Privacy Policy

Last updated: November 10, 2025 (Version 2.1)

NovaTrend (“we”, “us”, “our”, “Provider”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal information when you interact with our website (https://novatrend.io) and our automated trading software services (“Services”).

By using our website and Services, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Data Controller Information

Data Controller:
NovaTrend

Contact:
Email: support@novatrend.io
Website: https://novatrend.io

2. Information We Collect

We collect different types of information depending on how you interact with our Services:

2.1 Information You Provide Directly

Contact and Inquiry Information:

Name
Email address
Message content when you contact us via email or forms
Any other information you choose to provide

Client Account Information:

Full name
Email address
Country of residence (for regulatory compliance)
Payment information (cryptocurrency wallet addresses)
API keys for cryptocurrency exchanges (encrypted and stored securely)

Onboarding Information:

Information collected during our personalized onboarding process
Trading experience and risk acknowledgments
Verification of minimum investment threshold (€10,000 or equivalent)

2.2 Automatically Collected Information

Website Usage Data:

IP address
Browser type and version
Device information
Operating system
Time and date of access
Pages visited and time spent on pages
Referring website addresses

Analytics Data:

We use Google Analytics to analyze website traffic and improve user experience
Google Analytics collects anonymized data about your device, location, browsing behavior, and interactions with our site
You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on

2.3 Technical and Service Data

API Key Data:

Encrypted API keys for Bybit and Bitmex exchanges
API key permissions and configurations
API key usage logs (for security and service delivery)

Trading Activity Logs:

Records of trades executed by the Software (for service delivery and support)
System performance data
Error logs and technical diagnostics

We process your personal data under the following legal bases:

a) Contract Performance (GDPR Article 6(1)(b)):

Processing necessary to provide the Software services under your License Agreement
Managing your account and API keys
Executing trades via the Software
Providing customer support

b) Legal Obligation (GDPR Article 6(1)(c)):

Compliance with tax laws
Compliance with anti-money laundering (AML) regulations
Responding to legal requests from authorities
Data breach notification requirements

c) Legitimate Interest (GDPR Article 6(1)(f)):

Website analytics and improvement
Security monitoring and fraud prevention
Service optimization and development
Marketing to existing clients (with opt-out option)

d) Consent (GDPR Article 6(1)(a)):

Optional marketing communications (you can withdraw consent at any time)
Non-essential cookies (you can manage preferences)

4. How We Use Your Information

We use your personal data for the following purposes:

4.1 Service Delivery

Providing access to the automated trading Software
Storing and using API keys to execute trades on your behalf
Monitoring Software performance and reliability
Processing pause/stop requests
Providing customer support and technical assistance

4.2 Account Management

Creating and managing your client account
Processing payments and license fees
Verifying minimum investment threshold compliance
Managing referrals and affiliate compensation (if applicable)

4.3 Legal and Regulatory Compliance

Complying with tax reporting obligations
Meeting anti-money laundering (AML) requirements
Responding to legal requests and court orders
Preventing fraud and illegal activities
Maintaining records as required by law

4.4 Security and Protection

Protecting against unauthorized access to API keys
Detecting and preventing security breaches
Monitoring for fraudulent activity
Maintaining system security and integrity

4.5 Analytics and Improvement

Analyzing website traffic and user behavior
Improving Software functionality and performance
Developing new features and services
Understanding client needs and preferences

4.6 Communication

Responding to inquiries and support requests
Sending service-related notifications (e.g., system updates, security alerts)
Providing important updates about the Software or Terms
Sending marketing communications (with your consent and opt-out option)

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and analyze website performance.

5.1 Types of Cookies We Use

a) Necessary / Essential Cookies

Required for website functionality
Used for authentication and session management
Preventing fraudulent use of accounts
Cannot be disabled without affecting site functionality

b) Analytics and Performance Cookies

Google Analytics cookies track user behavior, website traffic, and engagement metrics
Help us understand how visitors use our site
Allow us to improve website performance and user experience

c) Functionality Cookies

Remember your preferences (e.g., language settings)
Enhance user experience with personalized features
Store login details (if you choose)

5.2 Managing Cookies

You can manage your cookie preferences through your browser settings. Most browsers allow you to:

View and delete cookies
Block third-party cookies
Block all cookies (may affect site functionality)
Receive notifications when cookies are set

Opt-out of Google Analytics:
Use the Google Analytics Opt-out Browser Add-on

We do not sell, trade, or rent your personal information to third parties.

We may share your data in the following limited circumstances:

6.1 Service Providers

We may share data with trusted third-party service providers who assist in operating our Services:

Examples:

Payment processors (for cryptocurrency transactions)
Cloud hosting providers (for server infrastructure)
Analytics providers (Google Analytics)
Email service providers (for communications)

Conditions:

Service providers are contractually obligated to protect your data
They may only use data for specified purposes
They must comply with GDPR and applicable data protection laws

6.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

Comply with legal obligations or court orders
Protect and defend our rights or property
Prevent fraud or illegal activities
Protect the safety of users or the public
Respond to government or regulatory requests

6.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity. We will notify you of any such change and your rights regarding your data.

We may share your information for other purposes with your explicit consent.

7. API Key Security

API keys are highly sensitive and require special protection:

7.1 Security Measures

API keys are encrypted using industry-standard encryption (AES-256 or equivalent)
Stored on secure servers with restricted access
Never shared with third parties
Used solely for executing trades via the Software on Bybit and Bitmex

7.2 Client Responsibilities

Clients must configure API keys as “trade-only” with no withdrawal permissions
Clients remain responsible for API key security on the exchange side
Clients must immediately notify us if API keys are compromised

7.3 Breach Notification

In the event of a security breach affecting API keys, we will notify affected clients within 72 hours via email, as required by GDPR Article 33.

7.4 API Key Deletion

Upon termination of your License Agreement, we will securely delete your API keys within 30 days.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8.1 Retention Periods

Active Client Data:

Retained for the duration of your active License Agreement
Includes account information, API keys, and trading logs

Post-Termination Data:

Account information: Retained for 7 years after termination (tax and legal compliance)
API keys: Deleted within 30 days of termination
Trading logs: Retained for 7 years (tax and legal compliance)
Financial records: Retained for 7 years (Dutch tax law requirement)

Website Usage Data:

Server logs: Retained for 90 days (security and system maintenance)
Google Analytics: Retained for 26 months (Google’s default setting)

Marketing Data:

Retained until you unsubscribe or withdraw consent
Deleted within 30 days of unsubscribe request

Legal Hold:

Data may be retained longer if required for legal proceedings, investigations, or regulatory requests

8.2 Data Deletion

You may request deletion of your personal data at any time, subject to:

Legal obligations requiring retention (e.g., tax records)
Legitimate interests (e.g., fraud prevention, legal defense)
Contract performance requirements (during active service)

9. International Data Transfers

9.1 Server Locations

Our servers are located in [specify location - recommend EU/EEA for GDPR compliance].

9.2 Transfers Outside EU/EEA

If we transfer data outside the European Economic Area (EEA), we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions by the European Commission (for countries with equivalent protection)
Your explicit consent for specific transfers

9.3 Third-Party Services

Some third-party services (e.g., Google Analytics) may transfer data internationally. These services comply with GDPR requirements and use appropriate safeguards.

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

10.1 Right of Access (Article 15)

Request a copy of your personal data we hold
Receive information about how we process your data

10.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data

10.3 Right to Erasure / “Right to be Forgotten” (Article 17)

Request deletion of your personal data (subject to legal exceptions)

10.4 Right to Restriction of Processing (Article 18)

Request limitation of how we process your data in certain circumstances

10.5 Right to Data Portability (Article 20)

Receive your personal data in a structured, machine-readable format
Transmit your data to another service provider

10.6 Right to Object (Article 21)

Object to processing based on legitimate interests
Object to direct marketing at any time

Withdraw consent for processing based on consent (does not affect prior processing)

10.8 Right to Lodge a Complaint (Article 77)

File a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
Contact: https://autoriteitpersoonsgegevens.nl/

10.9 Exercising Your Rights

To exercise any of these rights, please contact us at:
Email: support@novatrend.io

We will respond to your request within 30 days as required by GDPR Article 12.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

11.1 Security Measures

Technical Measures:

Industry-standard encryption (TLS/SSL for data transmission, AES-256 for storage)
Secure server infrastructure with access controls
Regular security audits and vulnerability assessments
Encrypted API key storage
Secure authentication mechanisms

Organizational Measures:

Limited access to personal data (need-to-know basis)
Employee confidentiality obligations
Data protection policies and procedures
Incident response and breach notification procedures

11.2 Limitations

While we take reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

12. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete such information promptly.

13. Referral Program

If you participate in our referral program:

We collect information about referred clients (name, email, referral source)
We track referrals for compensation purposes
Referred clients must meet all eligibility requirements (including €10,000 minimum threshold)
Referral compensation data is retained for tax and accounting purposes (7 years)

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Services.

Notification:

Material changes will be communicated via email to active clients
Updated policy will be posted on our website with a revised “Last updated” date
Continued use of Services after changes constitutes acceptance of the updated policy

Review: We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

15. Governing Law and Dispute Resolution

15.1 Applicable Law

This Privacy Policy is governed by the laws of the Netherlands.

15.2 Dispute Resolution

Any disputes arising from this Privacy Policy shall be resolved in accordance with the dispute resolution process outlined in our Terms of Use:

Good-faith negotiation (30 days)
Mediation (60 days)
Binding arbitration (Netherlands Arbitration Institute)
Court of Rotterdam, Netherlands (fallback)

16. Contact Us and Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: support@novatrend.io
Website: https://novatrend.io

17. Acknowledgment

By using our Services, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection, use, and processing of your personal data as described
You understand your rights under GDPR and how to exercise them

Version 2.1