1. Introduction
Tradesyncer B.V. ("Tradesyncer", "we", "our", "us"), a company registered in The Netherlands (KVK: 95445110) with its principal office at Cruquiusweg 110B, 1019 AK Amsterdam, operates the web platform tradesyncer.com and related applications (collectively, the "Service"). We are the data controller for personal data processed in connection with the Service. You can contact us at [email protected] or by post at the above address.
A Data Protection Officer (DPO) has been appointed and can be reached at [email protected].
2. Notice at Collection (California)
Before we collect any personal information, California law requires us to tell you what categories we collect, for what purposes, and whether we sell or share them for cross‑context behavioural advertising. A concise overview is provided in the table below (section 3.3). You can always find a permanent link labelled “Notice at Collection” next to every registration, checkout or contact form.
3. Categories of Personal Information We Collect
3.1 Information You Provide Directly
Identifiers – name, postal address, email, telephone number, unique user ID.
Account credentials – user name, hashed password, authentication tokens.
Commercial information – purchase history, subscription tier, billing address.
Payment information – last 4 digits of card, expiry date, Stripe customer ID (we never store full card numbers or CVV).
Support and correspondence – messages, attachments, survey responses.
3.2 Information We Collect Automatically
Internet / electronic network activity – IP address, device type, browser version, operating system, referring URLs, pages viewed, clicks, session timestamps.
Geolocation – coarse location (city / region) derived from IP address.
Cookie and similar technologies data – see section 7.
3.3 Statutory Category Table (last 12 months – CCPA/CPRA)
CCPA Category | Examples | Collected | Sold | Shared for targeted ads |
A Identifiers | Name, email, IP, user ID | Yes | No | Yes |
B Customer records | Billing address | Yes | No | No |
D Commercial info | Purchases, subscription status | Yes | No | No |
F Internet activity | Page views, clicks | Yes | No | Yes |
G Geolocation | City/region (IP‑based) | Yes | No | Yes |
I Professional info | Company, job title (optional) | Yes | No | No |
Sensitive PI (login credentials) | Encrypted password | Yes | No | No |
We do not knowingly sell or share personal information of consumers under 16 years of age.
4. Sources of Personal Data
Directly from you when you register, purchase a subscription, or communicate with us.
Automatically from your device via cookies and similar technologies.
Third‑party platforms when you choose to sign in with Google, Apple, Facebook, X (Twitter) or Discord.
Affiliates (PropFirmSyncer.com) for cross‑brand communication where legally permitted.
5. Purposes of Processing & Legal Bases (GDPR Art 6)
Purpose | Legal basis (GDPR) | Relevant categories |
Provide & administer the Service | Performance of a contract (Art 6 (1)(b)) | A, B, D, F, I, Sensitive PI |
Process payments & prevent fraud | Performance of a contract; Legitimate interests (Art 6 (1)(f)) | A, B, D, F, Sensitive PI |
Improve and secure the Service (analytics, debugging, security monitoring) | Legitimate interests | A, F, G |
Marketing our own or affiliated services | Consent (emails + cookies) or Legitimate interests | A, F |
Legal obligations (tax, accounting, consumer‑protection) | Compliance with a legal obligation (Art 6 (1)(c)) | A, B, D |
You may withdraw consent or object to processing based on legitimate interest at any time (section 13).
6. How We Use Personal Data
We use the information described above to:
Create and manage accounts and authenticate users.
Deliver core functionality such as trade synchronisation, journaling, social features and notifications.
Process transactions through our payment partner Stripe, Inc.
Provide customer support by email, chat, discord or ticketing system (Intercom).
Analyse usage to improve performance and develop new features.
Market our own and closely‑related services, including PropFirmSyncer.com, subject to your choices.
Detect, investigate and prevent fraud, abuse or security incidents.
We do not engage in fully automated decision‑making that produces legal or similarly significant effects.
7. Cookies & Similar Technologies
We use first‑ and third‑party cookies, local storage and pixels for:
Strictly necessary operations (session management, load balancing).
Preferences (remember language, interface settings).
Analytics (Google Analytics 4, Vercel Analytics). Analytics cookies are set only after consent in the EU/EEA.
Advertising / cross‑context behavioural advertising (Google Ads, X). These run only if you have opted in and may constitute “sharing” under CPRA.
8. How We Share Personal Data
We disclose personal data:
Service providers – hosting (Google Cloud, Azure, AWS), payments (Stripe), email delivery (Brevo), analytics (Google, Vercel), customer support (Intercom).
Affiliates – PropFirmSyncer.com, for joint promotions and account linking.
Legal or regulatory bodies – when required by law or to protect rights, safety or property.
Business transfers – in connection with a merger, acquisition or sale of assets.
With your consent – for any purpose not already covered.
We have signed Data Processing Agreements (DPAs) or CCPA service‑provider contracts with all vendors who process data on our behalf.
9. International Data Transfers
We may transfer your data outside the European Economic Area. Where we do, we rely on:
Adequacy decisions (e.g. transfers to the United States under the EU‑US Data Privacy Framework, if applicable), or
Standard Contractual Clauses (SCCs) approved by the European Commission with supplementary measures as required.
A copy of the SCCs can be requested via [email protected].
10. Data Retention
Data type | Retention period / criteria |
Account data | While the account remains active and thereafter for as long as necessary to meet legal, accounting or legitimate business needs, after which it is deleted or irreversibly anonymised |
Transaction records | 7 years (tax & accounting) |
Support tickets | 2 years from closure |
Analytics logs | 26 months (Google), 12 months (server logs) |
Backup archives | Rolling 90 days |
We may keep information longer if necessary to establish or defend legal claims.
You can manage or withdraw consent at any time via the “Cookie Settings” link in the footer.
11. Security Measures
We run a defence‑in‑depth security programme aligned with ISO/IEC 27002:2022 control families and the EU NIS 2 Directive’s essential cybersecurity requirements. Measures include TLS 1.3 encryption in transit, AES‑256 encryption at rest, asset and access management, role‑based access control, MFA for all privileged accounts, a secure‑by‑design software‑development lifecycle, quarterly vulnerability scans and penetration tests, continuous SIEM monitoring, and a fully tested incident‑response and business‑continuity plan.
12. Children’s Privacy
The Service is not intended for children under 16. We do not knowingly collect personal data from minors. If you believe a child has provided us with personal data, please contact us and we will delete it.
13. Your Rights & How to Exercise Them
13.1 EU / EEA Data‑Subject Rights (GDPR)
You have the right to:
Access your data.
Rectify inaccurate data.
Erase data (“right to be forgotten”).
Restrict processing.
Data portability (receive a copy in machine‑readable form).
Object to processing based on legitimate interests or direct marketing.
Withdraw consent at any time.
Lodge a complaint with a supervisory authority.
Primary supervisory authority: Autoriteit Persoonsgegevens, Bezuidenhoutseweg 30, 2594 AV The Hague, The Netherlands, autoriteitpersoonsgegevens.nl.
13.2 California Privacy Rights (CCPA/CPRA)
California residents may:
Know the categories and specific pieces of personal information we have collected, used, sold or shared.
Delete personal information (with some exceptions).
Correct inaccurate personal information.
Opt‑out of sale or sharing of personal information.
Limit the use or disclosure of sensitive personal information.
Non‑discrimination – we will not deny goods/services, charge different prices, or provide a different level or quality of service for exercising these rights.
Global Privacy Control (GPC) – we honour browser signals indicating an opt‑out preference.
13.3 Submitting a Request
You can exercise any right by:
Web form: (coming soon)
Email: [email protected]
We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA), with a possible extension where permitted.
14. Do Not Sell or Share My Personal Information
We do not sell personal data for money, but we share certain identifiers and internet activity with advertising partners, which may be considered “sharing” under the CPRA. You can opt out at any time by clicking “Do Not Sell or Share My Personal Information” in the footer or by enabling the Global Privacy Control in your browser.
15. Limit the Use of My Sensitive Personal Information
If you are a California resident and we process your sensitive personal information beyond what is necessary to provide the Service, you may instruct us to limit such use via the footer link “Limit Sensitive Personal Information”.
16. External Links
Our Service may contain links to third‑party sites. We are not responsible for their privacy practices. Please review the privacy policy of every site you visit.
17. Changes to This Policy
We may update this Privacy Policy from time to time. We will post any changes on this page and, if the changes are material, notify you by email or in‑product message. The "Last updated" date at the top indicates when the policy was most recently revised.
18. Contact Us
General enquiries: [email protected]
DPO: [email protected]
Postal: Tradesyncer B.V., Cruquiusweg 110B, 1019 AK Amsterdam, The Netherlands
Appendix A – Definitions (summary)
Personal data / personal information – any information that identifies or relates to an identifiable individual.
Sell / Share (CPRA) – transferring personal information to a third party for monetary or other valuable consideration or for cross‑context behavioural advertising.
Sensitive personal information – as defined in Cal. Civ. Code §1798.140(ae) (e.g. account log‑in, precise geolocation, racial origin).