Privacy Policy

Last updated: February 2026

1. Who We Are

AlphaVault Arena ("we", "us", "our") is operated by [Your Name], [Your Address], Germany. For contact details, see our Impressum.

2. What Data We Collect

We collect the following personal data:

  • Email address — when you create an account or subscribe
  • TradingView username — to grant you access to invite-only indicators
  • Payment information — processed securely by Stripe (we never see your full card number)
  • Usage data — pages visited, collected via Vercel Analytics (anonymous, no cookies)

3. Why We Collect It (Legal Basis)

  • Contract performance (Art. 6(1)(b) GDPR) — to provide the subscription service you purchased
  • Legitimate interest (Art. 6(1)(f) GDPR) — to improve our website and prevent fraud
  • Legal obligation (Art. 6(1)(c) GDPR) — to comply with tax and accounting requirements

4. Third-Party Services

We use the following third-party processors:

  • Stripe (USA) — payment processing. See Stripe's Privacy Policy. Stripe complies with EU-US Data Privacy Framework.
  • Vercel (USA) — website hosting. See Vercel's Privacy Policy. Vercel complies with EU-US Data Privacy Framework.
  • TradingView (USA) — indicator access management. Your TradingView username is shared with TradingView solely to grant indicator access.

5. Data Retention

  • Account data — retained while your subscription is active, deleted within 30 days of account closure
  • Payment records — retained for 10 years as required by German tax law (AO § 147)
  • Usage data — anonymous, no personal data retained

6. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data ("right to be forgotten")
  • Restriction — limit how we process your data
  • Portability — receive your data in a structured format
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, contact us at [deine@email.de]. We will respond within 30 days.

7. Cookies

We use only essential cookies required for authentication (session cookies via NextAuth). We do not use tracking cookies, advertising cookies, or any non-essential cookies. No cookie consent banner is needed for essential-only cookies under GDPR.

8. Data Security

We use industry-standard security measures including HTTPS encryption, secure payment processing via Stripe, and access-controlled hosting on Vercel. No payment card data is stored on our servers.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the revised policy.