Privacy Policy

1. Controller / Data Responsible Party

The data controller responsible for processing your personal data is:

2. What Data We Collect and Why

2.1 Account Data

When you register, we collect your email address, name, and authentication credentials. This data is processed by Clerk, Inc. on our behalf.

Legal basis: Performance of contract (Art. 6(1)(b) GDPR) / necessary for service provision.

2.2 Usage and Strategy Data

We collect the strategies, portfolios, and configurations you create on the Platform, as well as usage logs (feature usage, timestamps, session data). This data is stored in our database hosted by Render Services, Inc.

Legal basis: Performance of contract / legitimate interest in operating and improving the Platform.

2.3 Payment Data

Payment information (card details, billing address) is collected and processed exclusively by Stripe, Inc. We do not store full card numbers or sensitive payment data on our servers. We receive only non-sensitive transaction metadata (plan, amount, currency, subscription status).

Legal basis: Performance of contract / compliance with legal obligations.

2.4 Technical and Log Data

We automatically collect technical data when you use the Platform, including:

• IP address — used by Clerk for authentication and security purposes; not stored in our application database
• Browser type and version
• Device and operating system information
• Pages visited and features used
• Error logs (processed by Sentry, PII-filtered before transmission)

Legal basis: Legitimate interest in Platform security, stability, and debugging.

2.5 Cookie and Session Data

We use strictly-necessary session cookies set by Clerk for authentication purposes. These cookies are essential for the Platform to function, do not track you across other sites, and do not require consent under applicable cookie regulations. We do not use advertising or tracking cookies.

Type: Strictly necessary — Duration: Session / up to 7 days

2.6 Data You Choose Not to Provide

You may decline to provide certain data, but this may prevent you from using parts of the Platform (e.g. declining to register means you cannot access the service).

3. How We Use Your Data

We use your personal data for the following purposes:

• To provide, maintain, and improve the Platform and its features
• To process payments and manage subscriptions
• To authenticate your identity and secure your account
• To communicate with you about your account, subscription, and service updates
• To detect, prevent, and respond to technical issues, fraud, or security incidents
• To comply with legal obligations and enforce our Terms of Service

We do not use your data for advertising purposes. We do not sell your personal data to third parties.

4. Third-Party Processors

We share personal data with the following processors, solely to provide the Platform services. Each processor is bound by a Data Processing Agreement (DPA) and appropriate safeguards for international transfers:

SCCs = EU Standard Contractual Clauses (Commission Decision 2021/914). DPA = Data Processing Agreement.

5. International Data Transfers

5.1 Our third-party processors are located in the United States. When we transfer personal data from the EU/EEA, the UK, or Switzerland to the USA, we rely on the following safeguards:

• EU Standard Contractual Clauses (SCCs) pursuant to EU Commission Implementing Decision 2021/914
• UK International Data Transfer Agreements (IDTAs) for UK-to-USA transfers
• Swiss equivalent safeguards pursuant to the nFADP

5.2 Sentry error logging is processed in the EU region (Frankfurt) to minimise cross-border transfers for log data.

5.3 You may request a copy of the applicable transfer safeguards by contacting us at privacy@tacticalinvesting.ch.

6. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law:

• Account data: for the duration of your account plus 30 days after deletion
• Strategy and portfolio data: for the duration of your account plus 30 days after deletion
• Payment and transaction records: 10 years (statutory requirement under Swiss OR)
• Technical log data: 90 days rolling
• Error logs (Sentry): 30 days

Upon account deletion, your data is marked for erasure and permanently deleted after 30 days, except where retention is required by law (e.g. payment records).

7. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

7.1 Rights under GDPR (EU/EEA), UK GDPR, and nFADP (Switzerland)

• Right of access: obtain confirmation of whether we process your data and a copy of it
• Right to rectification: request correction of inaccurate or incomplete data
• Right to erasure ("right to be forgotten"): request deletion of your data
• Right to restriction: request that we limit processing of your data
• Right to data portability: receive your data in a structured, machine-readable format
• Right to object: object to processing based on legitimate interests
• Right to withdraw consent: where processing is based on consent, withdraw it at any time
• Right to lodge a complaint: with your national supervisory authority (see Section 7.4)

7.2 California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information we have collected from you
• Opt out of the sale of personal information (we do not sell personal information)
• Non-discrimination for exercising your CCPA rights

To exercise your CCPA rights, contact us at privacy@tacticalinvesting.ch. We will respond within 45 days.

7.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us at privacy@tacticalinvesting.ch with a description of your request. We will respond within 30 days (GDPR) or as required by applicable law. We may need to verify your identity before processing your request.

To delete your account and all associated data, you can also use the account deletion function within the Platform (Settings > Delete Account) or contact us directly.

7.4 Supervisory Authorities

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your national or regional data protection authority:

• Switzerland: Federal Data Protection and Information Commissioner (FDPIC) — www.edoeb.admin.ch
• EU: Your local EU data protection authority (list at edpb.europa.eu)
• UK: Information Commissioner's Office (ICO) — ico.org.uk
• USA (California): California Privacy Protection Agency (CPPA) — cppa.ca.gov

8. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. Measures include:

• Encrypted data transmission (TLS/HTTPS)
• JWT-based authentication with short-lived tokens
• Access controls limiting employee access to personal data
• PII filtering in error logs before transmission to Sentry
• Regular dependency and security updates

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security.

9. Children's Privacy

The Platform is not directed at children under the age of 13 (or 16 in certain EU member states). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at privacy@tacticalinvesting.ch and we will delete it promptly.

10. Links to Third-Party Services

The Platform may contain references to third-party websites or services (e.g. market data providers). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via in-platform notification at least 14 days before taking effect. The current version is always available at tacticalinvesting.ch/privacy. Your continued use of the Platform after a change takes effect constitutes acceptance of the revised Policy.

12. Contact

For any privacy-related questions, requests, or complaints, please contact: