Privacy Policy

1. Information We Collect

We collect several types of information to provide and improve our services to you:

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Username and password (encrypted)
• Company name and role (for Enterprise accounts)
• Phone number (optional, for two-factor authentication)

1.2 Payment Information

For paid subscriptions, we collect:

• Billing address
• Payment method details (processed securely through Stripe)
• Transaction history and invoices

1.3 Usage Data

We automatically collect information about how you interact with our services:

• API requests and responses
• Symbols and markets you monitor
• Feature usage patterns and preferences
• Device information (browser type, operating system, IP address)
• Log data (access times, pages viewed, errors encountered)
• WebSocket connection data

1.4 Trading Data

We collect information about your trading activities:

• Watchlists and portfolio configurations
• Alert settings and notifications
• Historical backtesting queries
• Custom strategy parameters

1.5 Communications

We collect information from your communications with us, including:

• Support tickets and help requests
• Survey responses and feedback
• Email correspondence

2. How We Use Your Information

We use the collected information for various purposes:

• Service Delivery: To provide, operate, and maintain our market regime detection services
• Account Management: To manage your account, process subscriptions, and handle billing
• Personalization: To customize your experience and deliver relevant market insights
• Communication: To send you service updates, security alerts, and administrative messages
• Analytics: To analyze usage patterns and improve our algorithms and features
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Compliance: To comply with legal obligations and enforce our Terms of Service
• Marketing: To send promotional communications (with your consent, where required)
• Research: To develop new features and enhance our regime detection models

3. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: For payment processing
• Cloud Infrastructure: For hosting and data storage (AWS/GCP)
• Analytics Services: For usage analysis and performance monitoring
• Email Services: For sending notifications and alerts
• Customer Support: For managing support tickets

These service providers are bound by contractual obligations to keep your information confidential and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal processes (subpoenas, court orders)
• Government or regulatory requests
• Protection of our rights, property, or safety
• Investigation of potential violations of our Terms of Service

3.3 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3
• Data Storage: Information at rest is encrypted using AES-256 encryption
• Authentication: Passwords are hashed using bcrypt with salt
• Access Controls: Strict internal access policies and role-based permissions
• Infrastructure: Secure cloud infrastructure with regular security audits
• Monitoring: 24/7 security monitoring and incident response procedures
• Regular Updates: Ongoing security patches and vulnerability assessments

5. Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active and for up to 90 days after account deletion
• Usage Data: Retained for 24 months for analytics and service improvement
• Payment Records: Retained for 7 years to comply with tax and accounting regulations
• Support Communications: Retained for 3 years
• Legal Obligations: We may retain certain information longer if required by law

You may request deletion of your data at any time by contacting us. We will delete your information within 30 days, except where we are required to retain it for legal compliance.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to:

• Access your personal information
• Request a copy of your data in a portable format
• Review how your information is being used

6.2 Correction and Deletion

You have the right to:

• Update or correct inaccurate information
• Request deletion of your personal information
• Close your account at any time

6.3 Marketing Communications

You can opt out of marketing emails by:

• Clicking the "unsubscribe" link in any marketing email
• Updating your notification preferences in your account settings
• Contacting us directly

Note: You cannot opt out of transactional emails (account notifications, security alerts, service updates).

6.4 GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

6.5 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it's used
• Right to request deletion of your personal information
• Right to opt out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us using the information provided at the end of this policy.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

7.1 Types of Cookies

• Essential Cookies: Required for the operation of our services (authentication, security)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how you use our services
• Marketing Cookies: Track visits across websites to deliver relevant advertising

7.2 Managing Cookies

You can control cookie settings through your browser preferences. However, disabling certain cookies may limit your ability to use some features of our services.

7.3 Do Not Track

Our services do not currently respond to "Do Not Track" signals. We track usage to improve our services and provide you with relevant information.

8. Third-Party Services

Our services integrate with third-party providers. We are not responsible for the privacy practices of these third parties:

8.1 Payment Processing

Stripe: We use Stripe for payment processing. Stripe's privacy policy is available at stripe.com/privacy

8.2 Analytics

We use analytics services to understand usage patterns and improve our platform. These services may collect information about your device and usage.

8.3 Market Data Providers

We obtain market data from third-party providers. Your use of this data is subject to their terms and conditions.

8.4 External Links

Our services may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites.

9. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us. We will delete such information from our systems within 30 days.

10. International Data Transfers

Stratum is based in the United States. If you access our services from outside the U.S., your information may be transferred to, stored, and processed in the United States or other countries.

We implement appropriate safeguards to protect your information when it is transferred internationally:

• Standard Contractual Clauses (for EU data transfers)
• Data Processing Agreements with service providers
• Compliance with applicable data protection regulations

By using our services, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our platform

Your continued use of our services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

12. Additional Information for Specific Jurisdictions

12.1 European Economic Area (EEA)

For users in the EEA, our legal basis for processing your information includes:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: To improve our services, ensure security, and conduct analytics
• Legal Compliance: To comply with legal obligations
• Consent: For marketing communications and optional features

12.2 Financial Regulations

Important Disclaimer: Stratum is a software-as-a-service platform providing market analysis tools. We are not a registered investment advisor, broker-dealer, or financial institution. Our services are for informational purposes only and do not constitute financial advice.

You are solely responsible for any trading decisions made using our platform. Please consult with a qualified financial advisor before making investment decisions.