GDPR Protection & Compliance

TradePillow processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This page outlines how we meet our obligations and support your rights.

Our role

TradePillow acts as a data controller for personal data tied to account management and communications. When you import trade data that belongs to other individuals, you are responsible for ensuring appropriate legal grounds and notices.

Lawful bases for processing

Contractual necessity

We process account information, trades, and analytics to deliver the core service you request.

Legitimate interests

We use anonymized usage data to improve reliability and prevent abuse. We balance this with your privacy rights.

Consent

Optional features such as marketing emails or cookie-based analytics are only enabled when you provide consent.

Data subject rights

EU and UK users can exercise the following rights at any time by emailing privacy@tradepillow.com.

• Access a copy of your personal data.
• Request correction of inaccurate information.
• Request deletion (“right to be forgotten”).
• Restrict or object to certain processing.
• Request data portability in machine-readable formats.
• Withdraw consent for optional processing at any time.
• Lodge a complaint with your local supervisory authority.

Data minimization & retention

We collect only the data required to deliver analytics and support. Trading data is retained for active customers and deleted within 30 days after account closure unless legal obligations require otherwise. Backups are purged on a rolling 35-day schedule.

International transfers

When data is transferred outside the EEA or UK, we rely on Standard Contractual Clauses or equivalent safeguards. Subprocessors undergo security and privacy evaluations before onboarding.

Security measures

We enforce encryption in transit and at rest, role-based access controls, audit logging, and regular vulnerability assessments. Critical infrastructure is monitored 24/7 with automated alerting.

Breach response

In the unlikely event of a personal data breach, we follow this process:

• Identify and contain the incident with engineering, security, and compliance stakeholders.
• Assess scope and impact, documenting affected data and users.
• Notify supervisory authorities and impacted customers within 72 hours when required.
• Deliver remediation steps, follow-up investigations, and process improvements.

Data Protection Officer

Data Protection Lead — privacy@tradepillow.com

You may also lodge complaints with your local authority or the Irish Data Protection Commission, our lead supervisory authority for EU matters.

Lawful bases for processing

Contractual necessity

We process account information, trades, and analytics to deliver the core service you request.

Legitimate interests

We use anonymized usage data to improve reliability and prevent abuse. We balance this with your privacy rights.

Consent

Optional features such as marketing emails or cookie-based analytics are only enabled when you provide consent.

Data subject rights

EU and UK users can exercise the following rights at any time by emailing privacy@tradepillow.com.

• Access a copy of your personal data.

• Request correction of inaccurate information.

• Request deletion (“right to be forgotten”).

• Restrict or object to certain processing.

• Request data portability in machine-readable formats.

• Withdraw consent for optional processing at any time.

• Lodge a complaint with your local supervisory authority.

Breach response

In the unlikely event of a personal data breach, we follow this process:

• Identify and contain the incident with engineering, security, and compliance stakeholders.
• Assess scope and impact, documenting affected data and users.
• Notify supervisory authorities and impacted customers within 72 hours when required.
• Deliver remediation steps, follow-up investigations, and process improvements.