Privacy Policy

How we protect your privacy and data

Privacy Policy – Scope Trade

Last updated: 8 October 2025

1. Introduction
2. Scope and Legal Basis
3. Categories of Personal Data
4. Purposes of Processing
5. Methods of Collection
6. Data Storage and Security
7. Sharing and International Transfers
8. User Rights under Amendment 13
9. Submitting Privacy Requests
10. Company Safeguards
11. Updates and Changes
12. Integrated Terms of Use

1. Introduction

1.1 This Privacy Policy describes the personal data we collect about you, how we collect it, the safeguards we apply and the ways in which we use it. The Policy forms an integral part of the Scope Trade Terms of Use.

1.2 Your use of the Site constitutes informed consent to the collection, retention and use of your personal data as described herein and in accordance with Amendment 13 to the Protection of Privacy Law.

1.3 Questions and requests can be sent to privacy@scope-trade.com.

2. Scope and Legal Basis

2.1 This Policy is binding, comprehensive and complementary to the Terms of Use. It protects the Company’s regulatory, security and proprietary interests while ensuring transparency, legal compliance and protection of user data under Israeli law, including the Protection of Privacy Law, 1981 (as amended by Amendment 13), the Consumer Protection Law, the Contracts Law and the Privacy Protection Regulations (Informed Consent), 2025.

2.2 Scope Trade is a registered sole proprietorship in Israel. The Company reserves the right to protect its data assets, including blocking accounts, reporting to authorities or retaining data for archival purposes without liability toward Users.

2.3 References to the Company include its partners, employees, suppliers (e.g., Supabase, Tranzila, Brevo), subcontractors and any affiliated party, all of whom are protected against claims arising from the collection, processing or sharing of data.

2.4 Using the Site constitutes informed, explicit and freely given consent to collect, retain, process, share, transfer and otherwise use your personal data as detailed below. Consent is granted electronically (e.g., by ticking a box or clicking “I agree”) and is equivalent to a handwritten signature pursuant to the Electronic Signature Law, 2001.

2.5 Privacy inquiries may be submitted to privacy@scope-trade.com or via the Site’s contact form. The Company will respond within 30 days but may decline abusive or fraudulent requests as part of its protection measures.

3. Categories of Personal Data

3.1 Identification and account data: full name, email address, user identifiers (userId, cuid), OAuth identifiers (e.g., googleId), multi-factor status (twoFactorEnabled), email verification status (emailVerified), optional profile photos and similar attributes collected during registration, login or service usage (e.g., uploading TLG files, chatbot prompts).

3.2 Commercial and financial data: trading transactions (UnifiedTransaction: symbol, description, assetType, exchange, action, tradeDate, quantity, price, totalValue, commission, pnl), analytics (TLGAnalysis: totalTrades, winRate, netPnl, sharpeRatio, maxDrawdown), strategy metrics (TradingPosition, TradingMetrics), performance tracking (TradingStats: totalVolume, assetBreakdown), and payment details (paymentMethod, subscriptionId, currentPeriodEnd) processed via providers such as Tranzila.

3.3 Behavioral and technical data: usage logs (ApiUsage: endpoint, method, statusCode, responseTime, ipAddress, userAgent), audit events (AuditLog: adminId, action, resource), activity records (UsageLog: action, metadata), chatbot conversations (ChatConversation: content, tokens, confidence) and browsing data (cookies, sessionToken).

3.4 Anonymous or aggregated data: non-identifiable insights used for analytics, statistics and service improvements.

4. Purposes of Processing

We process personal data for the following purposes:

Service delivery: providing the trading journal, transaction analytics, strategy tools, performance dashboards and chatbot (including winRate and netPnl calculations).
Security and fraud prevention: detecting suspicious activity (e.g., fingerprint SHA256), protecting against DDoS attacks and malware.
Regulatory compliance: reporting to competent authorities (e.g., Israel Securities Authority, Privacy Protection Authority) in the event of suspected money laundering or legal violations.
Service improvement: analyzing anonymous data to improve AI models, user experience and personalized news feeds.
Marketing and communications: sending updates, offers and alerts (e.g., via Brevo) subject to your consent and right to opt out.
Legal archiving: retaining data for up to seven years to satisfy legal and regulatory obligations (e.g., AuditLog).

5. Methods of Collection

Direct submission: information you provide during registration, login or data uploads (e.g., TLG files).
Automatic collection: cookies, logs, IP addresses, user agents and analytical tools such as Supabase analytics.
Third-party sources: identity services (Google OAuth), payment processors (Tranzila) and communication providers (Brevo). Collection is limited to what is necessary and compliant with Amendment 13.

6. Data Storage and Security

6.1 Data is hosted on Supabase servers protected with Row-Level Security and encrypted using AES-256-GCM in registered databases pursuant to the Privacy Protection (Data Security) Regulations.

6.2 Retention periods:

Account data: until account deletion or up to seven years after termination.
Transaction data: according to user preferences or up to seven years for archival purposes.
Technical logs: up to 12 months, unless extended for security.

6.3 Security controls include encryption, access controls, duplicate detection (fingerprint SHA256) and anomalous behavior monitoring. No system is perfectly secure; you acknowledge these risks, use the Services at your own responsibility and waive claims related to breaches or data loss.

7. Sharing and International Transfers

7.1 We may share personal data with:

Service providers: Supabase (hosting), Tranzila (payments), Brevo (communications), Google OAuth (authentication).
Regulatory authorities: if required by law or in case of suspected illegal activity.
Business partners: for marketing or service-improvement purposes, subject to consent or anonymization.

7.2 International transfers (e.g., hosting on Supabase servers outside Israel) comply with the Privacy Protection Regulations (Transfer of Data Abroad), 2001, including the use of Standard Contractual Clauses (SCCs).

8. User Rights under Amendment 13

8.1 Right of Access

Scope: receive information about all personal data stored in the Company’s databases, including categories, purposes, recipients and retention periods.
How to exercise: request a detailed report (e.g., account details, UnifiedTransaction, TLGAnalysis, ApiUsage, ChatConversation) by emailing privacy@scope-trade.com. Information is provided within 30 business days in a readable format (PDF/JSON) free of charge unless the request is complex or repetitive.
Limitations: we may deny requests that infringe third-party rights, compromise security or relate to anonymous data.

8.2 Right to Rectification

Scope: correct inaccurate, incomplete or outdated personal data.
How to exercise: email privacy@scope-trade.com with the requested corrections (e.g., symbol, price in UnifiedTransaction). We will examine and confirm or deny within 30 business days and relay corrections to relevant third parties (e.g., Tranzila).
Limitations: requests lacking justification or conflicting with legal records may be declined.

8.3 Right to Erasure (“Right to be Forgotten”)

Scope: delete personal data when it is no longer needed, consent is withdrawn or processing is unlawful.
How to exercise: request deletion of your account and data (TradingAccount, UnifiedTransaction, ChatConversation) via email. Deletion occurs within 30 business days except for legal retention (e.g., payment records or AuditLog for up to seven years), anonymized data or data involved in legal proceedings.
Limitations: regulatory or security requirements may prevent deletion and may affect continued service access.

8.4 Right to Object

Scope: object to processing for specific purposes, such as direct marketing.
How to exercise: unsubscribe via email or link within communications (e.g., Brevo campaigns). Marketing use will cease within 30 business days.
Limitations: necessary processing (e.g., transaction analytics, security checks, legal compliance) continues despite the objection.

8.5 Right to Restrict Processing

Scope: request temporary suspension of processing while accuracy or legality is assessed.
How to exercise: email privacy@scope-trade.com (for example, to pause TLGAnalysis). During restriction we store data but do not process it beyond legal needs.
Limitations: we may refuse if the restriction impairs service delivery, compliance or our legitimate interests.

8.6 Right to Data Portability

Scope: receive personal data in a structured, commonly used and machine-readable format and transfer it to another controller.
How to exercise: request export of UnifiedTransaction, TradingStats in JSON/CSV format. Data will be provided within 30 business days free of charge unless the request is excessively burdensome.
Limitations: applies only to data supplied by you or generated for you; aggregated or anonymous data are excluded.

8.7 Right not to be Subject to Automated Decisions

Scope: avoid decisions based solely on automated processing (including AI) that produce legal or similarly significant effects.
How to exercise: request human review of automated decisions via privacy@scope-trade.com.
Limitations: automated processing may continue for security or service-improvement purposes, to which you consent by using the Services.

8.8 Right to Withdraw Consent

You may withdraw consent for processing based on consent at any time. Withdrawal does not affect processing carried out prior to withdrawal and may impact service availability.

9. Submitting Privacy Requests

Requests must be submitted in writing to privacy@scope-trade.com.
Include full identification details, a clear description of the request and relevant supporting documentation.
Responses are provided in writing within 30 business days, including confirmation of action, a justified refusal or an explanation of limitations.
Requests are handled free of charge unless repetitive or resource-intensive, in which case a reasonable fee may apply.
If a request is refused, you may escalate to the Israeli Privacy Protection Authority within 45 days.

10. Company Safeguards

The Company may deny requests that infringe third-party rights, endanger security or conflict with legal obligations (e.g., mandatory retention). You acknowledge that exercising certain rights may limit or disable access to the Services and waive claims regarding justified refusals.

11. Updates and Changes

The Company may update this Policy from time to time. Notice of changes will be provided via the Site or email at least 30 days in advance, pursuant to the Consumer Protection Law. Continued use after an update constitutes renewed consent; Users waive claims regarding lawful changes.

12. Integrated Terms of Use

Key provisions of the Terms of Use form an integral part of this Policy, including:

Definitions and scope applying to all Users and safeguarding the Company’s proprietary and regulatory rights.
Registration and login requirements for accurate information, email verification and account security.
Services offered on an “as-is” basis (trading journal, AI analytics, strategy tools, customized news, chatbot).
Usage restrictions forbidding illegal activity, harmful content or attempts to bypass security.
Crypto analytics offered under the User’s sole responsibility.
Limitation of liability capping exposure to the fees paid during the preceding two years.
Termination and blocking at the Company’s discretion without liability.
Indemnification obligations covering damages caused by breach of the Terms.

Questions about your privacy? Contact us at support@scope-trade.com