Privacy Policy

Privacy Policy

Effective 2026-05-20

This Privacy Policy describes how VegaTrade ("VegaTrade," "we," "us," or "our") handles information collected through the marketing website at vegatrade.ai (the "Site"). The Site is the pre-launch marketing surface for the VegaTrade platform; this policy covers the Site only. A separate platform privacy policy will be issued when the trader application opens to authenticated users.

1. Scope

This policy applies to information you provide directly on the Site (for example, through the Request Access form) and to limited technical information that any web server records by default (for example, your IP address and the user agent string in HTTP request logs). It does not apply to the trader application, any broker integration, or any third party.

2. Information We Collect

The Site collects information in three categories:

  • Request Access form input. If you submit the Request Access form on /contact, the form captures the fields you provide: name, email, organization, audience type, and free-text message. In the current Site version, the form does NOT transmit this information to any remote endpoint; it is captured client-side and surfaces a local confirmation panel. Owner ratification of a production form-delivery handler will trigger an update to this policy that describes where the data goes.
  • Server access logs. Standard HTTP request logs at the hosting layer record the originating IP address, request path, user agent, response code, and timestamp. These logs exist to operate and debug the Site and are retained per the hosting provider's default retention window.
  • Browser cache headers. Static assets (favicon, OG image, CSS, font files) carry standard HTTP cache-control headers. These are not tracking cookies.

3. Information We Do NOT Collect

The Site does NOT:

  • Set tracking cookies.
  • Run any analytics tool (no Google Analytics, no Plausible, no Fathom, no Mixpanel, no any).
  • Embed third-party scripts (no marketing pixels, no ad networks, no chatbots).
  • Load fonts, images, or CSS from any external content-delivery network. Every asset is served from this domain.
  • Use browser localStorage, sessionStorage, or IndexedDB.
  • Fingerprint your device.

4. How We Use Information

We use the limited information we do collect to:

  • Respond to Request Access submissions and discuss platform fit with the requester.
  • Operate and debug the Site.
  • Detect and respond to abuse, malicious traffic, or security incidents.

We do not sell, rent, or trade personal data. We do not share Request Access submissions with any third party. We do not use submissions to train any machine-learning model.

5. Legal Basis (GDPR / UK GDPR)

Where the EU General Data Protection Regulation or UK GDPR applies, our legal basis for processing the limited information described above is our legitimate interest in operating the Site and responding to access requests. Request Access submissions are processed only with your active consent — submitting the form constitutes that consent.

6. California Consumer Privacy Act (CCPA / CPRA)

California residents have specific rights under the California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA), including the right to know what personal information is collected, the right to delete personal information, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising these rights.

VegaTrade does NOT sell or share personal information for cross-context behavioral advertising. To exercise CCPA rights against Request Access form submissions or server access logs, contact us via the Request Access form or, when available, at the privacy mailbox listed in §12 below.

7. Data Retention

Server access logs are retained per the hosting provider's default window (typically 7–30 days). Request Access submissions, once a production form handler is ratified and wired, will be retained for as long as is reasonable to operate the access-evaluation process and will be purged on request to the privacy contact below.

8. Data Subject Rights

You may have the right to access, correct, or delete personal information about you that we hold. To exercise these rights, contact us via the channels in §12. We will respond within the windows required by the law applicable to you (30 days under GDPR / UK GDPR; 45 days under CCPA, extendable to 90 days for complex requests).

Audit-chain carve-out

When the platform opens to authenticated users, the VegaTrade trader application will emit audit events into a regulator-grade audit chain. Audit-chain integrity invariants FORBID the deletion of events; erasure requests applicable to audit-chain entries are handled by redacting personal-data fields from user-facing exports while preserving the underlying chain entry for regulatory reconstruction. This carve-out applies only to the audit chain in the platform — NOT to Site server logs or Request Access submissions. It will be described in detail in the platform privacy policy when the platform opens.

9. International Data Transfers

The Site is hosted in the United States. If you access the Site from outside the United States, server access logs of your visit will be processed in the United States. By using the Site, you consent to that processing.

10. Children's Privacy

The Site is not directed to children under 18. The VegaTrade platform, when it launches, will not be available to users under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have done so, contact us and we will delete the information.

11. Security

The Site is served over HTTPS. Standard HTTP security headers are emitted at the hosting layer. There is no authentication surface on the Site in v1, and no personal data is transmitted over the network from the page in v1. When the platform's authenticated surfaces open, the platform's security posture — encryption at rest, encryption in transit, hardware-security-module key custody, audit-chain integrity, kill-switch propagation — will be documented in the platform privacy policy and in the dedicated Security page.

12. Contact

Privacy inquiries may be directed via the Request Access form with the audience type "Other" and a short note in the message field describing the privacy request. A dedicated privacy mailbox (privacy@ at the platform's domain) will be activated when the platform's domain is ratified; until then, the form is the canonical contact.

13. Changes

We may update this Privacy Policy from time to time. Material changes will be reflected in the Effective Date at the top of this page. Continued use of the Site after a change constitutes acceptance of the updated policy. For binding interpretation, consult the version effective on the date of your visit.

14. Pre-Launch Disclaimer

VegaTrade is a pre-launch technology platform. This v1 Privacy Policy is authored by the platform team as a good-faith baseline reflecting current data-handling practice. It is not a substitute for review by licensed counsel and will be subject to formal counsel review before the platform opens to authenticated users. Forward-looking statements about future platform behavior reflect current plans and are subject to change.