ZenAlgo

ZenAlgo's Privacy Policy

Last Updated: 10.10.2025

1. Introduction

Welcome to our platform/webpage zenalgo.io, operated by KUMAMI Solutions s.r.o., Jurečkova 1811/18, Moravská Ostrava, 702 00, Czech Republic, ID: 11742739, registered with the Regional Court of Ostrava, file no.: C 86731 (hereinafter "ZenAlgo", "we", "us" and "our").

This Privacy Policy explains how we collect, use, share and protect personal data. By using our website or services, you acknowledge this Policy.

2. What Personal Data We Collect

We collect only what we need to operate and secure the service:

  • Account & Identification: email address, account identifiers, subscription tier/status.
  • Operational & Security Logs (see §7.5 for details): IP address, user-agent/device type, timestamps, request URL/endpoint, status codes, error messages, authentication/authorization events, rate-limiting/anti-abuse signals, session/account IDs.
  • Usage Data: high-level interactions with pages/features (non-marketing telemetry).
  • Communications: content of messages you send us (support, requests).
  • Payment Meta: confirmation of payment status/tier (no full card data; see §5).
  • Cookies/IDs: as described in §10 Cookies (essential, analytics, advertising).

We do not collect biometric data, government IDs, or full payment card numbers.

Voluntary content: If you participate in training/coaching or community spaces (e.g., Discord/Telegram), we may process necessary identifiers and session metadata. Any recording of sessions is not routine and, if applicable, would be communicated in advance.

3. Where the Data Come From

  • Directly from you (registration, communications, settings).
  • Automatically (operational logs, cookies/SDKs — see §7.5 and §10).
  • From third parties needed to deliver the service (e.g., Stripe for payment confirmations, TradingView for indicator access invitations, advertising partners if you consent to marketing cookies).

4. Why We Process Data (Purposes & Legal Bases)

We process personal data for these purposes:

  • Operate the service & your account (authentication, subscription access). Legal basis: contract performance, Art. 6(1)(b) GDPR; legitimate interests, Art. 6(1)(f) (service operation).
  • Security & abuse prevention (DDoS/rate-limit, fraud, incident handling). Legal basis: legitimate interests, Art. 6(1)(f).
  • Customer support & communications. Legal basis: contract performance, Art. 6(1)(b); legitimate interests, Art. 6(1)(f).
  • Payments & billing status (via processors). Legal basis: contract performance, Art. 6(1)(b); legal obligations (tax/accounting), Art. 6(1)(c).
  • Analytics to improve the service (non-marketing; aggregated/pseudonymized). Legal basis: legitimate interests, Art. 6(1)(f).
  • Marketing communications (emails about updates/offers) and advertising cookies where applicable. Legal basis: consent, Art. 6(1)(a) (you can opt out/withdraw anytime); or legitimate interests with easy opt-out where permitted.
  • Legal compliance & enforcement (regulatory, tax, responding to authorities; enforcing Terms). Legal basis: legal obligations, Art. 6(1)(c); legitimate interests, Art. 6(1)(f).

5. Payments, TradingView & Other Providers (Roles)

  • Stripe (payments): Stripe processes payment details and related personal data as independent controller (and/or processor depending on product). We receive only payment status/metadata necessary to grant access. See Stripe's privacy policy.
  • TradingView (indicators): Where we provision indicator access via TradingView, TradingView processes data under its own terms/policies.
  • Advertising partners (if you consent): Meta, X (Twitter), Google/YouTube and other PPC partners may set cookies/SDKs to deliver personalized ads (see §10).
  • Hosting & security providers: We use reputable vendors for hosting, security and logging under data-processing agreements.

Your use of third-party services is governed by their respective policies.

6. Sharing & International Transfers

We share data only with:

  • Service providers (hosting, security, analytics, payment gateways) under contracts that include data protection obligations.
  • Public authorities where legally required or to protect rights, users or the service.
  • Aggregated/de-identified outputs for operations and improvements (no re-identification).

Where data are transferred outside the EU/EEA (e.g., to the United States), we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and apply supplementary measures where necessary.

7. Data Act & Data Portability • Operational Logs & Security

7.1 Scope

We do not actively collect or store personal or transactional data beyond the limited information necessary to provide access to the service (e.g., login credentials, account identifiers, confirmation of payment status). Payment data are processed by authorized providers (e.g., Stripe).

7.2 EU Data Act Portability

In accordance with Regulation (EU) 2023/2854 (Data Act) and applicable laws, you may request access to data generated by your use of the service and receive them in a structured, commonly used, machine-readable format.

  • This right applies solely to user-generated data directly linked to your account/activity.
  • It does not extend to ZenAlgo proprietary IP (algorithms, indicators, trading signals or other protected materials).

7.3 How to Request (Data Act/GDPR)

Email info@zenalgo.io with: (i) proof of account control; (ii) the scope of data requested. We will make reasonable efforts where technically feasible and within the scope of data actually available to ZenAlgo. We may need to verify identity, apply security/abuse safeguards, and withhold or redact data to protect rights and freedoms of others or trade secrets (Data Act/GDPR).

7.4 Processors' Data

Where data are held by third-party processors/controllers (e.g., Stripe, TradingView), requests may need to be addressed directly to those providers.

7.5 Operational Logs (what we log)

For operation, security and abuse prevention, we record and retain short-term technical logs, including:

  • session/account identifiers and authentication status;
  • IP address, user-agent/device type, timestamps;
  • called endpoint/URL, HTTP status codes, error messages;
  • authentication/authorization events; rate-limiting/anti-abuse signals.

Purpose: keep the service running securely; prevent abuse; diagnose incidents.

Legal basis: legitimate interests (Art. 6(1)(f) GDPR).

Retention: up to 6 months (longer where required for incident investigation/legal obligations).

Logs are not used for marketing or profiling.

8. Data Retention

We retain personal data only as long as necessary for the purposes in this Policy:

  • Account/service data: for the life of your account and for a reasonable period thereafter for dispute handling/compliance.
  • Payment/accounting records: as required by applicable tax and accounting laws.
  • Operational logs: up to 6 months (see §7.5), unless a longer period is necessary for security/legal reasons.
  • Marketing data: until you withdraw consent or object (and for limited proof-of-consent retention where required).

9. Security

We apply technical and organizational measures appropriate to the risks (encrypted transit, access controls, least-privilege, segmentation, audit logs, secure development practices). No system is perfectly secure; please protect your credentials and report any suspected incidents to info@zenalgo.io.

10. Cookies & Similar Technologies

We use cookies/SDKs to operate and improve the service and (if you consent) to personalize content/ads.

  • Essential cookies (first-party): strictly necessary for site operation (authentication, payment flows, indicator provisioning). These cannot be refused.
  • Analytics cookies: help us understand usage in aggregate (e.g., Google Analytics with IP anonymization).
  • Advertising cookies/SDKs (third-party): e.g., Meta, X (Twitter), Google/YouTube and other PPC partners for personalized ads and measurement.

Your choices: You can manage non-essential cookies via our cookie consent tool and/or your browser settings. Refusing non-essential cookies may limit personalized content/ads. See partners' policies for how they process data.

Your GDPR Rights

You have the rights to access, rectify, erase, restrict, object (including to direct marketing), and data portability , and to withdraw consent (where processing is based on consent). We will respond within one month (extendable by two months for complex requests). We may request information to verify your identity. You can also lodge a complaint with the Czech Data Protection Authority (ÚOOÚ): https://www.uoou.cz .

How to exercise: contact info@zenalgo.io.

12. Children

Our services are not directed to individuals under 18. We do not knowingly process their data. If you believe we have such data, contact us and we will take appropriate steps.

13. Changes to This Policy

We may update this Policy to reflect changes in law or our practices. Material changes will be notified on the website (and/or by email) and take effect on the stated effective date.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at info@zenalgo.io. We are dedicated to addressing any concerns you may have.

Controller: KUMAMI Solutions s.r.o., Jurečkova 1811/18, 702 00 Ostrava, Czech Republic