Data Protection Notice

Controller

PreTradeIt is the data controller for personal data collected through the service.

Data processing

We process account data, usage data, and legal acceptance records to provide the service, maintain security, and improve reliability. This includes authentication, alerts, and system logging.

Processing locations

We use Supabase in an EU region for authentication. Primary database storage and application servers run on DigitalOcean in a UK region.

Legal basis

We process data based on contract performance, legitimate interests (security and reliability), and your consent where applicable.

Your rights

• Request access to your personal data.
• Request correction or deletion.
• Request restriction of processing.
• Object to processing in certain circumstances.
• Request a copy of your data (data portability).
• Withdraw consent where consent is the basis.
• Complain to the ICO (UK) or your local EEA authority.

Requests and timelines

We may verify your identity before responding. We aim to respond within one month and may extend by up to two additional months for complex requests, in line with applicable law.

International transfers

We may transfer data to the UK and US for service delivery (Postmark email delivery and Stripe payments). For transfers outside the EEA or UK, we rely on Standard Contractual Clauses and the UK Addendum or IDTA, along with transfer risk assessments and additional measures where needed.

Retention

We retain personal data only as long as needed for the purposes described in this notice, for legal compliance, and to maintain audit trails. Billing records are retained as required by law.

Security

We use industry-standard safeguards to protect data in transit and at rest. No method is 100% secure, but we continuously improve our controls.

Contact

For data protection requests, contact admin@pretradeit.com.