Last updated: 2026-04-01
Gradient Systems is committed to protecting the privacy of its users in accordance with the General Data Protection Regulation (GDPR — Regulation EU 2016/679).
The data controller is Gradient Systems. For any questions regarding your personal data, contact us at: privacy@gradientsystems.io
We collect: (a) Registration data: email address, password (hashed by Firebase), role (individual/professional); (b) Usage data: strategies created, backtest results, community votes and comments, training progress; (c) Technical data: IP address (server logs), browser type. We do not collect banking data, civil identity or health data.
Data is used to: (a) provide and improve the service; (b) manage authentication and account security; (c) generate personalized PDF reports; (d) enable community features (sharing, votes, comments); (e) for professionals: establish MiFID II client profiles.
Processing is based on: (a) contract performance (Art. 6(1)(b) GDPR) for service provision; (b) legitimate interest (Art. 6(1)(f) GDPR) for security and service improvement; (c) consent (Art. 6(1)(a) GDPR) for optional communications.
Data is stored on Google Cloud Firestore (EU data centers). Authentication is managed by Firebase Authentication (Google). Communications are encrypted via TLS 1.2/1.3. Session cookies are HttpOnly, Secure, and SameSite=Strict. Processors under GDPR Art. 28: (a) Google Cloud / Firebase (Firestore + Authentication) — data stored in EU, transfers under Standard Contractual Clauses (SCCs); (b) Stripe Payments Europe Ltd (Ireland) — payment processing and billing; transfers to the United States under EU-US Data Privacy Framework; (c) Twilio SendGrid (transactional and alert emails) — US servers, EU-US Data Privacy Framework; (d) Hetzner Online GmbH (application server hosting) — German/Finnish data centers, European Union; (e) Groq Inc. (optional AI chatbot) — United States, transfers under SCCs and data minimization.
Under the GDPR, you have the following rights: (a) Right of access (Art. 15); (b) Right to rectification (Art. 16); (c) Right to erasure (Art. 17); (d) Right to data portability (Art. 20); (e) Right to object (Art. 21). To exercise these rights, contact: privacy@gradientsystems.io. We will respond within 30 days.
Account data is retained as long as the account is active. Upon account deletion, data is erased within 30 days. Server logs are retained for 90 days.
The Platform uses only technical session cookies (necessary for operation). No tracking, advertising or analytics cookies are used. Therefore, no cookie consent is required under the ePrivacy Directive.
You may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés): www.cnil.fr — or your local Data Protection Authority.