Privacy Policy

Effective Date: May 4, 2025

Paradoxo IT Solutions SRL (“Company,” “we,” “us,” or “our”) operates the Tradezily website and software platform (the “Platform” or “Service”). This Privacy Policy explains how we collect, use, share, and protect your personal data when you join our waiting list or use our Platform. We are committed to compliance with the EU General Data Protection Regulation (GDPR) and global data protection standards to safeguard your privacy. By providing your information or using the Platform, you agree to the practices described in this Privacy Policy.

Information We Collect

We only collect personal data that is necessary for the purposes described in this policy. This includes information you provide directly and data collected automatically when you interact with our website or software:

Contact Information: When you join our waiting list or register for our Service, we collect your email address. We may also ask for your city and country code (location) to understand our user base globally.
Signup and Consent Details: We record data related to your sign-up and email confirmation events (e.g. the date and time you signed up (createdAt), whether and when you confirmed your email (confirmedAt), and the status of your consent to receive marketing emails (consentStatus)). We also store a hash of the consent text (consentTextHash) to keep a record of the exact wording you agreed to, and a double opt-in token and its expiration (doiToken, doiTokenExpires) for email verification purposes.
Technical Information: When you use our website, our systems may automatically log certain data including your IP address, the page URL you visited (pageUrl), and your browser user agent string (userAgent). This information helps us secure the Platform and troubleshoot issues (for example, by identifying browser types or potential malicious access).
User Events: We track basic events such as sign-up submission and email verification confirmation to ensure our processes (like the double opt-in) are working properly. No detailed user activity tracking or behavioral profiling is performed.
Payment Information: If you subscribe to our Service (once it’s launched), payment details will be collected and processed securely by our third-party payment processor (Stripe). We do not collect or store your full credit card numbers or financial account details on our servers. When you provide payment information, it is transmitted directly to Stripe for processing, and we receive only limited information back (such as your name, email, billing address, subscription level, and confirmation of payment) necessary to record and maintain your subscription.

We do not collect any sensitive personal data such as government ID numbers, financial account passwords, or personal characteristics (e.g. race, religion, health, biometric data). We also do not knowingly collect any data from children (see Children’s Privacy below).

How We Use Your Information

We use the collected information for the following purposes:

Providing and Improving the Service: Your email and related signup details are used to create and maintain your account or waiting list entry, to communicate with you about our Platform (e.g. to send invitations when we launch, software download links, or important service information), and to ensure the security and proper functioning of our software. Technical information like IP address and user agent are used to prevent abuse (for example, to detect bots or duplicate sign-ups) and to debug technical issues.
Email Communications: We will use your email to send you communications that you have consented to. This includes marketing and product updates about Tradezily if you opted in, such as newsletters, updates on our launch, new features, and promotions. You will only receive marketing emails if you have explicitly checked the opt-in checkbox at sign-up (giving us your consent). We also send transactional or administrative emails related to the Service – for example, email verification messages, password reset emails, subscription receipts, or important notices about changes to our terms or policies. Transactional emails are sent from noreply@tradezily.com , and support communications from support@tradezily.com .
Subscription Management and Payments: If you become a subscriber, we use personal information to manage your subscription access (e.g. verifying your login credentials via AWS Cognito, authorizing your use of the downloadable software, and enforcing subscription limits). Payment-related information (handled by Stripe) is used to process your subscription fees, renewals, or cancellations. Stripe acts as our data processor for payments, meaning they process payment data on our behalf to complete transactions.
Security and Fraud Prevention: We are serious about keeping our Platform secure. We use Google reCAPTCHA v3 on our website to protect against spam and bot abuse. This means when you interact with our site (such as submitting the waiting list form), reCAPTCHA may analyze your interaction and collect hardware and software information (like IP address, mouse movements, and browser data) to determine whether you are a human. The information collected by reCAPTCHA is subject to Google’s Privacy Policy and Terms of Service . We do not use this data for any purpose other than spam/abuse protection. Aside from reCAPTCHA, we do not deploy any other third-party analytics or tracking scripts on our site, so your browsing on our site is not profiled or tracked for advertising purposes.
Compliance with Legal Obligations: We may process and retain personal data as necessary to comply with tax, accounting, and other legal requirements. For instance, financial regulations might require us to retain transaction records (handled via Stripe) for a certain period. If required, we will also use or disclose personal information to respond to lawful requests by public authorities (e.g., to comply with national security or law enforcement requirements), or to exercise or defend legal claims.
Service Announcements and Changes: We might use your contact information to inform you of important service-related announcements, such as updates to this Privacy Policy or our Terms of Use, security updates, or if there is any service interruption. These communications are considered administrative and are sent even if you opt out of marketing, since they are necessary for informing users about critical information regarding the Platform.

We will not use your personal data for new purposes that are incompatible with the original purposes described above without obtaining your consent or providing notice as required by law.

Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, our legal bases for collecting and using your personal information under the GDPR (and UK GDPR) are:

Consent: We rely on your consent for optional activities such as sending marketing emails. When you sign up on our waiting list, you explicitly consent to receive marketing and product updates by ticking the opt-in checkbox. You have the right to withdraw consent at any time (for example, by clicking the “unsubscribe” link in our emails or contacting us), and we will stop processing your data for that purpose.
Performance of a Contract: When you create an account, subscribe to our service, or download our software, we process your personal data as necessary to perform our contract with you. This includes providing the service, customer support, and ensuring access to the software you’ve paid for. For example, using your email and authentication details to log you into the Platform, or processing payment information to fulfill a subscription.
Legitimate Interests: In certain cases, we process data to pursue our legitimate interests in a way that does not override your privacy rights. For instance, it is our legitimate interest to maintain the security of our website and software (hence using reCAPTCHA and IP logs to prevent fraud and abuse), to improve our Platform’s performance and user experience, and to communicate with you about product updates if you have shown interest (within the bounds of your consent preferences). When relying on legitimate interests, we always consider the potential impact on your rights and will not process data in ways that you would not reasonably expect.
Legal Obligation: We may process personal data when we need to comply with a legal obligation to which we are subject. For example, financial transaction records for accounting and tax purposes, or disclosures required by law enforcement or regulatory authorities in accordance with applicable laws.

If you have questions about the legal basis of how we process your information, you can contact us for more details (see Contact Us section below).

Cookies and Tracking Technologies

We do not use any first-party cookies for analytics or advertising on the Tradezily website. The only cookie or similar tracking technology in use is related to Google reCAPTCHA v3, which may set a cookie (_GRECAPTCHA) to perform its bot detection function. This cookie is considered strictly necessary for security and spam prevention, and is used only to distinguish human users from bots. By using our site, you acknowledge the presence of this necessary cookie.

Aside from reCAPTCHA, our site does not set any cookies on your browser – we do not use tracking cookies, advertising pixels, or analytics scripts that profile you over time. We also do not use any third-party advertising networks. If in the future we introduce additional cookies or tracking tools, we will update this Privacy Policy and, if required by law, seek your consent.

You have the ability to control or delete cookies through your browser settings at any time. However, please note that disabling cookies related to security (such as reCAPTCHA) might impede certain functionality – for example, you may be unable to submit forms if the system cannot verify that you are not a bot.

Data Sharing and Disclosure

We treat your personal information with care and confidentiality. We do not sell or rent your personal data to third parties under any circumstances. However, we do share your data with certain trusted third parties who help us provide and improve our Service, under strict obligations of confidentiality, security, and compliance with data protection law. These third parties (“data processors” or “service providers”) process data only as instructed by us and for the purposes outlined below:

Stripe (Payment Processing): If you become a paying subscriber, your payment transactions will be handled through Stripe, a secure payment processor. When you enter your payment details (such as credit card information) on our Platform, that information is transmitted directly to Stripe without passing through our servers. Stripe processes your payment and may store your payment method details for recurring billing. We receive from Stripe transaction information (like the last four digits of your card, card type, expiration, your billing name and address, and payment status) but not your full card number or CVC. Stripe is PCI-DSS compliant and is based in the EU/EEA (for European customers, Stripe Payments Europe, Ltd. in Ireland) or in the US (Stripe, Inc.) depending on your location. Stripe acts as a data processor for us, and in some cases as an independent data controller for your payment information. Please review Stripe’s own Privacy Policy for details on how they protect transaction data.
Amazon Web Services (Hosting & Storage): Our Platform (including databases and servers) is hosted on Amazon Web Services (AWS) infrastructure. This means personal data you provide (such as your email and sign-up info) is stored on AWS servers. We primarily utilize AWS data centers in the European Union (to keep data within the EEA), but some administrative or backup services might involve servers in other regions. AWS is a reputable cloud provider with high security standards and is committed to GDPR compliance. AWS acts as a data processor, processing data only on our instructions. All data stored on AWS is protected with encryption at rest and in transit.
Email Service Providers: We use email to communicate with you. Our transactional emails (like verification and receipts from noreply@tradezily.com ) and support emails ( support@tradezily.com ) may be sent via third-party email delivery services or SMTP servers. For example, we might use an email delivery service or AWS Simple Email Service to ensure emails reach your inbox. These providers would process your email address and the content of the email on our behalf solely for sending communications. We ensure any such provider has appropriate data protection measures. Marketing emails and newsletters, if any, may also be sent via a marketing email platform that stores your email and name for mailing list management. (If we use a platform like Mailchimp, Sendinblue, etc., we will ensure it complies with GDPR and is covered by a data processing agreement).
Google reCAPTCHA: As noted, we integrate Google reCAPTCHA v3 on our site to combat spam and abuse. In doing so, certain information (IP address and user behavior characteristics) may be passed to Google LLC. Google may be considered a separate data controller for that information. We have a legitimate interest in this security measure. Google is certified under the EU-U.S. Data Privacy Framework, which provides a lawful basis for EU-U.S. data transfers, and we have enabled reCAPTCHA in a manner consistent with Google’s policies. We disclose the use of reCAPTCHA here as required. Use of our site is subject to Google’s Privacy Policy and Terms with respect to reCAPTCHA data.
Business Partners and Affiliates: At present, Paradoxo IT Solutions SRL does not share Tradezily user data with any affiliate companies or joint venture partners. If in the future we partner with another company to enhance the Service (for example, integrating a third-party trading tool), we will update this section and ensure any partner is bound by privacy obligations.
Legal and Safety Disclosures: We may disclose personal information if we believe in good faith that such action is necessary to (a) comply with a legal obligation or request (for example, a court order or subpoena, or a lawful request by public authorities to meet law enforcement or national security requirements); (b) protect and defend our rights or property, or prevent fraud; (c) act in urgent circumstances to protect the personal safety of users of the Platform or the public; or (d) enforce our Terms of Use or other agreements or policies, including investigation of potential violations.
Business Transfers: If Paradoxo IT Solutions SRL undergoes a business transaction, such as a merger, acquisition by another company, or sale of all or a portion of its assets, or in the unlikely event of bankruptcy, your personal data may be among the assets transferred. We will ensure the confidentiality of any personal data involved in such transactions and provide notice before your personal information is transferred and becomes subject to a different privacy policy.

In all cases where we share your data with third parties, we disclose only the minimum information necessary for the specific purpose. We also ensure that such third parties are contractually obligated to protect your data to the same standards we uphold, including, where appropriate, by signing Data Processing Agreements and implementing Standard Contractual Clauses for international data transfers (see below).

International Data Transfers

Tradezily is operated from Romania (European Union), and we primarily process and store data in the EU. However, the global nature of our service and our use of third-party providers (Stripe, AWS, Google, etc.) means that your personal information may be transferred to and processed in countries outside of your country of residence, including countries outside the European Economic Area. In particular:

United States: Some of our service providers (e.g., Stripe, Google, AWS for certain services) may process data in the United States or other jurisdictions. The U.S. may not have data protection laws equivalent to those in the EU. To ensure your data is protected, we rely on legal mechanisms for data transfer such as the EU-U.S. Data Privacy Framework certification (for applicable providers) or Standard Contractual Clauses (SCCs) approved by the European Commission, combined with additional safeguards as needed. For example, Google and Stripe have adopted measures to comply with European data transfer requirements.
Other Countries: If your data is transferred to a country that is not subject to an adequacy decision by the EU Commission (meaning the country’s privacy laws are not deemed adequate by the EU), we will ensure that appropriate safeguards are in place. This could include SCCs in contracts with the receiving party, and technical measures like encryption in transit and at rest. Our contracts with data processors also oblige them to comply with GDPR standards regardless of where they operate.

By using our Service or submitting your information, you understand that your personal data may be transferred internationally as described above. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy wherever it is processed.

If you have questions about our international transfer practices or want more details about the safeguards in place, please contact us.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements:

Waiting List Data: If you sign up for our waiting list (providing your email and consent to updates), we will retain your information until we have sent you an invitation to join or information about our launch, and for a reasonable period thereafter. If you choose not to subscribe to the service once invited, we may continue to hold your data for a period in case you change your mind or to send a follow-up, but you can request deletion at any time (or unsubscribe from further updates).
Account and Subscription Data: If you create an account and/or subscribe to Tradezily, we will retain your personal data for as long as your account is active or as needed to provide you with the Service. This includes your profile information, subscription status, and usage needed to maintain your access. If you cancel your subscription or your account becomes inactive, we may retain your data for a defined period (for example, 1 year) in case you reactivate, or as needed for our legitimate business interests (such as maintaining financial records) or legal obligations. We will delete or anonymize data after that period, except where required to retain it longer by law (e.g., financial transaction records may be kept for 5-10 years under some jurisdictions’ accounting laws).
Marketing Consent Records: We retain records of your marketing consent (consentStatus and consentTextHash, along with email and timestamp) as long as we send you marketing communications and for a short period thereafter (to demonstrate compliance with consent requirements). If you withdraw consent or unsubscribe, we will stop sending you marketing emails immediately. We may keep a suppression list of emails that opted out, to ensure we honor no-contact requests going forward.
Technical Logs: IP addresses and technical logs collected by our systems (e.g., server logs, reCAPTCHA assessments) are generally retained for a short period (typically a few weeks up to a few months) for security monitoring, debugging, and analysis. We may retain security-related logs longer if investigating a specific incident or if needed for legal evidence of malicious activity.
Legal Retention: Any data required to be retained by law (for example, financial/payment records, tax-related data, or records of consent) will be retained for the duration of the applicable legal requirement. This may override shorter retention periods for specific categories mentioned above. Once the retention period expires, and if the data is no longer needed, we will securely erase or anonymize it.

When we delete personal data, we ensure it is removed from our active systems. Some residual information may remain in backups or archives for a period, but we maintain those securely and limit access until the backups are rotated or destroyed.

Data Security

We implement robust security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:

Encryption: All data transmission between your browser and our website is protected using HTTPS encryption (TLS). Any sensitive data (such as passwords or payment information handled by Stripe) is transmitted securely. Data stored in our databases (hosted on AWS) is encrypted at rest. We also encrypt data in transit between our servers and any third-party services.
Access Controls: Personal data is accessible only to authorized personnel who need access to perform their job duties (for example, customer support or IT administrators), and only on a need-to-know basis. Administrative access to our systems (including AWS and databases) is protected with strong authentication (such as multi-factor authentication) and strict access control lists.
AWS Cognito Security: Our authentication system (AWS Cognito) provides secure user management, including secure storage of passwords (hashed and salted) for any user accounts. Admin access to the Platform (for our staff) also goes through secure authentication. We never store plain-text passwords, and we require strong passwords for accounts.
Stripe Security: We rely on Stripe for handling payment data; Stripe is certified as a PCI-DSS Level 1 service provider, which is the highest standard of payment security. By offloading payment processing to Stripe, we minimize the handling of sensitive financial data in our own systems.
Monitoring and Testing: We regularly monitor our systems for possible vulnerabilities and attacks. Our use of reCAPTCHA helps block automated abuse. We keep our software and infrastructure up to date with security patches. Regular backups are performed to prevent data loss, and these backups are encrypted.
No Third-Party Ad Trackers: By not using third-party advertising or analytics trackers, we reduce risk exposure of your data to external parties. The fewer external scripts, the lower the risk of data leakage.
Incident Response: In the event of a security breach that affects your personal data, we will notify you and the relevant authorities as required by law (for example, under the GDPR we would notify the supervisory authority and users of certain breaches within the prescribed time frames). We have a plan in place to respond to security incidents swiftly and effectively.

Please understand that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means and best practices to protect your personal information, we cannot guarantee absolute security. You also play a role in security: keep your account credentials confidential and alert us immediately at support@tradezily.com if you suspect any unauthorized use of your account or any security vulnerabilities.

Your Rights and Choices

You have rights regarding your personal data, and we are committed to honoring them. Depending on applicable law (notably, the GDPR for EU users, and similar laws elsewhere), your rights include:

Right to Access: You have the right to request a copy of the personal data we hold about you, as well as information about how we process it. We will provide this information, usually within one month of request, in a commonly used format.
Right to Rectification: If any personal data we have about you is incorrect or incomplete, you have the right to request that we correct or update it. For example, if you change your email address or realize we recorded your name incorrectly, you can contact us to fix it.
Right to Erasure: You have the right to request deletion of your personal data (“right to be forgotten”). This allows you to ask us to erase certain data we hold about you. We will honor such requests to the extent required by law. For example, you may request we delete your profile and email from our waiting list or unsubscribe you from communications. Note that we may need to retain some information for legal reasons (e.g., transaction records) as explained in Data Retention above, but we will inform you if that is the case.
Right to Restrict Processing: You can ask us to restrict or suspend processing of your personal data in certain circumstances – for instance, if you contest the accuracy of the data or have objected to processing (pending our review of whether our legitimate grounds override yours). When processing is restricted, we will still store your data but not use it until the issue is resolved.
Right to Data Portability: For data that you have provided to us and that we process by automated means on the basis of your consent or in performance of a contract, you have the right to request that we provide it to you or directly to another service provider in a structured, commonly used, machine-readable format. This typically would apply to basic account data. If you require such transfer, we will assist with it.
Right to Object: You have the right to object to our processing of your personal data when we process it based on legitimate interests or for direct marketing. For example, you can object at any time to receiving marketing emails – and as a result, we will stop sending you marketing communications. In other cases, you can object to processing (like profiling for security purposes with reCAPTCHA), and we will evaluate your request and see if we have compelling legitimate grounds to continue processing or if we need to stop.
Right Not to be Subject to Automated Decision-Making: We do not engage in automated decision-making, such as profiling, that produces legal or similarly significant effects on you. Tradezily does not make any decisions about you without human involvement that would have a significant impact (for example, there is no automated credit scoring or job hiring decision happening). If this changes in the future, you have the right to not be subject to such decisions without your consent or without an opportunity for human review.
Right to Withdraw Consent: If we are processing your personal data based on your consent (for example, for marketing emails), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing we conducted based on consent before its withdrawal. You can withdraw consent by clicking “unsubscribe” in any marketing email, unchecking the opt-in box on your account settings (if such feature is provided), or contacting us at support@tradezily.com with your request.
Right to Lodge a Complaint: If you believe that we have infringed your data protection rights, you have the right to lodge a complaint with a supervisory data protection authority. As we are based in Romania, our lead authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP). You can contact the ANSPDCP or your local EU Data Protection Authority. We would, however, appreciate the chance to address your concerns directly before you do so – please feel free to contact us regarding any complaint, and we will do our best to resolve it to your satisfaction.

You may exercise these rights at any time by contacting us (see Contact Us below). We will respond to your requests in accordance with applicable data protection laws. Please note that for security, we may need to verify your identity before fulfilling certain requests (such as providing a data export or deleting data) to ensure that we do not disclose or erase information to the wrong person.

Apart from these rights, you also have choices such as not providing certain information (though that might limit your ability to use some features), or opting not to receive cookies by adjusting your browser settings (as discussed in Cookies section).

Children’s Privacy

Our website and Platform are not intended for minors under 18 years of age. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, do not use Tradezily or provide any information on this site. We explicitly prohibit children from signing up or using our Service, and our waiting list form and account registration (when available) are designed for adults only.

If we learn that we have inadvertently collected personal data from a child under 18, we will take prompt steps to delete such information from our records. If you believe we might have any information from or about a minor under 18, please contact us immediately so we can investigate and address the issue.

Parents or guardians: If your child (under 18) has somehow signed up and provided personal data, please contact us. We will remove the data and terminate the child’s account (if any).

Updates to this Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will revise the “Effective Date” at the top of this policy. If the changes are significant, we may also provide a more prominent notice, such as on our website homepage or via email notification to our registered users.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of Tradezily after any changes to this Privacy Policy constitutes your acceptance of the updated terms, to the extent permitted by law.

If we seek to use your personal data for a new purpose not originally collected for, we will notify you and, if required, seek your consent.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Email: support@tradezily.com
Postal Mail: Paradoxo IT Solutions SRL, Intrarea Bolboci Nr. 7, Office 5, Sector 5, Bucharest 052444, Romania

We will be happy to assist you and will respond as promptly as we can. Your privacy is important to us, and we commit to resolving any issues to the best of our ability.