Privacy Policy

This Privacy Policy explains how Vantix Wealth Labs ("VantageGrid", "we", "us", or "our") collects, uses, stores, and protects personal data when you use VantageGrid.pro, our applications, dashboards, integrations, APIs, browser extension, and related services (the "Service").

1. Controller and Contact

For GDPR purposes, Vantix Wealth Labs, Netherlands, is the controller of personal data processed through the Service unless we state otherwise. You can contact us at privacy@vantagegrid.pro.

• Chamber of Commerce number: 42061959.
• VAT ID: NL005466966B47.
• Website: https://vantixwealthlabs.com.
• Support email: support@vantagegrid.pro.

2. Personal Data We Collect

We collect personal data directly from you, automatically from your use of the Service, and from third-party services you choose to connect, such as Stripe, broker or exchange integrations, TradingView workflows, email providers, and AI providers used for requested features.

Account Data

• Name, email address, password hash, account settings, subscription tier, legal acceptance timestamps, accepted legal document versions, and authentication metadata.
• Optional profile information such as public username, avatar, biography, and leaderboard preferences.

Trading and Journal Data

• Imported or manually entered trades, instruments, direction, quantities, prices, commissions, timestamps, tags, screenshots, notes, playbooks, and journal entries.
• Performance metrics generated from your data, including PnL, drawdown, expectancy, risk metrics, tax estimates, and coaching insights.

Integration and Security Data

• API keys, webhook identifiers, broker connection metadata, platform names, sync status, and integration logs.
• If you connect supported broker or exchange integrations, credentials or tokens may be stored in encrypted form and used only to provide the requested integration.
• Chrome extension sync traces, environment selection, account names, import batch IDs, duplicate IDs, and diagnostic metadata needed to troubleshoot imports.

Billing Data

• Stripe customer ID, subscription status, plan, invoices, payment events, and billing portal activity.
• We do not store full card numbers. Stripe processes payment card details.

Usage and Device Data

• IP address, browser type, pages visited, timestamps, session identifiers, event logs, error logs, rate-limit data, and security telemetry.

Communications and Marketing Data

• Support messages, transactional emails, newsletter subscription status, consent timestamps, unsubscribe tokens, email delivery/open metadata where available, and user email preferences.

3. How We Use Personal Data

1. To create and manage your account.
2. To provide journaling, analytics, dashboards, imports, exports, integrations, AI coaching, and alerts.
3. To calculate metrics such as win rate, PnL, expectancy, Kelly Criterion, Risk-of-Ruin, drawdown, and tax estimates.
4. To process subscriptions and payments through Stripe.
5. To secure the Service, prevent abuse, enforce rate limits, investigate incidents, and protect users.
6. To respond to support requests, legal requests, and data-rights requests.
7. To send service, security, billing, legal, and account messages.
8. To send newsletters or product updates only where you have subscribed or where otherwise permitted by law, with unsubscribe options.
9. To improve the Service using aggregated, de-identified, or anonymized analytics where possible.

4. GDPR Legal Bases

1. Contract: processing needed to provide the Service, account access, support, subscriptions, and requested integrations.
2. Legitimate interests: platform security, fraud prevention, product improvement, service reliability, and abuse detection.
3. Consent: optional communications, optional public profile or leaderboard features, and any processing where consent is legally required.
4. Legal obligation: tax, accounting, compliance, dispute, and regulatory recordkeeping where applicable.

5. Legitimate Interests

Where we rely on legitimate interests, those interests include operating a secure SaaS platform, preventing fraud and abuse, maintaining reliable integrations, improving product quality, diagnosing errors, protecting users and our business, and understanding aggregated product usage. You may object to processing based on legitimate interests where GDPR gives you that right.

6. AI Processing and Data Accuracy

1. AI features may process trade summaries, journal notes, performance statistics, and relevant context to generate coaching responses and educational insights.
2. AI outputs may be inaccurate, incomplete, or based on historical data. They do not provide financial advice and do not guarantee future results.
3. Where practical, we limit the data sent to AI providers to what is needed for the requested feature.
4. AI providers may process prompts and outputs as processors or subprocessors under their applicable data processing terms. We do not use AI features to make legal, credit, employment, insurance, or similarly significant automated decisions about you.

7. Automated Decision-Making and Profiling

VantageGrid may calculate risk scores, churn indicators, usage metrics, prop-firm warnings, AI coaching summaries, and performance insights. These outputs are product features and operational signals. We do not use them to make decisions with legal or similarly significant effects under GDPR Article 22 without human involvement or a separate lawful basis.

8. API Keys, Broker Credentials, and Encryption

1. API keys, broker credentials, and integration secrets are treated as sensitive data.
2. Where stored, these secrets are protected using encryption and access controls designed to prevent unauthorized access.
3. You should revoke and rotate keys immediately if you suspect compromise.
4. We will never ask you for passwords or secrets outside the secure product flows intended for that integration.

9. Sharing and Processors

We do not sell your personal data or trade data. We may share data with service providers only as needed to operate VantageGrid, including:

• Stripe for billing, checkout, invoices, and subscription management.
• AI API providers for optional AI coaching and insight generation.
• Email providers for account, security, support, and billing messages.
• Hosting, database, logging, security, and infrastructure providers.
• Broker, exchange, market-data, and integration providers where you connect or request those integrations.
• Professional advisers, authorities, or courts where required by law or necessary to protect rights.

10. International Transfers

Some processors may operate outside the European Economic Area. Where required, we use appropriate safeguards such as Standard Contractual Clauses, data processing agreements, adequacy decisions, or equivalent transfer mechanisms.

11. Cookies and Similar Technologies

1. We use essential cookies for authentication, session security, CSRF protection, and account access.
2. We use functional cookies only after you accept them to remember preferences such as theme settings, dashboard layout, and product configuration.
3. We use first-party analytics identifiers only after you accept analytics cookies. Functional and analytics cookies can be accepted or rejected independently through Cookie settings, and you can keep using essential product features either way.
4. We do not use advertising cookies to sell or broker your trading data.

12. Retention

1. Account and trade data are retained while your account is active.
2. Billing, invoice, tax, and accounting records may be retained for the period required by applicable accounting and tax law.
3. Security logs, abuse-prevention logs, and audit records may be retained for a reasonable period needed to protect the Service, investigate incidents, and establish or defend legal claims.
4. Newsletter and consent records are retained while you are subscribed and for a reasonable period after unsubscribe where needed to prove consent or suppression status.
5. After account deletion, we aim to delete or anonymize personal data within 30 days unless longer retention is required for legal, accounting, security, backup, dispute, or fraud-prevention purposes. Backups may take longer to expire from rotation.
6. Aggregated or anonymized analytics may be retained indefinitely where they no longer identify you.

13. Security

1. We use technical and organizational measures designed to protect personal data, including HTTPS/TLS, password hashing, encryption for sensitive secrets, access controls, logging, rate limiting, and security monitoring.
2. No online service can guarantee absolute security. You are responsible for strong passwords, device security, and protecting your account credentials.
3. If we identify a personal data breach requiring notice, we will notify affected users and regulators as required by applicable law.

14. Your GDPR Rights

Subject to legal conditions and limitations, you may have the right to:

• Access your personal data.
• Correct inaccurate or incomplete personal data.
• Request deletion of personal data.
• Restrict or object to processing.
• Receive a portable copy of certain data.
• Withdraw consent where processing is based on consent.
• Complain to a supervisory authority, including the Dutch Autoriteit Persoonsgegevens.

To exercise these rights, contact privacy@vantagegrid.pro. We may need to verify your identity before completing a request.

15. International Privacy Rights

1. If you are outside the EEA, you may have additional privacy rights under local law, including UK GDPR, Swiss data protection law, California privacy law, or other state and national privacy laws.
2. Where such laws apply to us, we will honor applicable access, deletion, correction, portability, opt-out, appeal, and non-discrimination rights.
3. We do not sell your personal data. We also do not share personal data for cross-context behavioral advertising as understood under California privacy law.
4. We do not knowingly collect, sell, or share personal data of children under 16.
5. You can contact privacy@vantagegrid.pro to make a privacy request. We may verify your identity and may ask authorized agents to provide proof of authorization where required.

16. Email and Marketing Rules

1. Transactional emails, such as account, security, billing, legal, and service messages, are sent as needed to operate the Service.
2. Marketing emails, newsletters, product updates, and campaign emails are sent only where we have a lawful basis. They include an unsubscribe mechanism where required.
3. We maintain suppression records so we can honor unsubscribe requests and avoid sending marketing messages to unsubscribed addresses.

17. Public Features

If you opt into public profiles, leaderboard visibility, shared links, or similar public features, selected information may become visible to other users or the public. You can disable optional public features where available in your account settings.

18. Business Customer Data

Where a business customer uses VantageGrid to process personal data on behalf of that customer, the business customer may be the controller and VantageGrid may act as processor for that customer data. The Data Processing Agreement describes those processor terms.

19. Children

The Service is not intended for persons under 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us so we can review and delete the account where appropriate.

20. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email, in-app notice, or a prominent website notice where appropriate. Continued use of the Service after the effective date means the updated policy applies.

21. Contact

For privacy questions or data requests, contact privacy@vantagegrid.pro. For general support, contact support@vantagegrid.pro. Business customers can review our Data Processing Agreement template.