Legal

Privacy Policy

GDPR / UK GDPR transparency, legal bases, transfers, retention, and your rights.

Legal hub Privacy Policy Cookie Policy Privacy rights Terms Risk Disclosure

Effective date: 16 May 2026 - Version 2.0 (GDPR) - Controller: MarvelousPro Trading

EU/UK users: This Policy is designed to meet GDPR (Regulation (EU) 2016/679) and UK GDPR transparency requirements. See also our Cookie Policy and Privacy rights summary.

1. Who we are (data controller)

Controller: MarvelousPro Trading ("Marvelous Pro", "we", "us")
Email: [email protected]

2. Scope & application

This Policy applies to personal data processed when you visit our website, purchase subscriptions, use dashboards/EAs/alerts, communicate with us, or interact with our processors. It applies worldwide; where local law grants you stronger rights, those rights apply.

We do not knowingly offer Products to children under 18.

3. Categories of personal data

Category	Examples
Identity & contact	Name, email, billing name, country, phone (if provided)
Account & subscription	Plan, market (Gold/BTC), license status, expiry date, WooCommerce customer ID
Payment	Last four digits, card brand, billing address — full card data is handled by our secure payment processor only
Technical	IP address, user-agent, device type, cookies, referral URL, timestamps
Communications	Support tickets, website form submissions
Marketing preferences	Opt-in/opt-out, campaign attribution (if consented)

We do not require broker login credentials or live trading account numbers to sell software.

4. Sources of data

Directly from you; automatically from your device; from our payment and customer management providers when you checkout or submit forms; from fraud-prevention tools.

5. Purposes, legal bases & retention (GDPR Art. 6 & 13)

Where the GDPR applies, we rely on the legal bases below.

Purpose	Legal basis	Retention (typical)
Provide Products & Signal Bridge access	Contract (Art. 6(1)(b))	Subscription term + 6 years (records)
Process payments & renewals	Contract; legal obligation (tax)	7–10 years (accounting)
Service emails (delivery, expiry, security)	Contract; legitimate interests	Subscription term + 2 years
Customer and subscription management	Contract; legitimate interests	Active customer + 3 years
Analytics (if consented)	Consent (Art. 6(1)(a))	Per cookie policy (max 24 mo)
Marketing email (if opted in)	Consent	Until unsubscribe + suppression list
Security, abuse prevention	Legitimate interests (Art. 6(1)(f))	12–24 months (logs)
Legal claims & compliance	Legal obligation; legitimate interests	As required by law

Legitimate interests include operating and improving our business, securing systems, and preventing fraud — balanced against your rights. You may object (see Section 10).

6. Recipients & processors (sub-processors)

We disclose data to categories of recipients under written contracts (Art. 28 GDPR where applicable):

Payment processor — secure payment processing and receipts;
Customer management provider — forms, support, and subscription communications;
Website hosting provider — website and file delivery;
Email delivery — transactional messages;
Analytics (e.g. Google) — only if you consent to analytics cookies;
Professional advisers — lawyers, accountants, insurers — confidentiality duties;
Authorities — when required by law or court order.

We do not sell personal data for money. We do not share data for third-party independent marketing without consent.

A current sub-processor list is available on request at [email protected].

7. International transfers

Personal data may be transferred to countries outside the European Economic Area (EEA) and UK, including the United States and Singapore, where privacy laws may differ.

Where GDPR requires safeguards, we use one or more of:

European Commission adequacy decisions (where applicable);
Standard Contractual Clauses (SCCs) 2021/914 with supplementary measures as needed;
UK International Data Transfer Agreement or Addendum (for UK GDPR);
Binding corporate rules or other mechanisms approved by regulators.

Copies of relevant safeguards may be requested at [email protected]. Our service providers publish their own data protection commitments.

8. Security (Art. 32)

We implement appropriate technical and organizational measures, including access controls, encryption in transit (HTTPS), least-privilege access, and vendor due diligence. No system is 100% secure; report concerns to [email protected].

9. Automated decision-making & profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects about you (GDPR Art. 22). Trading software may automate orders on your broker account under your control — that is not our automated decision-making about you as a data subject.

10. Your rights (GDPR Chapter III)

If GDPR/UK GDPR applies, you have the following rights (subject to conditions and exceptions):

Right of access (Art. 15) — confirm whether we process your data and receive a copy;
Right to rectification (Art. 16) — correct inaccurate data;
Right to erasure ("right to be forgotten", Art. 17) — delete data in certain cases;
Right to restriction (Art. 18) — limit processing in certain cases;
Right to data portability (Art. 20) — receive data you provided in structured, machine-readable format where processing is by automated means based on contract/consent;
Right to object (Art. 21) — object to processing based on legitimate interests or direct marketing (absolute right to stop direct marketing);
Right to withdraw consent (Art. 7(3)) — at any time for consent-based processing; does not affect prior lawful processing;
Rights related to automated decision-making (Art. 22) — not applicable as stated above.

How to exercise rights: Email [email protected] with subject "GDPR Request". We respond within one month (extendable by two months for complex requests; we will explain delays). We may request reasonable identity verification.

No fee unless requests are manifestly unfounded or excessive.

Full summary: Privacy rights page.

11. Right to lodge a complaint

You may lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of alleged infringement.

Examples (use the authority for your country):

EU list: European Data Protection Board — member authorities;
UK: Information Commissioner's Office (ICO) — ico.org.uk;
Singapore (if applicable): PDPC — pdpc.gov.sg.

We encourage you to contact us first so we can address your concern.

12. Cookies & similar technologies

See our dedicated Cookie Policy for categories, durations, and consent management (ePrivacy / GDPR).

13. California & other US state privacy rights

California residents (CCPA/CPRA): right to know, delete, correct, and opt out of "sale"/"sharing" (we do not sell). Non-discrimination for exercising rights. Authorized agents permitted with verification. Contact [email protected].

14. Marketing communications

Transactional emails (receipts, license delivery, expiry) do not require marketing consent. Promotional emails require opt-in where required by law. Unsubscribe link in every marketing email; you may also email [email protected].

15. Data breach notification

If we become aware of a personal data breach likely to result in risk to your rights, we will notify supervisory authorities and affected individuals as required by GDPR Arts. 33–34.

16. Changes to this Policy

We may update this Policy. Material changes will be posted with a new effective date; where required, we will seek renewed consent (e.g. for cookies or marketing).

17. Contact

MarvelousPro Trading
Privacy: [email protected]