Back to home

Privacy Policy

Effective Date: 1 June 2026 Last Updated: 1 June 2026 Version: 1.0 Operated by: Stage And Partners Bilişim Mühendislik Eğitim Danışmanlık Anonim Şirketi ("Company", "we", "us", "our") Contact: info@trendarcher.com | trendarcher.com

1. ABOUT THIS POLICY

1.1 Purpose. This Privacy Policy explains what personal data we collect when you use the TrendArcher platform ("Platform"), why we collect it, how we use it, with whom we share it, how long we keep it, and what rights you have in relation to it. We are committed to handling your personal data transparently, lawfully, and in accordance with applicable data protection law. 1.2 Who We Are. The Company is the data controller responsible for your personal data collected through the Platform. As data controller, we determine the purposes and means of processing your personal data. Our contact details for all privacy-related enquiries are set out in Section 14. 1.3 Scope. This Policy applies to all personal data we collect: When you visit or browse the Platform (including trendarcher.com and all associated subdomains) When you register for an Account When you subscribe to a paid plan When you run Simulations or use any feature of the Platform When you contact our support team or communicate with us by any means When you respond to surveys, promotions, or other communications we send This Policy does not apply to third-party websites linked from the Platform. Those sites have their own privacy policies, and we are not responsible for their data practices. 1.4 Key Terms. In this Policy, "personal data" means any information that relates to an identified or identifiable natural person. "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

2. PERSONAL DATA WE COLLECT

We collect the following categories of personal data: 2.1 Identity Data Your name (if provided), username, and any other identifier you choose during registration or in your account profile. 2.2 Contact Data Your email address. This is the primary means by which we communicate with you about your account, subscription, and transactional matters. 2.3 Account & Authentication Data Your hashed and salted password; account creation date; account status (active, suspended, cancelled); login timestamps; authentication tokens used for session management. 2.4 Subscription & Transaction Data Your subscription plan, billing cycle, subscription start and end dates, and subscription status. We do not store your full payment card number, CVV, or bank account details — these are processed exclusively by our Merchant of Record payment processor. We receive only a tokenised payment reference, subscription status confirmation, and billing email from our payment processor. 2.5 Usage Data Information about how you interact with the Platform, including: Pages visited and features accessed Simulation parameters you configure (indicator selections, date ranges, cryptocurrency pairs) Number and frequency of Simulations run Simulation results viewed and exported Feature usage patterns and session duration This data is used to maintain and improve the Platform. It is not linked to your identity for external marketing purposes. 2.6 Technical Data Your IP address; browser type and version; device type (desktop/mobile); operating system; time zone; referring URL; session identifiers; and error logs. We collect this data for security, fraud prevention, and service reliability purposes. IP addresses may constitute personal data under applicable law and are treated as such. 2.7 Communications Data The content of any messages you send us via our support system, email, or any other channel, together with your email address and any attachments you include. We retain this data to respond to your enquiry and for quality assurance purposes. 2.8 Cookie & Tracking Data Information collected via cookies and similar technologies as described in detail in Section 9 and our Cookie Policy. 2.9 Data We Do Not Collect We do not collect: special categories of sensitive personal data (such as health, biometric, racial, or political data); financial portfolio data or real trading account information; data from minors under 18; or payment card details (processed solely by our payment processor).

3. HOW WE COLLECT YOUR PERSONAL DATA

3.1 Data You Provide Directly. You provide data directly when you: Register for an Account (email address, username, password) Subscribe to a paid plan (billing email, confirmed by our payment processor) Configure and run Simulations (indicator and strategy parameters) Contact our support team (communication content and contact details) Respond to optional surveys or feedback requests 3.2 Data Collected Automatically. When you use the Platform, we automatically collect Technical Data and Usage Data through server logs, session management systems, and first-party analytics tools. This collection begins as soon as you access the Platform, whether or not you are logged in. 3.3 Data from Third Parties. If you use a social login option (if offered), the relevant social platform will share your email address and basic profile information with us. We neither control nor take responsibility for how those third parties process your data before sharing it with us. We use this data only to create or authenticate your Account. We do not purchase personal data lists from data brokers or other third parties.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

We process your personal data only where we have a lawful basis to do so. The table below sets out our processing purposes and the legal basis for each. 4.1 Providing the Service — Contractual Necessity (GDPR Article 6(1)(b)) We process your Identity Data, Contact Data, Account Data, Subscription Data, and Usage Data to create and maintain your Account, authenticate your access, execute your Simulations, and deliver the results to you. This processing is necessary to fulfil our contract with you (these Terms of Service). Without this processing, we cannot provide the Platform. 4.2 Processing Payments — Contractual Necessity (GDPR Article 6(1)(b)) We share your billing email with our Merchant of Record payment processor to facilitate recurring subscription billing, payment failure handling, and refund processing. We do not process payment card data ourselves. 4.3 Security and Fraud Prevention — Legitimate Interests (GDPR Article 6(1)(f)) We process Technical Data (including IP addresses) and Account Data to detect and prevent unauthorized access, abuse, account takeovers, and fraudulent activity. Our legitimate interest is to protect the integrity of the Platform and the security of all users. We have assessed that this interest is not overridden by your privacy rights given the necessary and proportionate nature of this processing. 4.4 Platform Improvement — Legitimate Interests (GDPR Article 6(1)(f)) We process Usage Data and Technical Data in aggregated and pseudonymized form to understand how users interact with the Platform, identify bugs, and prioritize feature development. Our legitimate interest is to maintain and improve a high-quality service. We have assessed that this interest is not overridden by your privacy rights given that the data is used only internally and in pseudonymized form. 4.5 Customer Support — Legitimate Interests (GDPR Article 6(1)(f)) We process Communications Data to respond to your support requests, resolve issues, and maintain a record of interactions for quality purposes. Our legitimate interest is to provide effective support to our users. 4.6 Transactional Communications — Contractual Necessity (GDPR Article 6(1)(b)) We process your Contact Data to send you account-related communications: account confirmation, password reset, subscription receipts, renewal reminders, and service availability notices. You cannot opt out of these communications while you maintain an active Account, as they are necessary for the performance of our contract. 4.7 Legal Compliance — Legal Obligation (GDPR Article 6(1)(c)) We process and retain certain data (including billing records and account data) to comply with applicable laws, including tax and financial record-keeping obligations, and to respond to lawful requests from regulatory or judicial authorities. 4.8 Marketing Communications — Consent (GDPR Article 6(1)(a)) If you have opted in to marketing communications, we may send you product updates, feature announcements, and promotional offers by email. You may withdraw your consent at any time by clicking "unsubscribe" in any marketing email or by contacting us at . Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. We do not use your personal data for automated decision-making that produces legal or similarly significant effects on you. We do not engage in profiling for advertising purposes.

5. DATA SHARING

We do not sell your personal data to third parties. We do not share your personal data with advertisers. We share your data only in the circumstances described below. 5.1 Merchant of Record Payment Processor. We use a third-party Merchant of Record to process subscription payments globally. When you subscribe, your payment is collected and processed by that processor, who acts as the legal seller of record. We share your billing email with the processor for subscription management purposes. The processor's own privacy policy governs their handling of your payment data. 5.2 Cloud Infrastructure Provider. The Platform is hosted on third-party cloud infrastructure. Our hosting provider processes your data on our behalf under a data processing agreement and may have access to your data only as necessary to provide hosting services. 5.3 Analytics Provider. We use our own self-hosted, first-party analytics to collect aggregated and pseudonymized usage statistics. Analytics data is stored on our own infrastructure and is not shared with any third-party analytics provider. We do not use Google Analytics or any other third-party advertising analytics network. 5.4 Email Delivery Provider. We use a third-party transactional email service to deliver account-related emails (account confirmation, password reset, subscription receipts). This provider processes your email address on our behalf solely for the purpose of message delivery. 5.5 Error Monitoring Provider. We capture and diagnose technical errors using our own internal logging on our own servers. We do not currently use a third-party error monitoring or error tracking provider, and error information is not shared with any external error-tracking service. 5.6 Legal Disclosure. We may disclose your personal data to law enforcement agencies, regulatory authorities, courts, or other public bodies where: (a) we are legally required to do so; (b) we receive a valid court order, subpoena, or regulatory request; or (c) we reasonably believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or others. We will notify you of such requests where permitted by law. 5.7 Business Transfers. If the Company is involved in a merger, acquisition, reorganization, asset sale, or insolvency proceeding, your personal data may be transferred to the acquiring entity as part of that transaction. We will notify you by email or prominent in-platform notice before your data is transferred and becomes subject to a different privacy policy. 5.8 Professional Advisers. We may share your data with our lawyers, accountants, auditors, and insurers where necessary in connection with the operation of our business, subject to binding confidentiality obligations. 5.9 With Your Consent. We may share your data with any other third party where we have your explicit consent to do so. All third parties with whom we share personal data are required to process it in accordance with applicable data protection law, subject to appropriate contractual safeguards (including Data Processing Agreements where required by GDPR Article 28).

6. INTERNATIONAL DATA TRANSFERS

The Company is incorporated in Turkey. We may use service providers located in the European Economic Area, the United Kingdom, the United States, or other countries. Where we transfer personal data outside the country in which it was collected, we ensure appropriate safeguards are in place, including: Transfers to countries with an adequacy decision from the European Commission (where applicable) Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by transfer impact assessments where required Other legally recognised transfer mechanisms under applicable data protection law You may request details of the specific transfer mechanism applicable to any particular transfer by contacting us at .

7. DATA RETENTION

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, comply with our legal obligations, resolve disputes, and enforce our agreements. The following retention periods apply: When the applicable retention period expires, we delete or irreversibly anonymize your personal data. Anonymized data (which can no longer be linked to you) may be retained indefinitely for analytical purposes. Following account deletion, your personal data will be removed from active systems within 30 days and from backup systems within 90 days, except where retention is required by law.

8. YOUR RIGHTS

Depending on your location, you may have the following rights in relation to your personal data. We will respond to all valid requests within 30 days, or within such other period as required by applicable law. 8.1 Right of Access. You have the right to request a copy of the personal data we hold about you, along with information about how we process it. 8.2 Right to Rectification. You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You may also update certain information directly in your account settings. 8.3 Right to Erasure ("Right to be Forgotten"). You have the right to request deletion of your personal data where: (a) it is no longer necessary for the purposes for which it was collected; (b) you withdraw consent on which processing is based; (c) you object to processing based on legitimate interests and we have no overriding legitimate grounds; or (d) the data has been unlawfully processed. We will honour erasure requests subject to any overriding legal obligations to retain the data. 8.4 Right to Restriction of Processing. You have the right to request that we restrict processing of your personal data in certain circumstances, for example while we verify the accuracy of data you have disputed. 8.5 Right to Data Portability. Where processing is based on your consent or on a contract, and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format, and to transmit that data to another controller. 8.6 Right to Object. Where processing is based on legitimate interests, you have the right to object to that processing on grounds relating to your particular situation. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims. Where we process your data for direct marketing purposes, you have an unconditional right to object at any time, and we will cease processing for that purpose immediately. 8.7 Right to Withdraw Consent. Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal. 8.8 Right Not to be Subject to Automated Decision-Making. We do not make decisions based solely on automated processing that produce significant effects on you. If this changes, we will update this Policy and provide you with the right to contest such decisions. 8.9 Right to Lodge a Complaint. You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection law. In the European Union, you may contact the supervisory authority of your country of residence. In Turkey, you may contact the Kişisel Verileri Koruma Kurumu (KVKK — Personal Data Protection Authority). We encourage you to contact us directly first so we can address your concern. How to Exercise Your Rights. To exercise any of the rights above, please submit a written request to . We may need to verify your identity before processing your request. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive.

9. COOKIES AND SIMILAR TECHNOLOGIES

9.1 What Cookies Are. Cookies are small text files placed on your device by websites you visit. They allow the site to recognize your browser, remember your preferences, and collect usage information. Similar technologies include local storage, session storage, and tracking pixels.

9.2 Cookies We Use.

Strictly Necessary Cookies (no consent required): These cookies are essential for the Platform to function and cannot be disabled. They include: Session authentication cookies that keep you logged in during your visit CSRF (Cross-Site Request Forgery) protection tokens Load balancing cookies for server infrastructure Cookies that store your cookie consent preferences Functional Cookies (consent required in applicable jurisdictions): These cookies remember your choices to improve your experience: Your preferred time zone and date format settings Your most recently used Simulation configuration (to save you re-entering parameters) Analytics Cookies (consent required in applicable jurisdictions): We use first-party analytics to understand Platform usage in aggregate. These cookies are pseudonymised and are not used to track you across other websites. We do not use third-party advertising analytics networks. 9.3 Cookies We Do Not Use. TrendArcher does not use: Third-party advertising, remarketing, or retargeting cookies Social media tracking pixels (Facebook Pixel, Twitter Pixel, etc.) Cross-site behavioural tracking cookies Fingerprinting or other covert tracking technologies 9.4 Cookie Consent. Where required by applicable law (including GDPR and the EU ePrivacy Directive), we will obtain your consent before setting non-essential cookies. You can manage your preferences through the cookie consent banner displayed on your first visit, or at any time via the "Cookie Preferences" link in the site footer. 9.5 Managing Cookies. You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling strictly necessary cookies will prevent you from logging in to the Platform. Instructions for managing cookies in major browsers are available at: Chrome: support.google.com/chrome/answer/95647 Firefox: support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences Safari: support.apple.com/guide/safari/manage-cookies-sfri11471

10. SECURITY

10.1 Technical Measures. We implement industry-standard technical security measures to protect your personal data, including: Encrypted data transmission using TLS 1.2 or higher for all data in transit Encryption of sensitive data at rest where appropriate Bcrypt or equivalent hashing for password storage (we never store plaintext passwords) Access controls and role-based permissions limiting data access to authorized personnel Regular security patching and periodic security reviews Firewall protection and automated protection against brute-force access attempts 10.2 Organizational Measures. Access to personal data is restricted to staff and contractors who require it to perform their role. All such people are subject to confidentiality obligations. We conduct periodic reviews of data access permissions. 10.3 No Absolute Security. No system is completely secure. We cannot guarantee that your data will never be accessed, disclosed, altered, or destroyed in the event of a breach of our security measures. In the event of a personal data breach that is likely to pose a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (within 72 hours of becoming aware of the breach under GDPR Article 33). 10.4 Your Role in Security. You are responsible for keeping your Account credentials confidential and for using a strong, unique password. You should notify us immediately at if you believe your Account has been compromised.

11. CHILDREN'S PRIVACY

The Platform is not directed at or intended for use by persons under 18 years of age. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us at and we will promptly delete that data.

12. THIRD-PARTY LINKS AND SERVICES

The Platform may contain links to third-party websites or embed third-party content. Clicking on those links will take you to websites outside our control. We are not responsible for the content or privacy practices of those sites. We encourage you to read the privacy policy of any website you visit. The inclusion of a link does not constitute an endorsement of the linked website or its operators.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our data processing practices, legal requirements, or the features of the Platform. When we make material changes, we will notify you by: Sending an email to the address associated with your Account, and/or Displaying a prominent notice on the Platform at least 14 days before the change takes effect. We will also update the "Last Updated" date at the top of this document. Your continued use of the Platform after the effective date constitutes your acceptance of the updated Policy. If you do not agree with the changes, you must stop using the Platform and delete your Account before they take effect. We encourage you to review this Policy periodically to stay informed about how we protect your data.

14. CONTACT AND DATA CONTROLLER DETAILS

For any questions, requests, or complaints relating to this Privacy Policy or our data processing practices, please contact us: Data Controller: Stage And Partners Bilişim Mühendislik Eğitim Danışmanlık Anonim Şirketi Privacy Contact: Email: Website: We will acknowledge your enquiry within 5 business days and aim to resolve it fully within 30 days. If you are not satisfied with our response, you have the right to escalate your complaint to the relevant supervisory authority as described in Section 8.9.

By using TrendArcher, you confirm that you have read and understood this Privacy Policy.