Privacy Policy — Trading News Terminal

01 Data Controller

The data controller responsible for your personal data is Trading News Terminal, operating the services available at tradingnewsterminal.com and app.tradingnewsterminal.com.

For all privacy-related enquiries, please contact us at:

Email: [email protected]
Website: tradingnewsterminal.com

GDPR Compliance

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and Portuguese Law No. 58/2019 on data protection. You have the right to lodge a complaint with the Portuguese data protection authority (CNPD) at any time.

02 Data We Collect

We collect and process the following categories of personal data:

Account & Registration Data

Data	Purpose	Required?
Full name	Account personalisation and identification	Optional
Email address	Account creation, login, and communications	Required
Country of residence	Regional compliance and currency display	Optional
Password (hashed)	Account authentication — stored as a one-way hash, never in plain text	Required

Billing & Payment Data

For Pro plan subscribers, payment processing is handled entirely by Stripe, Inc., our PCI-compliant payment processor. We do not store your credit card number, CVV, or full card details on our servers. We receive and store only:

Subscription status (active, cancelled, past due)
Plan type and billing period
Stripe customer ID (a tokenised reference, not your card data)
Transaction timestamps and amounts for invoicing

During the free trial signup, your credit card information is collected and processed securely by Stripe. Stripe may store tokenised payment information for recurring billing purposes. For more information about how Stripe handles your data, visit stripe.com/privacy.

Usage & Technical Data

IP address and approximate geolocation (country/city level)
Browser type, version, and operating system
Pages visited, features used, and time spent on the platform
Session identifiers and authentication tokens
Error logs and performance metrics
Referral source (how you found our website)

Communications Data

Emails you send us (support requests, feedback)
Records of communications for support and legal purposes

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data.

03 Legal Basis for Processing

Under the GDPR (Article 6), we rely on the following legal bases for processing your personal data:

Legal Basis	When It Applies
Contract performance Art. 6(1)(b)	Processing your account data and subscription information to provide the Service you have requested
Legitimate interests Art. 6(1)(f)	Improving the Service, preventing fraud, ensuring security, analytics, and sending service-related notifications
Legal obligation Art. 6(1)(c)	Compliance with applicable laws, regulatory requirements, and responses to lawful requests from public authorities
Consent Art. 6(1)(a)	Where we send optional marketing communications or use non-essential cookies — you may withdraw consent at any time

04 How We Use Your Data

We use your personal data for the following purposes:

Service provision. Creating and managing your account, providing access to features appropriate to your plan, and authenticating your identity.
Billing and payments. Processing subscriptions, managing renewals, issuing invoices, and handling payment-related communications via Stripe.
Service communications. Sending transactional emails such as account verification, password reset, payment confirmations, and important service updates.
Customer support. Responding to your enquiries, resolving technical issues, and providing assistance.
Service improvement. Analysing how users interact with the platform to identify bugs, improve performance, and develop new features. This analysis uses aggregated and anonymised data wherever possible.
Security and fraud prevention. Monitoring for suspicious activity, unauthorised access, and abuse of the Service.
Legal compliance. Retaining records as required by applicable law, responding to legal processes, and enforcing our Terms of Use.
Marketing (with consent). If you have opted in, we may send you news about product updates and relevant information. You may unsubscribe at any time via the link in any such email.

We do not use your personal data to make automated decisions that produce legal or similarly significant effects without human review.

05 Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to any third party for marketing purposes.

We share data only with the following categories of trusted third-party service providers who process data on our behalf under Data Processing Agreements (DPAs) compliant with GDPR Article 28:

Provider	Purpose	Data Shared
Stripe, Inc. stripe.com/privacy	Payment processing and subscription management	Email, name, billing country, subscription data
Railway (hosting)	Cloud infrastructure and backend hosting	Account data, usage logs stored on platform servers
Vercel	Frontend website hosting and CDN	IP address, browser data (standard web server logs)
Google Fonts / Font providers	Typography rendering	IP address (standard browser request)

Legal Disclosure

We may disclose your personal data to public authorities, regulators, or law enforcement agencies where required to do so by law, court order, or to protect our legal rights or the safety of others. We will inform you of such disclosures where legally permitted to do so.

Business Transfers

If we undergo a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data becomes subject to a different privacy policy.

06 Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy or as required by law:

Data Category	Retention Period
Account data (name, email, country)	Duration of account + 2 years after deletion
Subscription and billing records	7 years (Portuguese tax and commercial law requirement)
Technical and usage logs	12 months rolling
Support communications	3 years from last communication
Marketing consent records	Until withdrawal of consent + 1 year
Hashed passwords	Deleted upon account deletion

When data is no longer required, it is securely deleted or anonymised so that it can no longer be associated with you. You may request deletion of your data at any time — see Section 8 for details.

07 Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure, including:

Encryption in transit. All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
Password hashing. Passwords are never stored in plain text. We use industry-standard one-way hashing algorithms.
Access controls. Internal access to personal data is restricted on a need-to-know basis.
Authentication tokens. Session tokens are time-limited and invalidated upon logout.
Infrastructure security. Our hosting providers maintain SOC 2-compliant infrastructure with physical and logical access controls.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and in accordance with our obligations under GDPR Article 33 and 34. We will also notify the Portuguese data protection authority (CNPD) within 72 hours of becoming aware of a qualifying breach.

While we implement robust security measures, no system is completely immune to security threats. We cannot guarantee absolute security, and you use the Service at your own risk in this regard.

08 Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Right of Access

Request a copy of all personal data we hold about you and information about how it is processed (Art. 15 GDPR).

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you (Art. 16 GDPR).

Right to Erasure

Request deletion of your personal data ("right to be forgotten"), subject to our legal retention obligations (Art. 17 GDPR).

Right to Restriction

Request that we restrict the processing of your data in certain circumstances, such as while a dispute is being resolved (Art. 18 GDPR).

Right to Data Portability

Receive your data in a structured, commonly used, machine-readable format, or have it transferred directly to another controller (Art. 20 GDPR).

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes, which we will cease immediately upon request (Art. 21 GDPR).

How to Exercise Your Rights

To submit a data subject request, email us at [email protected] with the subject line "GDPR Request — [Right Type]". Please include your full name and registered email address so we can verify your identity. We may ask for additional verification before processing requests.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority at any time. In Portugal, this is:

CNPD — Comissão Nacional de Proteção de Dados
Rua de São Bento, 148-3º, 1200-821 Lisboa, Portugal
Website: cnpd.pt
Email: [email protected]

09 Cookies & Tracking Technologies

We use cookies and similar technologies on our website and platform to ensure proper functionality and improve the user experience.

Cookie Type	Purpose	Duration
Strictly Necessary	Authentication, session management, security. Required for the Service to function. Cannot be disabled.	Session / 7 days
Functional	Remembering your preferences such as language, theme settings, and last visited tab.	Up to 1 year
Analytics	Understanding how users interact with the platform to improve performance and features. Data is aggregated and anonymised where possible.	Up to 2 years

Managing Cookies

You can control and delete cookies through your browser settings. Please note that disabling strictly necessary cookies may prevent the Service from functioning correctly. For more information on managing cookies, visit allaboutcookies.org.

We do not use cookies for advertising or cross-site tracking purposes.

10 International Data Transfers

Our primary data processing takes place within the European Economic Area (EEA). However, some of our service providers, including Stripe (headquartered in the United States), may process your data outside the EEA.

Where we transfer personal data to countries outside the EEA that are not subject to an adequacy decision by the European Commission, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses (SCCs) adopted by the European Commission
Data Processing Agreements requiring recipients to protect data to GDPR standards

You may request a copy of the transfer mechanisms in place by contacting us at [email protected].

11 Children's Privacy

The Service is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will take prompt steps to delete such data.

If you believe we may have collected data from a minor, please contact us immediately at [email protected].

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or the Service itself. When we make material changes, we will:

Send an email notification to your registered email address
Display a prominent notice within the Service
Update the "Last Updated" date at the top of this page

We encourage you to review this policy periodically. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the Service and may request deletion of your account.

13 Contact & Data Requests

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy enquiries: [email protected]
General support: [email protected]
Website: tradingnewsterminal.com

We are committed to resolving privacy concerns promptly and will respond to all data subject requests within 30 days in accordance with GDPR requirements. If your request is complex or we receive a high volume of requests, we may extend this period by a further two months and will notify you accordingly.

Supervisory Authority

If you are not satisfied with our response, you have the right to lodge a complaint with the CNPD (Comissão Nacional de Proteção de Dados), Portugal's national data protection authority, at cnpd.pt.