Privacy Policy

How we protect and handle your information

Last Updated: May 4, 2026

Data Security

Enterprise-grade security with SOC 2 Type II and ISO 27001 certification

Transparency

Clear disclosure of data collection and usage practices

Your Rights

Full control over your personal data with GDPR compliance

Introduction

Tradesocio ("we," "our," or "us") is a B2B software development company that provides trading platform solutions to financial institutions. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website and interact with our Services.

Important: Tradesocio operates on a B2B2C model

We provide software solutions to financial institutions (our clients), who in turn offer these platforms to their end customers. We do not directly onboard, manage, or process end customer data. Our clients are solely responsible for their customers' data under their own privacy policies.

This policy complies with applicable data protection laws, including Singapore's Personal Data Protection Act (PDPA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

Information We Collect

Business Contact Information

When you represent a financial institution or business interested in our services, we collect:

  • Professional Details: Name, job title, company name, business email, business phone number
  • Company Information: Organization details, industry, company size, regulatory status
  • Communication Records: Inquiry details, demo requests, support tickets, meeting notes

Website Usage Information

We automatically collect certain information when you visit our website:

  • Technical Data: IP address, browser type, device information, operating system
  • Usage Analytics: Pages viewed, time spent, navigation patterns, referral sources
  • Cookie Data: Session identifiers, preferences, analytics cookies (see our Cookie Notice)

Client Account Information

For our institutional clients who license our software:

  • Account credentials and access permissions
  • License configuration and deployment preferences
  • Technical integration details and API keys
  • Usage metrics and platform analytics
  • Support and maintenance records

What We Do NOT Collect

We do not collect, store, or process any personal information of our clients' end customers (retail traders, investors, etc.). All end-customer data is managed exclusively by our institutional clients within their own infrastructure and under their privacy policies.

How We Use Your Information

Business Development: Responding to inquiries, scheduling demos, providing product information, managing sales pipeline
Client Services: Providing technical support, managing licenses, implementing software updates, monitoring system performance
Product Development: Analyzing usage patterns, gathering feedback, improving features, developing new solutions
Marketing Communications: Sending product updates, industry insights, event invitations, newsletters (with consent)
Legal Compliance: Meeting regulatory requirements, enforcing terms, resolving disputes, protecting rights

Legal Basis for Processing (GDPR)

Contractual Necessity

Processing required to fulfill our software licensing and service agreements

Legitimate Interests

Improving products, security, fraud prevention, business operations

Consent

Marketing communications, cookies, optional features (can be withdrawn)

Legal Obligation

Compliance with applicable laws and regulations

Information Sharing

We do not sell your personal information. We may share information with:

Service Providers

Cloud hosting (AWS, Google Cloud), AI services (Google Gemini), analytics (Firebase Analytics, Google Analytics), error monitoring (Sentry), CRM (Salesforce), email services (SendGrid), support platforms (Intercom)

Business Partners

Technology partners, integration providers, and co-marketing partners (with consent)

Legal Requirements

Government authorities, regulatory bodies, legal counsel when required by law

Business Transfers

Acquiring entities in case of merger, acquisition, or asset sale (with notice)

AI Services — Google Gemini

We use Google Gemini, a generative AI service provided by Google LLC, to power certain AI-assisted features within our platform (including but not limited to financial analysis summaries, content generation, and intelligent search capabilities).

Data Shared with Google Gemini

  • User-submitted queries and prompts entered into AI-assisted features
  • Contextual platform data required to generate a relevant response (e.g. instrument names, market categories)
  • No personally identifiable information (PII) or financial account credentials are sent to Google Gemini
  • No end-customer trading data or transaction records are transmitted

Purpose of Processing

Data is shared with Google Gemini solely to generate AI-powered responses, summaries, and insights requested by users of our platform. It is not used for advertising, model training on our users' data, or any purpose beyond the immediate service request.

Data Protection

Google Gemini processes data under Google's Cloud Data Processing Addendum, which provides contractual protections equivalent to GDPR Standard Contractual Clauses. Google does not use data submitted via the Gemini API to train its general-purpose models without separate agreement. For full details, see Google's Data Processing Addendum.

Legal Basis

Processing via Google Gemini is carried out on the basis of legitimate interests (Art. 6(1)(f) GDPR) — specifically, to deliver AI-enhanced functionality that our clients and their users have requested. Where applicable, we rely on contractual necessity for clients who have agreed to AI-powered features as part of their service agreement.

Mobile App Data Collection & App Tracking Transparency

Our mobile applications (iOS and Android) may collect certain device and usage data to support analytics, performance monitoring, and crash reporting. The following third-party SDKs are initialised within our mobile applications and may collect data on launch:

ServiceProviderData CollectedPurpose
Firebase AnalyticsGoogle LLCDevice identifiers, app usage events, screen views, session durationProduct analytics & feature improvement
Google Analytics (ga-gtag)Google LLCPage/screen visits, referral source, device & OS type, IP address (anonymised)Website & app traffic analytics
SentryFunctional Software, Inc.Crash reports, error stack traces, device model & OS versionError monitoring & stability improvement

App Tracking Transparency (iOS)

In accordance with Apple's App Tracking Transparency (ATT) framework (introduced in iOS 14.5), our iOS application requests your permission before accessing your device's advertising identifier (IDFA) or linking your activity across apps and websites owned by other companies for advertising purposes. You will be presented with an ATT prompt on first launch. You may change your preference at any time in Settings > Privacy > Tracking.

If You Decline Tracking (iOS)

Declining the ATT prompt does not affect your ability to use the application. Analytics data collected without the IDFA will be limited to non-identifying, aggregated usage metrics. Crash reporting via Sentry will continue as it does not rely on the advertising identifier.

No data is sold or shared for advertising targeting

Data collected by the above SDKs is used exclusively for internal product analytics, performance monitoring, and stability purposes. We do not sell this data or use it to serve targeted advertising to end users.

Data Security

We implement enterprise-grade security measures to protect your information:

Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
Access Controls: Role-based permissions, multi-factor authentication
Infrastructure: Secure cloud hosting, firewalls, intrusion detection
Compliance: SOC 2 Type II, ISO 27001 certified

Data Retention

  • Prospect Data: 2 years from last interaction
  • Client Data: Duration of relationship + 7 years for legal compliance
  • Marketing Data: Until consent is withdrawn
  • Website Analytics: 26 months (Google Analytics standard)

Your Privacy Rights

PDPA Rights (Singapore)

  • ✓ Right to access your data
  • ✓ Right to correction
  • ✓ Right to withdraw consent
  • ✓ Right to data portability

GDPR Rights (EEA)

  • ✓ Right to access your data
  • ✓ Right to rectification
  • ✓ Right to erasure
  • ✓ Right to restrict processing
  • ✓ Right to data portability
  • ✓ Right to object

CCPA Rights (California)

  • ✓ Right to know data collected
  • ✓ Right to delete information
  • ✓ Right to opt-out (no sales)
  • ✓ Right to non-discrimination

To exercise your rights:

Email privacy@tradesocio.com or contact our Data Protection Officer at dpo@tradesocio.com. We'll respond within 30 days.

International Data Transfers

We operate globally and may transfer data across borders. We ensure appropriate safeguards through:

  • • Standard Contractual Clauses (EU Commission approved)
  • • Adequacy decisions
  • • Binding Corporate Rules
  • • Explicit consent where required

Children's Privacy

Our services are B2B solutions for institutional clients and not directed to individuals under 18. We do not knowingly collect information from children.

Policy Updates

We may update this policy periodically. Material changes will be communicated via email and website notice. Continued use after changes constitutes acceptance.

Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of the Republic of Singapore. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the Singapore courts.

For residents of the European Union, GDPR rights and remedies remain available. For California residents, CCPA rights and enforcement mechanisms apply as provided under California law.

Contact Us

Tradesocio Pte. Ltd.

Registered in Singapore

Privacy Inquiries

privacy@tradesocio.com

Data Protection Officer

dpo@tradesocio.com

Chat with us on WhatsApp