Privacy Policy

Introduction

TradeLocus AI, LLC (“TradeLocus AI,” “we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information in connection with our trading platform and services (“Service”).

Where we rely on your consent for a specific processing activity (such as marketing emails or certain cookies), we will request that consent separately. For other processing activities, we rely on the lawful bases described in Section 2.1. If you do not agree with our practices, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

When you register and use the Service, you may provide:

• Account Information: Name, email address, password, phone number
• Payment Information: Payment card information is collected and processed by our third-party payment processor. We may receive limited billing details and transaction metadata such as card brand, last four digits, billing ZIP code, payment status, subscription tier, and invoices.
• Trading Information: Strategy descriptions, prompts, risk preferences, watchlists, paper-trading configurations
• Brokerage Connection Data: When you connect a brokerage account via SnapTrade, we receive from SnapTrade an access token and metadata about the connection (broker name, account number or masked identifier, account type, balances, positions, and order history) but we do not receive or store your brokerage username, password, or direct API keys. Authentication is handled by SnapTrade; see SnapTrade's privacy policy for details.
• AI Prompts: Strategy descriptions, natural-language instructions, and support questions you submit to our AI features may be transmitted to third-party AI model providers (Anthropic (Claude) and OpenAI (GPT)) solely to generate a response for you. We contract with these providers to restrict use of your inputs for training generalized models. See Section 3 for our sub-processor list.
• Profile Data: Trading experience, financial goals, notification preferences
• Communications: Support requests, feedback, survey responses

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, interaction patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Trading Activity: Strategy performance, trades executed, positions held, PnL history
• Log Data: Access times, error logs, system events
• Cookies: Session tokens, preferences, analytics data

Some of this information (including financial account information and precise geolocation, if collected) may qualify as “sensitive personal information” under the California Privacy Rights Act. You have the right to limit our use of sensitive personal information; see Section 6.7.

1.3 Information from Third Parties

We may receive information from:

• SnapTrade: Account balances, positions, order history, and connection metadata (with your authorization)
• AI Providers: Prompts, strategy descriptions, support messages, and related metadata may be processed by third-party model providers such as Anthropic (Claude) and OpenAI (GPT) to generate responses, subject to contractual restrictions
• Market Data Providers: Real-time quotes, historical prices, corporate actions
• Analytics Services: Usage statistics, performance metrics
• Authentication Providers: OAuth login data (Google, etc.)

2. How We Use Your Information

We use your information to:

• Provide the Service: Strategy development, backtesting, trade transmission via SnapTrade, performance monitoring
• Process Transactions: Handle subscriptions, payments, and refunds
• Communicate: Send account notifications, strategy alerts, product updates, marketing (opt-out available)
• Improve the Service: Analyze usage patterns, optimize features, develop new tools
• Ensure Security: Detect fraud, prevent abuse, protect against threats
• Comply with Legal Obligations: Respond to legal requests, enforce Terms of Service
• Research and Analytics: Aggregate performance data, market trends (anonymized)

2.1 Lawful Bases for Processing (EU/UK Users)

Where GDPR or UK GDPR applies, we process personal data on the following lawful bases:

• (a) Performance of Contract (Art. 6(1)(b)): To provide the Service, process payments, and operate your account
• (b) Legitimate Interests (Art. 6(1)(f)): To secure the Service, prevent fraud, analyze aggregate usage, and communicate with you about the Service, balanced against your rights
• (c) Consent (Art. 6(1)(a)): For marketing emails, non-essential cookies, and processing of sensitive data where consent is legally required
• (d) Legal Obligation (Art. 6(1)(c)): To meet our tax, AML, and regulatory obligations

3. How We Share Your Information

We do not “sell” or “share” your personal information as those terms are defined under the California Consumer Privacy Act and California Privacy Rights Act. We have not sold or shared personal information in the preceding twelve (12) months and we do not do so now. If this ever changes, we will update this Privacy Policy and provide you the right to opt out. We may share your information in the following circumstances:

3.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

• Brokerage Connectivity: SnapTrade, Inc. (facilitates secure broker connections; we share account identifiers and order instructions)
• AI Model Providers: Anthropic, PBC (Claude) and OpenAI, Inc. (GPT) (we send your prompts and receive responses; providers are contractually restricted from training on your inputs)
• Cloud Infrastructure: Cloud infrastructure providers (AWS, Railway, Vercel)
• Payment Processing: Stripe (they have a separate privacy policy)
• Analytics: Google Analytics, Mixpanel (anonymized data)
• Email: SendGrid, Mailgun (for transactional emails)
• Authentication Providers: Google (OAuth)

3.2 Brokerage Connectivity via SnapTrade

We use SnapTrade as our broker-connectivity provider. When you authorize a brokerage connection, SnapTrade authenticates directly with your broker and issues us a connection token. We do not receive, store, or have access to your broker username, password, or direct API keys. Through SnapTrade, we receive account balances, positions, order history, and the ability to transmit orders you authorize. You can revoke SnapTrade's access at any time from your account settings or via SnapTrade's own controls. SnapTrade's handling of your data is governed by SnapTrade's own privacy policy.

3.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with legal process (subpoena, court order)
• Enforce our Terms of Service
• Protect the rights, property, or safety of us, our users, or the public
• Respond to government or regulatory requests

3.4 Business Transfers

If we are acquired, merged, or sell assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service.

3.5 Aggregate Data

We may share anonymized, aggregated data (e.g., “30% of strategies use VWAP”) with partners, researchers, or the public. This data cannot identify you personally.

4. Data Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information appropriate to the nature of the data and the risks involved, including encryption in transit, access controls, logging, monitoring, and vendor-management measures.

However, no method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your password.

Breach Notification: In the event of a data breach affecting your personal information, we will notify you and applicable regulators without undue delay and in any event within the time required by applicable law (generally 72 hours for GDPR notification to regulators). Notice will include the nature of the breach, categories of data affected, likely consequences, and steps we are taking.

5. Data Retention

We retain personal information for as long as reasonably necessary to provide the Service, comply with law, resolve disputes, enforce agreements, and maintain appropriate business records. Retention periods vary depending on the type of information:

• Account Data: Retained while your account is active, plus 90 days after deletion
• Trading History: Retained for up to seven (7) years to support user dispute resolution, tax reporting, and our own business records; you may request earlier deletion subject to our legitimate interests and any applicable legal hold
• Payment Records: Retained for 7 years (tax and compliance)
• Logs and Analytics: Retained for 1 year (security and debugging)

After retention periods expire, we securely delete or anonymize your data. We collect only the personal information reasonably necessary for the purposes described above and retain it only as long as necessary. Where we can provide the Service using anonymized, aggregated, or pseudonymized data, we do so.

6. Your Rights and Choices

6.1 Access and Correction

You can view and update your account information through the Settings page. Contact us if you need assistance accessing or correcting your data.

6.2 Data Portability

You can export your trading data, strategy parameters, and performance history in CSV or JSON format through your dashboard.

6.3 Account Deletion

You can delete your account at any time through Settings. After you request deletion, we will delete or de-identify personal information associated with your account except where retention is required or permitted by law, necessary to complete transactions you requested, detect security incidents, prevent fraud, exercise or defend legal claims, or comply with our legal obligations. Truly de-identified or aggregated information that cannot reasonably be linked back to you may be retained for analytics, research, security, and product improvement.

6.4 Marketing Opt-Out

You can unsubscribe from marketing emails via the link in each email or through your notification preferences. You cannot opt out of transactional emails (account alerts, security notifications).

6.5 Cookies and Similar Technologies

We use strictly necessary cookies (required for the Service to function) and, subject to your consent where required, analytics and functionality cookies. EU/UK users will be presented with a cookie banner allowing granular consent; you may change your choices at any time via the Cookie Preferences link in the footer. Disabling certain cookies may affect Service functionality.

6.6 Do Not Track and Global Privacy Control

We do not currently respond to browser Do Not Track signals; however, we do honor the Global Privacy Control (GPC) signal as an opt-out of sale/share under CPRA for California residents.

6.7 Automated Decision-Making

We use automated systems and AI tools to interpret prompts, suggest strategy logic, and detect fraud or abuse. We do not use automated decision-making (including profiling) that produces legal or similarly significant effects on you within the meaning of GDPR Article 22. Our AI features provide suggestions and analyses that you review and act upon at your discretion; strategy execution occurs only based on configurations you approve.

6.8 Requests, Verification, and Appeals

We may need to verify your identity before processing a privacy request, including by matching information you provide against information already maintained by us. We will respond within the timeframe required by applicable law. If we deny your request in whole or in part, you may appeal that decision by replying to our response or by contacting privacy@tradelocus.ai with the subject line “Privacy Appeal.”

7. International Users and Data Transfers

The Service is operated in the United States. If you are located outside the U.S., your information will be transferred to and processed in the U.S., which may have different data protection laws.

International Transfers: When we transfer personal data from the European Economic Area, UK, or Switzerland to the United States or other countries, we rely on: (a) the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) with appropriate supplementary measures, (b) the UK International Data Transfer Addendum, (c) the Swiss Addendum to the SCCs, and/or (d) any applicable adequacy framework. You may request a copy of the applicable transfer mechanism by emailing privacy@tradelocus.ai.

EU/UK Representative: If you have GDPR or UK GDPR inquiries, please contact us at dpo@tradelocus.ai. If we are required to appoint a formal Article 27 representative, the relevant contact details will be posted here.

8. Children's Privacy

The Service is not directed to or intended for children under 18, and we do not knowingly collect personal information from anyone under 13 in compliance with the Children's Online Privacy Protection Act (COPPA). If you believe we have inadvertently collected such information, contact us at privacy@tradelocus.ai and we will delete it promptly.

9. Third-Party Links and Services

The Service may contain links to third-party websites or integrate with third-party services (e.g., SnapTrade, brokers, analytics). We are not responsible for their privacy practices. Please review their privacy policies before providing information.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email or through the Service at least 30 days in advance. Continued use after changes take effect constitutes acceptance.

Last Updated: April 19, 2026

11. Contact Us

For privacy-related questions, requests, or concerns, contact us at:

Business Customers and DPAs: If you use the Service on behalf of an organization or as a business, we will enter into a Data Processing Agreement with you upon request. Contact privacy@tradelocus.ai.