Privacy Policy

1. Introduction

SGA Investments ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SGA AlgoTrader Pro platform (the "Platform"). This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and ISO 27001 information security standards.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

• Account Information: Name, email address, username, password (encrypted)
• Trading Information: Trading preferences, risk parameters, broker credentials (encrypted)
• Financial Data: Trading positions, transaction history, account balances
• Communication Data: Support tickets, email correspondence, chat messages

2.2 Technical Information

• IP address and geolocation data
• Browser type, version, and language
• Device information (type, operating system)
• Login timestamps and session duration
• Platform usage analytics and performance metrics
• Cookie data and tracking identifiers

2.3 Trading Activity Data

• Trading signals generated and received
• Automated trading execution logs
• Market data requests and chart configurations
• Backtesting parameters and results

3. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Provide, maintain, and improve the Platform's trading features
• Authentication: Verify your identity and secure your account access
• Trading Execution: Execute automated trading strategies on your behalf
• Communication: Send service notifications, alerts, and support responses
• Analytics: Analyze platform usage to improve performance and user experience
• Security: Monitor for fraud, unauthorized access, and security vulnerabilities
• Compliance: Meet legal and regulatory requirements
• Marketing: Send promotional communications (with your consent)

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contractual Necessity: To fulfill our service agreement with you
• Legitimate Interests: Platform security, fraud prevention, service improvement
• Legal Obligation: Compliance with financial regulations and tax laws
• Consent: Marketing communications and optional data collection

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

5.1 Service Providers

• Cloud hosting providers (secure data centers)
• Payment processors (encrypted transactions)
• Analytics services (anonymized data)
• Email service providers

5.2 Broker Partners

Trading credentials and order data are securely transmitted to your designated brokers (e.g., Bybit, MT5, Hyperliquid) to execute trades on your behalf.

5.3 Legal Authorities

We may disclose information when required by law, court order, or to protect our legal rights, prevent fraud, or ensure platform security.

6. Data Security

We implement industry-standard security measures including:

• Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
• Access Controls: Role-based permissions and multi-factor authentication (MFA)
• Monitoring: 24/7 security monitoring and intrusion detection
• Regular Audits: ISO 27001 compliance audits and penetration testing
• Data Minimization: We only collect data necessary for platform operation
• Secure Infrastructure: Isolated environments and firewalls

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit processing of your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Revoke consent for data processing

7.2 CCPA Rights (California Users)

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we don't sell data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise your rights, contact us at [email protected]. We will respond within 30 days.

8. Data Retention

We retain your data as follows:

• Active Accounts: Data retained while your account is active
• Closed Accounts: Account data retained for 7 years for legal/tax compliance
• Trading Logs: Retained for 5 years per regulatory requirements
• Marketing Data: Deleted upon opt-out or account closure
• Technical Logs: Retained for 90 days unless required for security investigations

9. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. See our Cookie Policy for detailed information on cookie usage, management, and opt-out options.

10. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. We ensure adequate data protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all third-party providers
• Regular compliance reviews of international transfers

11. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, contact us immediately for deletion.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email and platform notification 30 days before taking effect. Continued use of the Platform after changes constitutes acceptance of the updated policy.

13. Contact Information

14. Compliance Certifications