1) Data controller
Pipvaro. Contact our privacy team at privacy@pipvaro.com. If appointed, our Data Protection Officer (DPO) can be reached at the same email.
2) What we collect
Information you provide
- Account details (name, email, password hash), organization/team info.
- Billing data (country, tax/VAT where applicable) processed by Stripe.
- Bot/receiver configuration (allowed symbols, risk limits, SL/TP modes, etc.).
- Support messages and content you upload.
Automatically collected
- Usage & device data: IP, timestamps, pages/actions, app logs, crash diagnostics, cookies/local storage IDs.
- Hosted plans (Lunar/Nova): VPS metadata (instance ID, uptime, resource usage).
- We do not store your broker password on our servers. On Fusion (self-hosted) it stays on your device/VPS. On Lunar/Nova, it is stored on your dedicated VPS under your control.
From third parties
Payment status from Stripe; authentication/hosting/analytics info from providers such as Vercel, MongoDB Atlas, Cloudflare, SendGrid/email provider, and VPS providers we use to provision hosting.
3) Why we process your data (legal bases)
- Provide the Service & support (Art. 6(1)(b) GDPR – contract).
- Billing, fraud prevention, compliance (Art. 6(1)(c) and 6(1)(f)).
- Service improvement & analytics (Art. 6(1)(f) – balanced against your rights).
- Marketing with your consent (Art. 6(1)(a)) – unsubscribe anytime.
- Security (detecting abuse, securing infrastructure) (Art. 6(1)(f)).
6) International transfers
For transfers outside the EEA/UK, we rely on adequacy decisions or Standard Contractual Clauses (SCCs) with additional safeguards where needed.
7) Retention
- Account & billing records: up to 10 years (tax law).
- App & security logs: 30–365 days.
- Support tickets: 24 months.
Afterwards we delete or anonymize the data.
8) Your rights (GDPR/UK GDPR)
You can request access, rectification, erasure, restriction, portability, and object to processing based on legitimate interests. Where processing relies on consent, you can withdraw consent at any time.
To exercise rights, email privacy@pipvaro.com. You can also lodge a complaint with your local Data Protection Authority.
9) CCPA/CPRA (California)
We do not “sell” or “share” personal information as defined by the CPRA. California residents may request access, deletion and correction by contacting us. Authorized agents may act on your behalf with verifiable proof. We will not discriminate for exercising rights.
10) Security
We use encryption in transit, access controls, and segregated environments. On Fusion, credentials stay on your machine/VPS. On hosted plans, your VPS is dedicated to your account—keep access restricted. No system is perfectly secure; report issues to support@pipvaro.com.
11) Children
The Service is not intended for individuals under 18.
12) Automated decision-making
We do not use your personal data to make decisions that produce legal or similarly significant effects. Trading bots execute strategies you configure and are not based on your personal characteristics.
13) Third-party links
Our site may link to third-party sites/platforms. Their privacy practices are separate and governed by their policies.
14) Changes to this Policy
We may update this Policy from time to time. If changes are material, we will notify you (e.g., in-app or email). Continued use after the effective date constitutes acceptance.
15) Governing law & disputes
This Policy and any dispute arising out of it are governed by the laws of Austria. Courts in Linz shall have exclusive jurisdiction, without prejudice to any mandatory consumer rights under local law.
16) Contact
Pipvaro — Privacyprivacy@pipvaro.com