Flows.Trading is built with privacy by design.
We respect your personal data, protect your trading information, and comply with the strongest international data-protection standards—including GDPR (EU), UK-GDPR, and equivalent privacy regulations in other regions.
This page gives you a practical, human-readable overview of how we protect your data and what rights you have. It is not a legal document, but it summarizes the key principles behind our compliance.
Our Privacy Philosophy #
Your data belongs to you.
Our job is to safeguard it, use it only when necessary, and give you full transparency and control.
We follow four core principles:
1. Data Minimization #
We only collect the information required to operate the platform—no unnecessary profiling, no selling of personal data, no hidden data capture.
2. Purpose Limitation #
Data is used exclusively for:
-
Operating your account
-
Connecting to your brokers (through your own API keys)
-
Providing trading features, analytics, and charts
-
Keeping your account secure
Nothing else.
No external advertising.
No sharing with third-party marketing partners.
3. Security by Design #
All personal and trading data is handled with strong encryption, secure authentication, and strict access controls. Only systems that must process your information have access—even inside our infrastructure.
4. User Control & Transparency #
You always control:
-
what data you provide,
-
what brokers you connect,
-
which API keys you use,
-
what history you want to keep or delete.
You can modify or remove any of this at any time.
How GDPR Applies at Flows.Trading #
GDPR sets a global benchmark for privacy. Even if you’re not in the EU, these principles help ensure your data is handled responsibly.
We apply these core GDPR points across the platform:
Lawful Basis #
We process only what’s needed to:
-
create and manage your account,
-
operate your trading tools,
-
sync your broker integrations,
-
comply with security requirements.
Data Minimization & Retention #
We store data only as long as it’s needed for:
-
operating the service,
-
generating analytics you choose to keep,
-
legal or security obligations.
You can request deletion of your personal data at any time.
Right to Access #
You can request a summary of all personal information stored about you.
Right to Rectification #
If something is inaccurate or outdated, you can update it directly or ask our support team to correct it.
Right to Erasure (“Right to be Forgotten”) #
You may request deletion of your account and personal data.
Broker connections and API keys are also fully revocable at any moment.
Right to Data Portability #
We can provide your account or trading information in a structured, machine-readable format if you want to export it.
Right to Restrict or Object #
You can disable certain features, disconnect brokers, or limit data processing according to your preferences.
Where Your Data Is Stored #
-
Personal account data is stored securely on EU-GDPR-compliant servers.
-
Broker credentials (API keys) are encrypted and never stored in plaintext.
-
We do not store unnecessary financial information about you.
-
We never share your data with unauthorized third parties.
If data must be processed outside the EU (e.g., CDN, global infrastructure), it is done through fully compliant processors with adequate safeguards.
Third-Party Compliance #
Any external service we use (hosting, analytics, security monitoring) must meet strict requirements:
-
GDPR-compliant contracts (DPAs)
-
Encryption in transit and at rest
-
No unauthorized use or selling of your data
-
Restricted and audited access
We do not partner with data brokers or marketing data vendors.
Your Responsibilities #
GDPR compliance is shared: we secure our platform, but you must secure your personal environment.
This includes:
-
using a secure device,
-
keeping your passwords safe,
-
enabling 2FA,
-
avoiding unsafe networks,
-
managing your API keys securely.
Your trading account is only as secure as the environment you use it from.
Summary #
Flows.Trading protects your data with:
-
strong encryption,
-
minimal data collection,
-
full transparency,
-
GDPR-compliant processes,
-
strict access control,
-
user-controlled privacy.
You get a platform that respects your privacy, avoids unnecessary tracking, and gives you control over your personal information.
