Privacy Policy

Note (remove before going live): This template covers common GDPR disclosure obligations for a SaaS site. The concrete list of processors, retention periods, and cookie usage must be reviewed by a lawyer.

1. Controller

[Full name / company]
[Street and number]
[Postal code, City]
Germany
Email: privacy@tradelyst.ai

2. Server log files

Technical data (anonymised IP, timestamp, URL, browser type) is stored for at most 30 days (Art. 6(1)(f) GDPR).

3. Contact form

Data submitted via the contact form (name, email, subject, message, IP, timestamp) is stored to process the request (Art. 6(1)(b)/(f) GDPR). Spam protection uses a honeypot field and a time-based plausibility check; no third-party services like reCAPTCHA.

4. Processors

For the SaaS application we engage the following processors:

Stripe Payments Europe Ltd. (payments), Ireland; EU SCCs.
OpenAI Ireland Ltd. (AI features) — processes pseudonymised trade statistics; privacy mode strips dollar amounts. EU SCCs + EU–US Data Privacy Framework.
Resend, Inc. (transactional email), USA; EU SCCs + EU–US DPF.
Databento, Inc. (historical market data) — no personal data processed.
[Hosting provider] — EU-based; data processing agreement (DPA) in place.

5. Cookies

This marketing site (https://tradelyst.ai) sets no cookies or tracking, with the exception of one optional language cookie (tradelyst_lang) that remembers your language choice.

6. Your rights

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure (Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Requests to privacy@tradelyst.ai.

Last updated: 2026-05-04