Privacy Policy

1. Introduction

This Privacy Policy describes how VENUS LABS S.R.L. (VAT IT04090370364), with registered office at Via Pasubio 3, Bomporto, MO 41030, Italy (hereinafter "ShowMyTrades", "we", "us", or "our"), collects, uses, stores, and protects your personal data when you use our trading analytics platform and related services (the "Service").

We are committed to protecting your privacy and complying with:

• The General Data Protection Regulation (GDPR) - EU Regulation 2016/679
• Italian Legislative Decree No. 196/2003 (Privacy Code) as amended
• All applicable data protection laws and regulations

Data Controller: VENUS LABS S.R.L., Via Pasubio 3, Bomporto, MO 41030, Italy

Contact: support@showmytrades.com

2. Personal Data We Collect

2.1 Information You Provide Directly

When you create an account and use ShowMyTrades, we collect:

• Account Information: Email address, password (encrypted), username, profile picture (optional)
• Trading Account Credentials: MetaTrader 4, MetaTrader 5, or NinjaTrader API keys, account numbers, broker information
• Profile Information: Bio, social media links, trading style, experience level (all optional)
• Communication Data: Messages, comments, support requests, feedback
• Payment Information: If you subscribe to paid plans (when available), billing address, payment method details (processed by third-party payment processors - we do not store credit card numbers)

2.2 Trading Data Automatically Collected

When you connect your trading accounts, we automatically collect and process:

• Trade History: Open/closed positions, entry/exit prices, lot sizes, profit/loss, trade duration
• Account Metrics: Balance, equity, margin, free margin, account leverage
• Performance Statistics: Win rate, profit factor, Sharpe ratio, maximum drawdown, recovery factor, and 20+ calculated metrics
• Time-Series Data: Balance history, equity curves, monthly returns

2.3 Technical and Usage Data

We automatically collect information about how you access and use the Service:

• Device Information: Device type, operating system, browser type and version, screen resolution
• Connection Data: IP address, internet service provider, approximate location (country/city level)
• Usage Analytics: Pages visited, features used, time spent on platform, click patterns, navigation paths
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies (see Section 9 - Cookie Policy)
• Log Data: Server logs, error reports, API requests, timestamps

2.4 Data from Third Parties

We may receive data from:

• Trading Platforms: MetaTrader servers, NinjaTrader APIs, broker data feeds
• Analytics Providers: Google Analytics, usage statistics, performance metrics
• Social Media: If you choose to link social accounts, public profile information
• Affiliate Partners: Referral information, campaign performance data

3. Legal Basis for Processing (GDPR Compliance)

Under GDPR Article 6, we process your personal data based on the following legal grounds:

3.1 Contractual Necessity (Art. 6(1)(b) GDPR)

Processing is necessary to provide the Service you requested:

• Creating and managing your account
• Syncing and analyzing your trading data
• Generating performance statistics and charts
• Displaying your public profile
• Processing payments (when applicable)

3.2 Legitimate Interest (Art. 6(1)(f) GDPR)

We have a legitimate interest in:

• Improving and optimizing the Service
• Detecting and preventing fraud, abuse, or security threats
• Analyzing usage patterns to enhance user experience
• Sending important service updates and security notifications
• Conducting research and development

We balance our interests against your rights and freedoms. You can object to processing based on legitimate interest (see Section 7 - Your Rights).

3.3 Consent (Art. 6(1)(a) GDPR)

We ask for your explicit consent for:

• Marketing communications and newsletters
• Non-essential cookies (analytics, advertising)
• Sharing data with third-party partners beyond what's necessary for the Service

You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

3.4 Legal Obligation (Art. 6(1)(c) GDPR)

Processing may be required to comply with:

• Tax and accounting regulations
• Anti-money laundering (AML) laws
• Court orders, legal proceedings, or regulatory requests

4. How We Use Your Personal Data

We use your data for the following purposes:

4.1 Core Service Delivery

• Authenticating and managing your account
• Syncing trading data from MetaTrader and NinjaTrader accounts in real-time
• Calculating advanced trading statistics and performance metrics
• Generating charts, graphs, and visual analytics
• Creating and displaying your public or private profile page
• Enabling community features (comments, messages, following)

4.2 Service Improvement and Analytics

• Analyzing usage patterns to improve features and user experience
• Conducting A/B tests and product experiments
• Identifying and fixing bugs, errors, and performance issues
• Developing new features and services

4.3 Security and Fraud Prevention

• Detecting suspicious activity, fraud, or policy violations
• Preventing unauthorized access and data breaches
• Verifying account authenticity and preventing fake accounts
• Enforcing our Terms of Service

4.4 Communication

• Sending transactional emails (account verification, password resets, security alerts)
• Responding to your support requests and inquiries
• Notifying you of important updates, policy changes, or service announcements
• Sending marketing communications (only with your consent)

4.5 Legal and Compliance

• Complying with legal obligations and regulatory requirements
• Responding to lawful requests from authorities
• Protecting our rights, property, and safety
• Enforcing legal agreements and resolving disputes

4.6 Research and Aggregated Analytics

• Creating anonymized, aggregated statistics about trading performance trends
• Publishing industry insights and research (no personally identifiable information)
• Benchmarking performance across different trading strategies

5. Data Sharing and Third Parties

5.1 Service Providers and Processors

We share data with trusted third-party service providers who help us operate the Service:

• Supabase (Database and Authentication): Stores user accounts, trading data, and manages authentication
  • Self-hosted infrastructure in the European Union (Germany, France, Italy)
  • GDPR-compliant data processing
• Cloud Hosting Providers: Server infrastructure, content delivery networks (CDN)
  • Data stored exclusively in EU data centers
• Analytics Services: Google Analytics, usage analytics tools
  • IP anonymization enabled
  • Data sharing limited to aggregated statistics
• Payment Processors: Stripe, PayPal (when paid plans are available)
  • PCI-DSS compliant
  • We do not store credit card information
• Email Service Providers: Transactional and marketing emails

All service providers are contractually bound to:

• Process data only as instructed by ShowMyTrades
• Implement appropriate security measures
• Comply with GDPR and applicable data protection laws
• Not use your data for their own purposes

5.2 Business Partners and Affiliates

We may share limited data with:

• Broker Partners: If you connect a trading account through a referral or affiliate link
• Marketing Partners: Aggregated, anonymized performance data for joint marketing efforts
• API Partners: Third-party applications you authorize to access your ShowMyTrades data

We will notify you and obtain consent before sharing data with partners beyond what's necessary for the Service.

5.3 Public Profiles

When your profile is public, the following data is visible to everyone:

• Username, profile picture, bio
• Trading statistics and performance metrics
• Equity curves, balance charts, monthly returns
• Number of trades, win rate, profit factor
• Comments and community interactions

You can change your profile to private at any time in your account settings.

5.4 Legal Disclosures

We may disclose your personal data if required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of ShowMyTrades, our users, or the public
• Detect, prevent, or address fraud, security issues, or technical problems
• Respond to claims of intellectual property infringement

5.5 Business Transfers

If ShowMyTrades is involved in a merger, acquisition, asset sale, or bankruptcy:

• Your personal data may be transferred to the acquiring entity
• We will notify you via email and/or a prominent notice on our website
• The new entity will be bound by this Privacy Policy (or you will be notified of changes)

6. Data Storage, Security, and Retention

6.1 Data Location

All personal and trading data is stored exclusively in the European Union:

• Primary data centers: Germany, France, Italy
• Backup servers: Within the EU
• No data transfer outside the EU/EEA

This ensures full compliance with GDPR data transfer restrictions.

6.2 Security Measures

We implement industry-standard security practices to protect your data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC), least privilege principle
• Row-Level Security (RLS): Database-level access controls ensure users can only access their own data
• Authentication: Secure password hashing (bcrypt), multi-factor authentication (coming soon)
• API Security: Rate limiting, API key rotation, secure token storage
• Monitoring: Intrusion detection, security audits, vulnerability scanning
• Backups: Regular automated backups with encryption

However, no security system is 100% impenetrable. While we strive to protect your data, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6.3 Data Retention

We retain your personal data for as long as necessary to provide the Service and comply with legal obligations:

• Active Accounts: Data retained for the duration of your account lifetime
• Deleted Accounts: Most data deleted within 30 days
  • Some data may be retained for up to 90 days in backups
  • Aggregated, anonymized data may be retained indefinitely for analytics
• Financial Records: Billing and transaction data retained for 10 years (Italian tax law requirement)
• Legal Holds: Data may be retained longer if required for legal proceedings or regulatory investigations
• Support Communications: Support tickets and correspondence retained for 2 years

6.4 Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

• We will notify the relevant supervisory authority within 72 hours (GDPR requirement)
• We will notify affected users via email without undue delay
• We will provide details about the nature of the breach, data affected, and remedial actions

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

7.1 Right to Access (Art. 15 GDPR)

You can request:

• Confirmation of whether we process your personal data
• A copy of all personal data we hold about you
• Information about how we use, store, and share your data

How to exercise: Email support@showmytrades.com with subject "Data Access Request"

7.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete personal data.

How to exercise: Update your profile settings or contact support@showmytrades.com

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR)

You can request deletion of your personal data in certain circumstances:

• Data is no longer necessary for the purpose it was collected
• You withdraw consent (where consent was the legal basis)
• You object to processing based on legitimate interest
• Data was unlawfully processed

How to exercise: Delete your account in settings or email support@showmytrades.com

Limitations: We may retain data when required by law or for legal claims.

7.4 Right to Restriction of Processing (Art. 18 GDPR)

You can request that we limit how we use your data in certain cases:

• You contest the accuracy of data (during verification period)
• Processing is unlawful, but you don't want erasure
• We no longer need the data, but you need it for legal claims
• You object to processing (pending verification of our legitimate grounds)

7.5 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format (JSON, CSV) to transfer to another service.

How to exercise: Email support@showmytrades.com with subject "Data Portability Request"

Response time: We will provide your data within 30 days.

7.6 Right to Object (Art. 21 GDPR)

You can object to:

• Processing based on legitimate interest
• Direct marketing communications
• Profiling or automated decision-making

How to exercise: Email support@showmytrades.com or use unsubscribe links in marketing emails

7.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw consent at any time:

• Marketing emails: Click "unsubscribe" in any email
• Cookies: Adjust settings in cookie banner or browser
• Data sharing: Contact support@showmytrades.com

7.8 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you can file a complaint with:

• Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
  • Website: www.garanteprivacy.it
  • Email: garante@gpdp.it
  • Phone: +39 06 696771
• Your local EU/EEA data protection authority

7.9 Response Time

We will respond to all valid GDPR requests within 30 days (may be extended to 60 days for complex requests). We will keep you informed of any delays.

8. International Data Transfers

We do NOT transfer personal data outside the European Union or European Economic Area (EU/EEA).

All data is stored and processed exclusively within EU data centers (Germany, France, Italy).

Exception: If you access ShowMyTrades from outside the EU:

• Your data will still be stored in the EU
• Data transmission between your device and our servers is encrypted
• By using the Service from outside the EU, you consent to this data transfer

If we ever need to transfer data outside the EU in the future, we will:

• Notify you in advance
• Use Standard Contractual Clauses (SCCs) approved by the European Commission
• Ensure adequate safeguards are in place (GDPR Art. 46)
• Obtain your explicit consent where required

9. Cookie Policy

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us provide, improve, and secure the Service.

9.2 Types of Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the Service to function and cannot be disabled:

• Authentication: Keep you logged in
• Security: Prevent fraud and protect your account
• Session Management: Maintain your preferences during your session

Analytics Cookies (With Your Consent)

These cookies help us understand how users interact with ShowMyTrades:

• Google Analytics: Page views, user flows, feature usage
• Performance Monitoring: Load times, errors, API response times
• A/B Testing: Feature experiments and user experience optimization

Preference Cookies

These cookies remember your choices:

• Dark mode / light mode preference
• Language settings
• Chart display preferences

9.3 Third-Party Cookies

We use cookies from:

• Google Analytics: Usage analytics and traffic analysis
• Supabase: Authentication and session management

These third parties have their own privacy policies. We do not control their cookies.

9.4 Managing Cookies

You can control cookies through:

• Cookie Banner: Accept or reject non-essential cookies when you first visit
• Browser Settings: Block or delete cookies in your browser preferences
• Opt-Out Tools: Use Google Analytics opt-out browser add-on

Note: Disabling essential cookies may prevent you from using certain features of the Service.

9.5 Do Not Track (DNT)

We respect browser Do Not Track signals. When DNT is enabled, we:

• Disable non-essential tracking cookies
• Limit data collection to essential functions only

10. Children's Privacy

ShowMyTrades is NOT intended for children under 18 years of age.

• We do not knowingly collect personal data from children under 18
• If you are under 18, do not create an account or provide any personal data
• If we discover that we have collected data from a child under 18, we will delete it immediately

Parents/Guardians: If you believe your child has provided personal data to ShowMyTrades, contact us at support@showmytrades.com and we will delete it.

11. Automated Decision-Making and Profiling

We do NOT use automated decision-making or profiling that produces legal effects or significantly affects you.

However, we use limited automated processing for:

• Fraud Detection: Algorithms flag suspicious accounts or activity for manual review
• Spam Prevention: Automated filters detect spam comments or messages
• Content Recommendations: Suggest traders to follow based on your activity

You always have the right to:

• Request human intervention
• Express your point of view
• Contest any automated decision

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Legal, regulatory, or operational requirements

When we make changes:

• We will update the "Last Updated" date at the top
• We will notify you via email for material changes
• We may display a prominent notice on the Service
• Continued use after changes constitutes acceptance

If changes significantly reduce your rights: We will obtain your explicit consent before applying the new policy.

We recommend reviewing this Privacy Policy periodically.

13. Contact Information and Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

13.1 GDPR Requests

To exercise your GDPR rights (access, erasure, portability, etc.), email us at:

support@showmytrades.com

Subject line: [GDPR Request] - [Type of Request]

Example: [GDPR Request] - Data Access Request

We will respond within 30 days.

13.2 Complaints

If you are not satisfied with our response, you can file a complaint with:

• Garante per la Protezione dei Dati Personali (Italian Data Protection Authority)
  • Website: www.garanteprivacy.it
  • Email: garante@gpdp.it

14. Additional Information for EU Residents

14.1 Legal Representative

VENUS LABS S.R.L. is established in Italy (EU member state) and is subject to Italian and EU data protection laws.

14.2 Data Protection Impact Assessment (DPIA)

We have conducted a Data Protection Impact Assessment for high-risk processing activities to ensure:

• Proportionality of data collection
• Necessity of processing operations
• Adequacy of security measures
• Compliance with GDPR principles

14.3 Data Processing Records

We maintain internal records of all processing activities as required by GDPR Article 30.

15. Quick Summary