VECTORCONTROL
← Back to Vector Control

Privacy Policy

Last updated: [DATE]. Working draft — to be reviewed by a lawyer before public launch.

1. Who we are

Vector Control (“the Service”) is an analytics tool for portfolios and trading strategies. The data controller is [CONTROLLER NAME / LEGAL ENTITY], based in Italy. For any privacy request you can contact us at [CONTACT EMAIL].

2. Data we collect

  • Account data: your email address and name, provided when you register with email/password or sign in with Google.
  • Content you upload: the CSV files of your trades and the portfolios, strategies, variants and settings you create. This content may include your personal trading records.
  • Technical data: a session cookie or token that keeps you signed in, and standard server logs (such as IP address and timestamps) needed to operate and secure the Service.

We do not use analytics, advertising or tracking technologies, and we do not build user profiles.

3. Why we use it (legal basis)

  • To provide the Service (performance of a contract): to authenticate you, store your data and compute the analyses you request.
  • To operate and secure the Service (legitimate interest): logging, abuse prevention and troubleshooting.

We never sell your data and we do not use it for advertising.

4. Cookies

We use only strictly necessary cookies/tokens to keep your session active. We do not use profiling or advertising cookies, so no cookie-consent banner is required.

5. Service providers (processors)

We rely on a small number of infrastructure providers that process data on our behalf:

  • Supabase — authentication and database.
  • Render — backend hosting.
  • Vercel — frontend hosting.
  • Google — only if you choose to sign in with Google.

Some providers may process or store data outside the European Economic Area; where that happens, appropriate safeguards (such as the EU Standard Contractual Clauses) apply. [Verify the regions of your provider plans.]

6. Retention

We keep your data for as long as your account is active. When you delete your account, your identity and data are removed immediately; limited backups or security logs may persist for a short period before being overwritten. You can export or delete your data at any time from the app.

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict, object to the processing of, and port your personal data. You can exercise the main rights directly in the app (Settings → Data: export all data, delete account) or by contacting us at [CONTACT EMAIL]. You also have the right to lodge a complaint with your supervisory authority — in Italy, the Garante per la protezione dei dati personali.

8. Security

We use authentication and access controls to protect your data. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

9. Children

The Service is not directed to, and may not be used by, anyone under 18.

10. Changes

We may update this policy. We will revise the “last updated” date and, for material changes, provide a more prominent notice.

11. Contact

Data controller: [CONTROLLER NAME / LEGAL ENTITY], Italy — [CONTACT EMAIL].

This is a working draft tailored to the Service. Replace the [bracketed] details and have it reviewed by a qualified lawyer before opening to the public / paying users.