Privacy Policy
This Privacy Policy explains what VortexTick Technology Inc. collects, why we collect it, and the choices you have. It applies to vortextick.com and the VortexTick terminal. We built this platform for traders who take operational security seriously, and this policy is written to the same standard: specific, short, and free of surprises.
1. What We Collect
- Account data. Email address, mobile number (for SMS verification), Argon2id-hashed master password, and authenticator (TOTP) enrollment secret. We never store plaintext passwords.
- Billing data. Subscription tier, status, and a payment-processor customer reference. Card numbers are collected and stored by Stripe, our PCI-DSS-compliant processor — they never touch our servers.
- Trading and journal data. Orders you route through the Platform, bracket parameters, resulting profit/loss records, and journal entries, retained so your performance calendar and analytics function.
- Broker credentials. If you connect a brokerage account, API credentials are held in memory only as transient byte arrays that are overwritten with zeros immediately after each transmission, and at rest only in encrypted form. We cannot withdraw funds from your brokerage account; execution credentials do not permit money movement.
- Security and audit data. Authentication events, IP addresses, and administrative actions, written to an append-only, checksum-chained audit ledger that cannot be retroactively edited.
- Technical data. Standard server logs (IP, user agent, timestamps) and a theme preference stored locally in your browser. The marketing site sets no advertising cookies and runs no third-party ad trackers.
2. What We Do With It
We use your data to operate the Platform (authentication, order routing, risk enforcement, journaling), to bill subscriptions, to secure the service (fraud, abuse, and intrusion detection), to comply with law, and to communicate service notices. We do not sell or rent personal information, and we do not share your trading records with prop firms, brokers, or any third party except as directed by you or required by law.
3. Legal Bases
Where the GDPR or similar law applies, we process data to perform our contract with you (Art. 6(1)(b)), to satisfy legal obligations (6(1)(c)), and for legitimate interests in securing and improving the service (6(1)(f)), balanced against your rights.
4. Service Providers
We share data only with processors necessary to run the service: our hosting provider (Ratel PaaS), our payment processor (Stripe), an SMS delivery provider (for verification codes), and market-data/broker connectivity partners (which receive order instructions, not your identity documents). Each is bound by contract to process data only on our instructions.
5. Retention
Account and journal data are retained while your account is active. After account deletion, personal data is removed or irreversibly anonymized within 30 days, except: audit-ledger entries and billing records retained as required for security forensics, tax, and accounting (up to 7 years), and data we must preserve for legal holds. Trade records may be retained in anonymized form for aggregate service analytics.
6. Security
Security measures include Argon2id password hashing, mandatory multi-factor authentication (SMS plus TOTP), TLS on all connections, zero-residual in-memory handling of broker secrets, time-ordered UUIDv7 identifiers, least-privilege infrastructure isolation, and an immutable audit ledger. No system is impenetrable; we will notify affected users and regulators of any qualifying breach as required by law.
7. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, export, restrict, or delete your personal data, and to object to certain processing. Exercise them by emailing privacy@vortextick.com from your registered address; we respond within 30 days. You may also lodge a complaint with your local supervisory authority. We do not discriminate against users who exercise privacy rights.
8. International Transfers
Our infrastructure is operated in data centers that may be located outside your country. Where required, transfers are protected by standard contractual clauses or equivalent safeguards.
9. Children
The Platform is not directed to persons under 18, and we do not knowingly collect data from them. If you believe a minor has created an account, contact privacy@vortextick.com and we will delete it.
10. Changes and Contact
We will post any revision here with a new effective date and, for material changes, notify you by email or in-terminal notice before it takes effect. Questions: privacy@vortextick.com · VortexTick Technology Inc.