following rights:
- Access - obtain a copy of your personal data.
- Rectification - correct inaccurate or incomplete data.
- Erasure - request deletion ("right to be forgotten") subject to legal retention obligations.
- Restriction - limit how we process your data in certain circumstances.
- Portability - receive your data in a structured, machine-readable format.
- Objection - object to processing based on legitimate interests, including profiling.
- Withdraw consent - at any time, without affecting the lawfulness of prior processing.
- Lodge a complaint - with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů, www.uoou.cz) or your local supervisory authority.
To exercise any of these rights, use our contact form. We respond within 30 days.
9. Security measures
We implement industry-standard technical and organisational measures including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption at rest for sensitive fields
- Bcrypt password hashing with per-user salts
- Role-based access controls and audit logging
- Two-factor authentication for staff accounts
- Regular penetration testing and dependency vulnerability scanning
- Incident response procedures and 72-hour breach notification
10. Cookies and tracking
We use a small number of strictly necessary cookies to keep you signed in, remember preferences, and prevent fraud. We do not set marketing or third-party tracking cookies without your explicit consent. See our Cookie Policy for full details.
11. Children's privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect data from minors. If you become aware that a minor has provided us with personal data, please contact us and we will delete it promptly.
12. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be notified to you by email or in-app banner at least 30 days before they take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
13. Contact us
Questions about this Privacy Policy or how we handle your data:
- Email: contact form
- Postal address: Signal Core s.r.o., Rybná 716/24, Staré Město, 110 00 Praha 1, Czech Republic
- Data Protection Officer: our contact form