Privacy Policy

Last updated: March 18, 2026

This Privacy Policy describes how Socius Trades collects, uses, stores, and protects your personal data. It applies to all users of the Platform worldwide and complies with the GDPR (EU), UK GDPR, and CCPA (California).

1. Data Controller

The data controller is Socius Trades, a simplified joint-stock company. For all privacy-related matters, contact us at support@sociustrades.com.

2. Data We Collect

Account Data

Email address, display name, hashed password, authentication tokens (including 2FA secrets), subscription tier, language preference, and timezone.

Broker & Trading Data

When you connect a brokerage account (cTrader, OANDA, Alpaca, or others), we access and store: account balances, open positions, trade history, equity curve, and performance statistics. This data is used exclusively to display analytics within the Platform. We never store your broker login credentials (username or password).

Usage Data

Pages visited, features used, session duration, device type, browser type, and IP address. Used for service improvement, security monitoring, and fraud prevention.

Payment Data

Subscription billing is processed exclusively by Stripe, Inc. We do not store credit card numbers, CVV codes, or full card details. Stripe's privacy policy governs payment data processing.

AI Interaction Data

When you use Socius AI features, anonymized and aggregated trading data may be sent to Anthropic's API for generating insights. Raw personal identifiers are never transmitted.

3. Legal Basis for Processing (GDPR)

We process your data on the following legal bases:

  • Contract performance — to provide the Platform and manage your account and subscription (Art. 6(1)(b) GDPR);
  • Legitimate interests — to improve the Platform, ensure security, and prevent fraud (Art. 6(1)(f) GDPR);
  • Legal obligation — to comply with applicable French and EU law, including tax and accounting obligations (Art. 6(1)(c) GDPR);
  • Consent — for optional communications such as product updates and newsletters. You may withdraw consent at any time.

4. How We Use Your Data

  • Provide and operate the Platform and its features;
  • Display trading analytics, statistics, and AI-generated insights;
  • Manage your account, subscription, and billing;
  • Send service-critical notifications (security alerts, billing receipts, policy updates);
  • Detect and prevent fraudulent activity and abuse;
  • Comply with our legal and regulatory obligations.

5. Broker Data & OAuth Integrations

OAuth access tokens are stored encrypted in our database to maintain your broker connection. We access your broker data in read-only mode and exclusively for displaying analytics.

We do not: execute trades on your behalf; sell or share broker data with third parties; access your account outside of the analytics scope.

You may disconnect any broker at any time from the Connect Broker page. Upon disconnection, all associated OAuth tokens are immediately and permanently deleted from our systems.

6. Third-Party Services

To operate the Platform, we work with trusted third-party providers. Each is bound by contractual obligations ensuring your data is processed lawfully and securely, in compliance with GDPR and applicable data protection law.

  • Authentication & data storage — handled by a certified cloud infrastructure provider operating under EU data protection standards.
  • Payment processing — managed by Stripe, a PCI-DSS Level 1 certified payment provider. We never store your card details. Stripe's privacy policy governs payment data.
  • AI-powered insights — generated using anonymized and aggregated trading data. Raw personal identifiers are never transmitted to AI providers.
  • Application hosting — served via a globally distributed, GDPR-compliant hosting platform with infrastructure available in Europe.
  • Market data — real-time and historical pricing data used exclusively for chart display within the Platform.

We share only the minimum data necessary for each service to function. None of our providers are authorised to use your data for their own purposes. A full list of sub-processors is available upon request at support@sociustrades.com.

7. Data Storage & Security

Your data is stored on Supabase infrastructure (AWS eu-west region). We implement the following security measures:

  • TLS 1.3 encryption for all data in transit;
  • AES-256 encryption for data at rest;
  • Row-Level Security (RLS) policies ensuring users access only their own data;
  • Passwords hashed with bcrypt; never stored in plain text;
  • OAuth tokens stored encrypted; never exposed to client-side code;
  • Two-factor authentication (TOTP) available for all accounts.

8. Data Retention

We retain your personal data for as long as your account is active and as necessary to fulfill the purposes described in this policy.

  • Account data: retained for the duration of your account, then deleted within 30 days of account deletion;
  • Broker & trading data: deleted within 30 days of account deletion or broker disconnection;
  • Billing records: retained for 10 years as required by French accounting law;
  • Anonymized analytics: may be retained indefinitely as they cannot be linked to an individual.

9. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Access — obtain a copy of your personal data;
  • Rectification — correct inaccurate or incomplete data;
  • Erasure — request deletion of your data ("right to be forgotten");
  • Portability — receive your data in a machine-readable format;
  • Restriction — request that we limit processing of your data;
  • Objection — object to processing based on legitimate interests;
  • Withdraw consent — at any time, for consent-based processing.

To exercise any of these rights, email support@sociustrades.com. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés, France) at www.cnil.fr.

10. UK Users (UK GDPR)

If you are located in the United Kingdom, your data is processed in accordance with the UK GDPR and the Data Protection Act 2018. You have the same rights as EU users described above. Complaints may be submitted to the Information Commissioner's Office (ICO) at ico.org.uk.

11. California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you;
  • Right to Delete — request deletion of your personal information;
  • Right to Opt-Out — opt out of the sale of your personal information.

Socius Trades does not sell your personal information. To exercise your CCPA rights, email support@sociustrades.com.

12. Cookies

We use essential cookies for authentication and session management. See our full Cookie Policy for details.

Third-party services integrated into the Platform (Stripe, Supabase) may set their own cookies as described in their respective privacy policies.

13. Children's Privacy

The Platform is not directed to persons under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately at support@sociustrades.com.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on the Platform at least 14 days in advance. The "Last updated" date at the top of this page indicates the most recent revision.

15. Contact & DPO

For any privacy-related inquiry, to exercise your rights, or to report a data protection concern:

Socius Trades
Privacy contact: support@sociustrades.com
General contact: support@sociustrades.com

© 2026 Socius Trades. All rights reserved.