PipSync ("we", "us", "our") operates the pipsync.io platform, a cloud-based trading signal automation service. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website and services.
The identity and contact details of the controller (including registered address and identifiers once available) are published in our Imprint / Impressum. If you read this policy without visiting the Impressum, please use that page to confirm the current legal entity and postal address.
We collect the following categories of data:
A consolidated mapping of purposes to legal bases (including Art. 13(1)(d) legitimate interests where applicable) is in Section 10 below.
All data is transmitted over TLS (HTTPS). Broker credentials are encrypted at rest with app-managed AES-GCM encryption and are not exposed via API responses or logs. PipSync is designed for EU-hosted deployment, strict access controls, and audit logging. Independent SOC 2/vendor evidence, external penetration-test records, and formal legal review are tracked as production-readiness items before any compliance claim is made.
We do not sell your personal data. We share data only with:
Some of our subprocessors are located outside the European Union / European Economic Area or may access personal data from third countries (in particular the United States). Where the European Commission has not issued an adequacy decision, we use appropriate safeguards under Chapter V GDPR — typically the EU Standard Contractual Clauses(Commission Implementing Decision 2021/914) together with the vendor's data processing agreement. Stripe may additionally rely on the EU–US Data Privacy Framework as described in Stripe's documentation for certain transfers.
An up-to-date list of subprocessors, locations, and a short summary of safeguards is published at /legal/subprocessors. Further contractual context is in our legal centre under DPA & subprocessors.
Under GDPR and applicable data protection laws, you have the right to:
To exercise any of these rights, contact us at [email protected].
We use essential cookies for authentication and session management. We use analytics cookies only with your consent. You can manage cookie preferences in your browser settings.
PipSync uses machine-learning (ML) models to generate and execute trading signals on your behalf. This constitutes automated processing that produces decisions with a legal or similarly significant financial effect within the meaning of Art. 22 GDPR.
Models generate a signal and a confidence score. Position sizing applies Kelly-fraction caps and per-cluster drawdown multipliers. Circuit breakers halt trading automatically when daily loss or consecutive-loss thresholds are reached. No model has access to your identity, health, race, religion, or any GDPR special-category data. All training data is market data only.
Automated trading decisions are necessary for the performance of the contract between you and PipSync (Art. 22(2)(a) GDPR in conjunction with Art. 6(1)(b) GDPR). You subscribed to an automated signal-execution service; manual review of every signal by PipSync staff before execution would make the service technically impossible.
You have the right to object to automated processing at any time. You may also request that a human at PipSync review any specific decision (Art. 22(3) GDPR). To exercise this right, contact [email protected].
Practical effect of opt-out: Because automated signal execution is the core function of PipSync, opting out of all automated decision-making means the platform will no longer be able to execute trades on your behalf. Your account data will be retained in accordance with Section 11 below, and you may cancel your subscription at any time without penalty.
The table below specifies the legal basis for each processing purpose as required by Art. 13(1)(c) GDPR, and where applicable the legitimate interests pursued (Art. 13(1)(d) GDPR).
| Processing purpose | Legal basis | Art. 6 GDPR |
|---|---|---|
| Account registration & authentication | Performance of contract | Art. 6(1)(b) |
| Automated trade execution (ML signals) | Performance of contract · Art. 22(2)(a) | Art. 6(1)(b) |
| Broker credential storage & use | Performance of contract | Art. 6(1)(b) |
| Payment & subscription billing (via Stripe) | Performance of contract | Art. 6(1)(b) |
| Service notifications (trade alerts, drawdown warnings) | Performance of contract | Art. 6(1)(b) |
| Platform analytics & performance improvement (anonymised) | Legitimate interests — improving service reliability | Art. 6(1)(f) |
| Security monitoring & fraud prevention | Legitimate interests — protecting users & platform | Art. 6(1)(f) |
| Optional analytics cookies (non-essential) | Consent | Art. 6(1)(a) |
| Retention of trading data post-closure (24 months) | Compliance with legal obligation | Art. 6(1)(c) |
| Disclosure to legal authorities | Compliance with legal obligation | Art. 6(1)(c) |
Where processing is based on legitimate interests (Art. 6(1)(f)), we have conducted a balancing test and concluded that our interests are not overridden by your fundamental rights, given the limited nature of the data processed and the security measures applied.
We retain your account data for the duration of your account. Trading data is retained for up to 24 months after account closure for compliance purposes. You may request earlier deletion by contacting us.
We may update this policy from time to time. Material changes will be communicated via email or an in-app notification. Continued use of PipSync after changes constitutes acceptance.
For privacy-related inquiries, contact us at [email protected]. Controller identity and postal contact: Imprint / Impressum.
Data Protection Officer (DPO): PipSync has not appointed a statutory Data Protection Officer under Art. 37 GDPR. We are not currently carrying out processing that mandatorily requires a DPO at the scale described in Art. 37; data protection questions are handled by the management team at [email protected]. If a DPO is appointed in the future, this section will be updated with their contact details.