Privacy Notice

TheVIXtrader is operated by John Smith Kristiansen. For the purposes of EU/UK data protection law we act as the data controller for the personal data you provide while using the service.

You can reach us at support@thevixtrader.com for any privacy-related question.

We collect personal data in a few categories:

• Account data — your email address, display name, encrypted password, and the role associated with your account (free, premium, admin).
• Subscription data — which plan you're on, founding-member status, current period dates, and a reference to your customer record at our payment provider. We do not store card numbers; payment details are handled by Paddle.
• Community & product data — messages you post in premium discussion, alert preferences you configure, feedback you submit, and your interaction history with intelligence features.
• Support data — content of any email or in-app message you send us.
• Technical data — IP address, device and browser information, session identifiers, and basic usage telemetry necessary to keep the service secure and reliable.

• Provide the service — account creation, authentication, dashboards, alerts, and community access. Legal basis: performance of our contract with you.
• Process payments & subscriptions — via our payment provider (see below). Legal basis: contract.
• Security & fraud prevention — detecting abuse, rate-limiting, protecting accounts. Legal basis: legitimate interest in keeping the platform safe.
• Product improvement — understanding which features are used so we can make the platform better. Legal basis: legitimate interest. Where we use optional analytics cookies, the basis is your consent.
• Customer support — answering questions, fixing problems. Legal basis: contract / legitimate interest.
• Service emails — important account, billing, or product notices. Legal basis: contract. Marketing emails (if any) are sent only with your consent.
• Legal compliance — when we have to retain or share data because the law requires it.

We use a small number of strictly necessary cookies to keep you signed in and to remember your preferences. We may also use privacy-respecting analytics to understand aggregate product usage. You can manage cookie preferences through your browser settings, and where consent is required we'll ask before setting non- essential cookies.

We don't sell your personal data. We share it only with service providers who help us run the platform, and only as needed:

• Paddle — our online reseller and Merchant of Record for all orders. Paddle handles checkout, payments, taxes, invoicing, subscription management, and refunds. Their handling of payment data is governed by Paddle's Privacy Policy.
• Lovable Cloud — our backend platform (built on Supabase) for authentication, database, file storage, and serverless functions.
• Email infrastructure — for transactional emails such as account confirmation, password resets, billing notices, and support replies.
• AI providers — for AI-assisted features. We send only the content needed to generate a response and don't share account identifiers beyond what's necessary.
• Professional advisers & authorities — accountants, lawyers, or competent authorities where the law requires it.

Some of our service providers operate outside the UK/EEA. When personal data leaves these regions we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision recognised by the receiving country.

We keep personal data only for as long as needed:

• Account & profile data — for as long as your account exists, plus a short period afterwards for security and dispute handling.
• Subscription & billing records — retained for as long as legally required (typically 6–10 years for financial records).
• Community messages — retained while your account is active; you can delete your own recent messages from the community panel.
• Support correspondence — retained for a reasonable period after the issue is resolved.
• Technical logs — retained for short periods (typically up to 90 days) for security and reliability.

When data is no longer needed we delete or anonymize it.

Depending on where you live, you may have the right to access, correct, delete, restrict, or port your personal data, to object to certain processing, and to withdraw consent at any time. You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@thevixtrader.com. We aim to respond within one month.

We apply appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, server-side authorisation rules on our database, and regular review of our security practices. No system is completely secure, but we work hard to minimise risk.

The service is not directed to children under 16, and we don't knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this notice as the service evolves or as the law changes. The current version will always be available at this URL with the “Last updated” date.