SyncFutures LLC ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based SaaS platform (the "Service"). We are the data controller for personal data processed in connection with the Service.
This Policy is designed to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Union (EU), United Kingdom (UK), and European Economic Area (EEA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and other relevant laws. If you are an EU/UK/EEA resident, we process your data based on lawful bases such as your consent, performance of a contract, or our legitimate interests (e.g., providing the Service and ensuring security).
We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on our website and updating the "Effective Date." Your continued use constitutes acceptance.
1. Information We Collect
We collect the following categories of personal data:
- Account Information: Name, email address, billing address, payment details (processed by third-party providers), and account preferences.
- Technical Data: IP address, browser type, device information, operating system, usage data (e.g., pages viewed, time spent), and log data.
- Service-Specific Data: Broker authentication credentials including login credentials (Rithmic) and OAuth tokens (Tradovate, NinjaTrader), all encrypted and stored securely. We also collect trade configurations, automation rules, and strategies you create. We collect trade execution data, order history, fill prices, position information, and account balances necessary to provide the Service and display performance metrics. We do not access funds, execute withdrawals, or have custody of your assets. We do not collect sensitive financial data like full account numbers or social security numbers.
- Communications: Information from emails, support tickets, or feedback you provide.
- Automatically Collected Data: Through cookies, web beacons, and similar technologies, we collect data on your interactions with the Service (e.g., clickstream data).
We do not collect special categories of personal data (e.g., health, race) unless you voluntarily provide it in communications.
If you connect to third-party services (e.g., TradingView or brokers), we may receive data from them with your consent.
2. How We Use Your Information
We use your personal data for the following purposes:
- To provide and maintain the Service, including processing subscriptions, facilitating trade synchronization/automation, and troubleshooting.
- To bill and process payments (via third-party processors).
- To communicate with you, such as sending service updates, newsletters (with opt-out options), or responding to inquiries.
- To improve the Service, analyze usage trends, and develop new features (anonymized where possible).
- To ensure security, prevent fraud, and comply with legal obligations.
- For marketing purposes, if you consent (e.g., personalized offers).
Lawful bases under GDPR include:
- Contract performance (e.g., providing the Service).
- Consent (e.g., marketing).
- Legitimate interests (e.g., analytics, security).
- Legal compliance.
3. Sharing Your Information
We share personal data only as necessary:
- With service providers who act as data processors under strict agreements ensuring GDPR compliance, including:
- Cloud hosting: Railway, Vercel
- Payment processing: Stripe
- User authentication: Clerk
- Email communications: Mailchimp
- Analytics: Google Analytics
- Monitoring and logging: BetterStack
These providers only access data necessary to perform their specific functions. - With third-party integrations (e.g., TradingView, brokers) solely to enable the Service, based on your configurations.
- In response to legal requests, such as subpoenas or to protect rights/property.
- In a business transfer (e.g., merger), with notice to you.
We do not sell your personal data. For CCPA/CPRA purposes, "sale" does not include sharing for Service provision.
4. Data Security
We implement reasonable technical, administrative, and organizational measures to protect your data, including:
- AES-256 encryption for stored authentication credentials
- TLS/SSL encryption for data in transit
- Access controls and authentication requirements
- Regular security audits and monitoring via BetterStack
- Secure cloud infrastructure (Railway, Vercel)
However, no system is 100% secure, and we cannot guarantee absolute security.
In the event of a data breach, we will notify affected users and authorities as required by law (e.g., within 72 hours under GDPR).
5. International Data Transfers
Our servers are primarily in the US. For EU/UK/EEA users, transfers are protected by Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms to ensure adequate protection.
6. Your Rights
Depending on your location, you have rights such as:
- Access: Request a copy of your data.
- Rectification: Correct inaccurate data.
- Erasure ("Right to be Forgotten"): Delete your data in certain cases.
- Restriction: Limit processing.
- Objection: Object to processing based on legitimate interests or for marketing.
- Portability: Receive your data in a structured format.
- Withdraw Consent: Where processing relies on consent.
For GDPR users, you can exercise rights by contacting us at privacy@syncfutures.com. We respond within one month (extendable if complex). You may also complain to your supervisory authority (e.g., ICO in the UK).
CCPA/CPRA users: You have rights to know, delete, correct, and opt-out of sales/sharing. We do not engage in "sales," but you can opt-out of targeted advertising.
To opt-out of cookies, use our cookie banner or browser settings.
7. Cookies and Tracking Technologies
We use cookies for:
- Essential functions: Session management, authentication, and security (cannot be disabled)
- Analytics: Google Analytics to understand usage patterns and improve the Service
- Performance monitoring: BetterStack for system health and error tracking
You can manage non-essential cookie preferences through your browser settings. Disabling certain cookies may impact Service functionality.
8. Data Retention
We retain data as follows:
- User account data, trade history, and configurations: 90 days after account deletion, allowing for potential account recovery
- Billing records and payment history: 7 years for tax and legal compliance purposes
- Anonymized analytics data: Indefinitely for service improvement
After the retention period, data is permanently deleted except where required by law.
9. Children's Privacy
The Service is not intended for individuals under 18. We do not knowingly collect data from children.
10. Contact Us
For questions or to exercise rights, contact us at privacy@syncfutures.com. For urgent privacy concerns, please mark your correspondence as "Privacy Request - Urgent."
By using the Service, you acknowledge that you have read and understood this Privacy Policy.