Privacy Policy

• Account and contact information: such as your name, email address, phone number, and login credentials.
  

• Platform usage data: including technical logs, IP addresses, API activity, and transaction preferences on supported trading platforms.
  

• Customer due diligence (KYC) data: such as your identity verification documents, date of birth, nationality, and address, as required by anti-money laundering (AML) laws.
  

• Transaction and payment data: including payment confirmations, wallet addresses (if applicable), and invoicing records, for both service execution and tax compliance.

• Communication data: such as messages or support interactions between you and our team.

• Token usage data: including the amount of TTM tokens staked and your access level within the platform.

We do not collect or store sensitive personal data (as defined in Article 9 GDPR) unless explicitly required by law or in exceptional compliance scenarios.

3. Why we collect your data (legal basis)

‍We process your personal data based on the following legal grounds:

• Contract performance: To provide you with access to our services and fulfill our obligations.
  

• Legitimate interest: To improve our platform, detect abuse, and ensure security.
  

• Legal obligation: To comply with applicable financial, tax, or anti-money laundering laws.
  

• Consent: For optional services such as newsletters or non-essential cookies (you can withdraw consent anytime).

4. How we use your data

‍Your data may be used to:

• Create and manage your account

• Enable automated trading features

• Provide customer support 

• Improve platform performance, security, and detect abuse 

• Communicate product updates and service announcements 

• Send newsletters and marketing communications if you opt in

• Meet legal and regulatory obligations (e.g., comply with anti-money laundering and tax regulations)

5. Data retention

‍We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Retention periods vary depending on the type of data and the purpose of processing.

• Account and contact information are retained for as long as your account is active and up to 12 months thereafter.

• Customer due diligence (KYC) data is retained for a minimum of 5 years after the end of the business relationship, in accordance with the Dutch Anti-Money Laundering and Anti-Terrorist Financing Act (Wwft).

• Transaction and payment data are retained for a minimum of 5 years after the end of the business relationship, as required under the Wwft (anti-money laundering legislation). If the same data is also subject to Dutch tax and accounting obligations, it will be retained for a minimum of 7 years in accordance with those laws.

• Technical logs unrelated to compliance (e.g., error logging, performance diagnostics) may be retained for up to 18 months for operational and security purposes.

If you request deletion of your account, we will delete or anonymize your personal data within 30 days, unless legal obligations require us to retain certain data longer.

6. Your GDPR rights

You have the following rights under the GDPR:

• Access: Request a copy of your personal data

• Rectification: Correct inaccurate or incomplete data

• Erasure: Ask us to delete your data (“right to be forgotten”)

• Restriction: Limit how we process your data

• Portability: Receive your data in a transferable format

• Objection: Object to certain processing activities

• Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us at info@tradetomato.com. We may ask you to verify your identity.

7. Data security

We apply strict technical and organizational measures to secure your data:

• End-to-end encryption (where applicable)

• Access control and role-based permissions

• Network isolation and monitoring

• Secure development practices and regular audits

Note: Encrypted data cannot be decrypted, even by our internal teams.

8. Third parties & sub-processors

We only share your data with trusted third parties when necessary, such as:

• Cloud hosting providers

• Trading platforms/exchanges

• Customer support and email providers

• Legal and compliance partners

All third parties are bound by data processing agreements in line with GDPR.

9. International transfers

‍If your data is transferred outside the EEA (e.g., to US-based tools), we ensure that:

• The destination country has adequate data protection laws, or

• Standard Contractual Clauses (SCCs) are in place

You can request more information by contacting us.

10. Cookies & tracking

‍We use cookies to improve functionality and measure performance. You’ll be asked for consent before placing any non-essential cookies. For details, please refer to our Cookie Policy.

11. Complaints

‍If you believe your data has been mishandled, you have the right to file a complaint with your local data protection authority. In the Netherlands, this is:
‍Autoriteit persoonsgegevens – www.autoriteitpersoonsgegevens.nl

12. Changes to this policy

‍We may update this Privacy Policy as needed. The latest version will always be published on our website with the effective date. Continued use of our services means you accept the changes.

Less data. More control.

‍At Tradetomato, we believe that not collecting unnecessary personal data is the best way to protect it.