Privacy Policy
Last updated: [DATE PLACEHOLDER] · Version: 0.1 DRAFT
DRAFT — NOT LEGALLY VETTED. This is a placeholder structure based on common GDPR / UK DPA 2018 requirements. Before publication this document must be reviewed by a qualified legal professional. Do not rely on this content for compliance purposes.
1. Who we are
PulseBot Ltd ("we", "us", "our") is the data controller for personal data collected through this service. [REGISTERED COMPANY NUMBER AND ADDRESS TO BE INSERTED ONCE COMPANIES HOUSE FORMATION COMPLETES.] You can contact us at privacy@pulsebot.trade.
2. What data we collect
Account and authentication
- Your email address (used for login via magic-link or password)
- Your display name and role/ownership designation within our system
- Authentication session cookies
Trading activity (where applicable)
- MetaTrader 5 account login number, broker name, server, and currency
- Account balance, equity, floating P&L, open positions, trade history
- Strategy configuration, copier group assignment, deployment phase
Trading data is reported from your MetaTrader 5 terminal directly to our analytics backend via your installed PulseBot Reporter Expert Advisor. We do not receive personal identification documents, payment card data, or banking information through this system.
Technical data
- IP address and approximate location (from server logs)
- Browser type, device type, and screen resolution
- Pages visited and timestamps
3. Why we collect it (legal basis)
We process your personal data on the following legal bases under Article 6 of the UK GDPR:
- Contract (Art. 6(1)(b)): to provide the dashboard, analytics, and reporting services you have engaged us for
- Legitimate interests (Art. 6(1)(f)): to secure the service against unauthorised access, prevent fraud, debug technical issues, and improve product quality
- Consent (Art. 6(1)(a)): where you explicitly opt in to marketing communications or non-essential cookies
- Legal obligation (Art. 6(1)(c)): to comply with applicable laws, including tax, accounting, and law enforcement requests
4. Who we share it with
We do not sell personal data. We share limited data with the following processors for the sole purpose of operating the service:
- Resend (transactional email delivery) — your email address only, to send login links
- Hetzner Online (server hosting, Germany) — all data stored on EU-hosted servers
- [OTHER PROCESSORS TO BE LISTED HERE]
If a share-link feature is used to publicly display a track record, only the aggregate, anonymised performance metrics for that account are visible to recipients of the link. No personal identification, account credentials, or per-trade detail is exposed.
5. International transfers
Our primary infrastructure is hosted within the EEA. Where transfers outside the UK/EEA occur (e.g. for Resend or other third-party services with US operations), we rely on appropriate safeguards including UK International Data Transfer Agreements (IDTAs) and Standard Contractual Clauses (SCCs).
6. How long we keep it
- Account snapshots and live trade data: retained for the duration of your active use of the service plus 12 months
- Historical trade journal data: retained for 7 years for record-keeping and regulatory compliance
- Authentication session cookies: 30 days from last login
- Server logs: 90 days, then automatically purged
7. Your rights
Under UK GDPR, you have the following rights regarding your personal data:
- Right to be informed (this policy)
- Right of access — obtain a copy of the data we hold about you
- Right to rectification — correct inaccurate data
- Right to erasure ("right to be forgotten") — subject to legal retention obligations
- Right to restrict processing
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object to processing based on legitimate interests
- Right to withdraw consent at any time, where consent was the legal basis
To exercise these rights, contact privacy@pulsebot.trade. We will respond within one month of receiving your request.
8. Cookies
We use the following cookies:
- pb_bible_auth (essential, 30 days) — your authenticated session
- [OTHER COOKIES TO BE DOCUMENTED — e.g. analytics, preferences]
Essential cookies cannot be disabled without breaking core functionality. Non-essential cookies require your explicit consent, which you can withdraw at any time through the cookie settings page (when available).
9. Security
We implement reasonable technical and organisational measures to protect your data, including encryption in transit (TLS 1.3), secure authentication tokens, and access controls limiting who can view what. No system is perfectly secure, however, and we cannot guarantee absolute security of data transmitted over the internet.
10. Complaints
You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately. Visit ico.org.uk or call 0303 123 1113.
11. Changes to this policy
We may update this privacy policy from time to time. Material changes will be notified by email and the "last updated" date at the top of this page will be revised. Continued use of the service after notice constitutes acceptance of the revised policy.