Privacy Policy

Last updated: 22 February 2025

Data controller

The data controller responsible for your personal data is [Your Full Legal Name], trading as News Trader, a sole trader registered in Ireland.

  • Address: [Your Address, County, Eircode], Ireland
  • Email: [your-email@domain.com]

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website at newstrader.io and related services (the “Service”), in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Irish Data Protection Act 2018.

Information we collect

  • Account information: email address, name, and basic profile details you provide when you create an account.
  • Subscription and billing information: handled by our payment processor, Stripe (Stripe, Inc.). We receive transaction identifiers, subscription status, and billing dates. We do not store full payment card details.
  • Usage and device information: pages viewed, feature usage, browser type, operating system, IP address, and device identifiers — collected only with your consent for analytics cookies, or where we have a legitimate interest in maintaining site security and functionality.
  • Support communications: messages you send to us through support channels, including email correspondence.

Legal basis for processing

We process your personal data under the following legal bases as defined in Article 6(1) of the GDPR:

  • Performance of a contract (Art. 6(1)(b)): to provide, operate, and maintain the Service, process payments, manage your subscription, and provide customer support.
  • Consent (Art. 6(1)(a)): for non-essential analytics cookies and any marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Legitimate interests (Art. 6(1)(f)): to maintain the security and integrity of the Service, prevent fraud, debug technical issues, and improve our Service. Our legitimate interest is balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): where we are required to process data to comply with applicable law, including tax and accounting obligations.

How we use information

  • Provide, operate, and maintain the Service (including authentication and customer support).
  • Process payments, manage subscriptions, and prevent fraudulent transactions.
  • Improve, personalise, and develop new features (including debugging and product analytics, where consented to).
  • Protect the security and integrity of the Service and enforce our Terms.
  • Communicate with you about product updates, security notices, and administrative messages.
  • Comply with legal obligations, including tax and accounting requirements.

Automated decision-making

The Service uses automated algorithms and artificial intelligence models to generate market commentary, scores, and alerts. These automated outputs are provided for informational and educational purposes only and do not constitute decisions with legal or similarly significant effects on you within the meaning of Article 22 of the GDPR. No automated decision-making is used for account management, billing, or access control purposes.

How we share information

We may share your personal data with:

  • Service providers (data processors): third parties that help us run the Service, including hosting providers (Vercel, Inc.), analytics (only if consented to), authentication providers (Supabase, Inc.), and payment processing (Stripe, Inc.). These providers process data only on our instructions and are bound by data processing agreements.
  • Professional advisors: legal, accounting, and tax advisors as needed for our business operations.
  • Law enforcement and authorities: if required by law, regulation, legal process, or governmental request, or to protect rights, safety, and security.
  • Business transfers: in connection with a merger, acquisition, or sale of all or a portion of our business assets. In such cases, we will notify you and ensure your data remains protected.

We do not sell your personal data to third parties.

Cookies and analytics

We use cookies and similar technologies to operate the Service. Essential cookies are required for basic functionality and do not require consent under SI 336/2011 (European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011). Non-essential analytics cookies are only placed with your explicit consent. You can manage your cookie preferences at any time via our Cookie Preferences page.

International data transfers

Some of our service providers (including Vercel, Stripe, and Supabase) may process your data outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

  • European Commission adequacy decisions (where applicable).
  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules where applicable.

You may request a copy of the relevant safeguards by contacting us.

Data retention

We retain personal data for the following periods:

  • Account data: for the duration of your account, plus 30 days after deletion request to allow for data removal.
  • Billing records: for 6 years after the transaction date, as required by Irish tax law (Taxes Consolidation Act 1997).
  • Support communications: for 2 years after resolution, or longer if required for legal purposes.
  • Analytics data: for up to 26 months from collection (where consent is given), then automatically deleted or anonymised.
  • Server logs: for up to 90 days for security and debugging purposes.

Security

We use reasonable administrative, technical, and physical safeguards designed to protect your personal data, including encryption in transit (TLS/SSL) and at rest. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Your rights under GDPR

Under the GDPR and the Irish Data Protection Act 2018, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): request a copy of the personal data we hold about you.
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete personal data.
  • Right to erasure (Art. 17): request deletion of your personal data (“right to be forgotten”), subject to legal retention obligations.
  • Right to restriction (Art. 18): request that we restrict processing of your personal data in certain circumstances.
  • Right to data portability (Art. 20): request your personal data in a structured, commonly used, machine-readable format.
  • Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)): withdraw consent at any time for processing based on consent, without affecting the lawfulness of prior processing.
  • Right not to be subject to automated decision-making (Art. 22): as noted above, we do not make decisions with legal or similarly significant effects based solely on automated processing.

To exercise any of these rights, contact us at [your-email@domain.com]. We will respond within one month (extendable by two further months for complex requests, in accordance with Article 12(3) GDPR).

Right to lodge a complaint

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with the Data Protection Commission (An Coimisiún um Chosaint Sonraí), Ireland’s supervisory authority under the GDPR:

  • Website: www.dataprotection.ie
  • Address: 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
  • Phone: +353 (0)1 765 0100 / 1800 437 737

Children’s privacy

The Service is not directed to children under 16 (the digital age of consent in Ireland under the Data Protection Act 2018, Section 31). We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice on the Service at least 30 days before the changes take effect. The “last updated” date at the top of this page will be revised accordingly.

Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at: [your-email@domain.com] or write to [Your Full Legal Name], [Your Address, County, Eircode], Ireland.