1. Information We Collect

1.1 Account and Identity Information

When you create a CrossTrade account, we collect information necessary to establish and maintain your account. This includes your full name, email address, billing address, and payment information. Payment information, including credit card numbers, is processed securely through our payment processor, Stripe. We do not store complete credit card numbers on our servers. Your account credentials, including your username and password, are stored using industry-standard encryption protocols to protect against unauthorized access.

1.2 Brokerage Connection Information

To facilitate trade automation between your third-party alerting platforms and your brokerage accounts, we may collect connection information you provide when setting up broker integrations.

This may include:

• Brokerage account credentials (API keys, secret keys, OAuth tokens)
• Broker account identifiers
• Connected broker names and account types
• Webhook URLs and endpoint configurations

The specific information collected depends on the broker and connection method you choose. Some brokers may require only basic API credentials, while others may require additional authentication data.

1.3 Trading Activity Data

We collect data necessary to process, route, and analyze your trading activity. This includes incoming webhook payloads and alert content, trade symbols, quantities, order types, and prices, timestamps of alert receipt, forwarding, and execution, execution confirmations, rejections, and error logs, account activity logs and system interactions, position data including open positions, closed positions, and position sizes, profit and loss (P&L) data for connected accounts, trade history and performance metrics, risk management data such as stop losses, take profits, and drawdowns, and account balances and equity curves when available from broker APIs.

This data is used to route alerts to your brokers, provide account management features, enable trade journaling and performance analytics, generate reports and insights on your trading activity, and troubleshoot technical issues. We retain trading activity logs for 90 days for operational purposes and may retain aggregated, anonymized performance data indefinitely for product improvement.

1.4 Signal Share Data

If you use the Signal Share feature to broadcast or receive trade signals, we collect and process data related to that activity. This includes signal content (trade symbols, actions, quantities, order types), sender and recipient account identifiers, signal delivery timestamps and status, and connection metadata between sender and recipient accounts.

Signal recipients may see trade data that reveals aspects of the sender's trading strategy, including instruments traded, position sizes, and timing. By using Signal Share as a sender, you acknowledge and consent to this data being transmitted to your connected recipients. CrossTrade does not control how recipients use or store signal data after delivery.

1.5 CrossTrade API Usage Data

If you access the CrossTrade REST API, we collect data related to your API activity, including API request and response logs, endpoint usage patterns and frequency, rate limit consumption, API credential identifiers (we do not log full API secrets), and IP addresses of API requests. This data is used to enforce rate limits, detect abuse, troubleshoot integration issues, and improve API performance.

1.6 Device and Usage Information

When you visit our Site or use our Services, we automatically gather certain technical data about your device and how you interact with our platform. This automatically-collected data is referred to as "Device Information" and includes your IP address, browser type and version, operating system, device identifiers, time zone and locale settings, pages visited and features used, referral sources (the websites or search terms that brought you to our Site), session duration and interaction patterns, machine identifiers such as your NinjaTrader Machine ID, and information about how you navigate through and interact with the Site.

We collect machine identifiers to prevent abuse of our free trial system and ensure compliance with our one-trial-per-user policy as outlined in our Terms of Service.

The methods we use to collect Device Information include:

• Cookies: Data files placed on your device or computer, often containing an anonymous unique identifier. For more details about cookies and instructions on how to disable them, visit allaboutcookies.org.
• Log Files: These monitor activities on the Site and collect data such as your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
• Web Beacons, Tags, and Pixels: Electronic files utilized to track how you browse the Site and measure the effectiveness of marketing campaigns.

1.7 Order and Transaction Information

When you make or attempt to make a purchase through the Site, we gather certain information from you to process your transaction. This type of information is known as "Order Information" and includes your name, billing address, shipping address (if applicable), payment information (which includes credit card numbers, processed securely through Stripe), email address, and phone number. This information is used to complete your purchase, process payment, arrange any necessary shipping or delivery, and provide you with invoices and order confirmations.

1.8 Communications

We retain records of your communications with CrossTrade to provide customer support and improve our Services. This includes support tickets and customer service inquiries, email correspondence with CrossTrade, chat logs and support interactions, notification preferences and communication history, and feedback or survey responses you provide.

In this Privacy Policy, when we refer to "Personal Information," we are encompassing all categories of information described above, including Device Information, Order Information, Account Information, Brokerage Connection Information, Trading Activity Data, Signal Share Data, API Usage Data, and Communications.

1.9 Affiliate Tax Information

If you participate in the CrossTrade Affiliate Program, we collect tax-related information necessary for IRS reporting and commission payouts. For U.S. persons, this includes information equivalent to IRS Form W-9: legal name, business name (if applicable), federal tax classification, mailing address, and taxpayer identification number (SSN or EIN). For non-U.S. individuals, this includes information equivalent to IRS Form W-8BEN: legal name, country of citizenship, date of birth, permanent address, foreign tax identifying number, and any applicable tax treaty claims.

This information is collected through the CrossTrade dashboard and stored as encrypted data in your user account. Taxpayer identification numbers (SSN, EIN, and foreign TIN) are stored using the same encryption standards applied to other sensitive data (AES-256 at rest, TLS/SSL in transit).

2. How We Use Your Information

2.1 Service Delivery

We primarily use the information collected through our Site to process and deliver the Services you request. For Order Information, this includes handling your payment details, processing transactions, arranging shipping (if applicable), and providing you with invoices and order confirmations. We use your Brokerage Connection Information to process and route trading alerts from your third-party platforms to your brokers, maintain and authenticate your account, execute webhook forwarding and API integrations, and provide technical support and troubleshooting.

2.2 Communications

We use your contact information to communicate with you regarding your orders, account status, or other inquiries. This includes transactional emails such as order confirmations, password resets, and security alerts, system status updates and service notifications, customer support responses, and marketing communications (only with your consent; you may opt out at any time on the My Account page).

2.3 Fraud Prevention and Security

We use the information we collect to aid in the detection and prevention of potential risks and fraud. We use Device Information, particularly your IP address, to screen orders for any potential risks or fraudulent activity, detect and prevent unauthorized access to accounts, monitor for suspicious activity or Terms of Service violations, prevent trial abuse and subscription fraud, and investigate security incidents.

2.4 Service Improvement and Analytics

We use Device Information to enhance and optimize our Site and Services. For instance, by generating analytics about how our customers browse and interact with the Site, we can monitor system performance and uptime, identify and resolve technical issues, analyze usage patterns to improve features (aggregated and anonymized), gauge the effectiveness of our marketing and advertising campaigns, and develop new features and functionality.

2.5 Legal Compliance

We may use and disclose your information to comply with applicable laws and regulations, respond to legal requests, subpoenas, search warrants, and court orders, enforce our Terms of Service, and protect our rights and the rights of our users.

2.6 Affiliate Program and Tax Reporting

If you participate in the CrossTrade Affiliate Program, we use your tax information to process commission payouts, generate IRS Form 1099-NEC (for U.S. affiliates earning $600 or more in a calendar year), generate IRS Form 1042-S (for non-U.S. affiliates), and comply with federal, state, and international tax reporting obligations. We use your PayPal email address to process affiliate commission payments. Your referral activity, including click tracking, referral attributions, and commission calculations, is used to operate the affiliate program and provide you with dashboard analytics.

3. Data Retention

We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, or as required by law.

Upon account deletion or cancellation:

• Brokerage credentials (API keys, secret keys): Immediately deleted from all systems
• Account and profile information: Retained until you request deletion
• Trading activity logs: Retained for 90 days for operational and troubleshooting purposes
• Billing records: Retained for 7 years to comply with tax and accounting requirements
• Support communications: Retained to maintain service quality and resolve disputes
• Affiliate tax information (W-9/W-8BEN data): Retained for 7 years after the last tax year in which a 1099-NEC or 1042-S was issued, as required by IRS record retention rules. Taxpayer identification numbers are purged after the retention period expires.
• Affiliate commission and referral records: Retained for 7 years to comply with tax and accounting requirements.
• API usage logs: Retained for 90 days for operational purposes.
• Signal Share transmission logs: Retained for 90 days for operational purposes.

Account Inactivity

CrossTrade reserves the right to suspend or delete accounts that have remained inactive for twelve (12) or more consecutive months, as described in our Terms of Service. Prior to suspension or deletion, CrossTrade will make a reasonable effort to notify the user via the email address on file. Data associated with inactive accounts will be handled in accordance with the retention periods described above.

VPS Data Retention

If you use CrossTrade VPS hosting services, additional data retention provisions apply as described in the VPS Privacy Policy Addendum.

You may request deletion of your data at any time by contacting [email protected]. We will process deletion requests within 30 days, except where retention is required by law or necessary to resolve disputes, enforce our agreements, or protect our legal rights.

4. How We Share Your Information

CrossTrade does not sell your personal information to third parties. We collaborate with third-party services to assist in the utilization of your personal information as outlined above, sharing information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: Payment processing for our online payment operations. You can learn more about how Stripe handles your personal information by visiting their privacy policy at stripe.com/privacy.
• Google Analytics: We use Google Analytics to gain insights into how our customers interact with our site and measure site performance (anonymized data). For detailed information on how Google uses your personal information, you can visit Google's Privacy Policy. If you prefer not to have your data used by Google Analytics, you have the option to opt-out by visiting Google Analytics Opt-out.
• Cloud hosting providers: Infrastructure and data storage services.
• Email service providers: Transactional and marketing emails.

These providers are contractually obligated to protect your data and may only use it to provide services to CrossTrade.

4.2 Brokerage Connections

We transmit trading alerts to the brokers you have connected. This transmission includes only the data necessary to execute trades (symbols, quantities, order types). We do not share your CrossTrade account credentials or personal information with brokers.

4.3 Signal Share Recipients

If you use Signal Share as a sender, trade signal data (including trade symbols, actions, quantities, and order types) is transmitted to the recipient accounts you have connected. CrossTrade does not share your personal account information, identity, or credentials with signal recipients — only the trade data necessary to execute the copied signals.

4.4 Legal Requirements and Compliance

There may be circumstances where we need to share your personal information in order to comply with legal obligations and regulations, respond to subpoenas, search warrants, or other lawful requests for information we receive, or to protect our own rights. We may disclose your information if required by law or if we believe in good faith that such action is necessary to comply with a law, regulation, or legal process, protect the safety, rights, or property of CrossTrade, our users, or the public, investigate fraud, security breaches, or Terms of Service violations, or defend against legal claims.

4.5 Business Transfers

If CrossTrade is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.6 Tax Authorities

We may disclose affiliate tax information (name, address, taxpayer identification number, and payment amounts) to the Internal Revenue Service (IRS) or applicable state tax authorities as required by law, including through the filing of IRS Forms 1099-NEC and 1042-S. We do not disclose taxpayer identification numbers to any other third party except as required by law or legal process.

5. Cookies and Tracking Technologies

5.1 What We Use

We use cookies and similar tracking technologies, such as pixels, tags, and web beacons, to collect, store, and track certain information when you visit our Site. These technologies enable us to maintain user sessions and authentication, remember your preferences and settings, provide essential services on our Site, analyze website traffic and usage patterns to improve your browsing experience (e.g., Google Analytics), and deliver personalized advertisements and measure the effectiveness of marketing campaigns.

For more information about cookies and how to manage or disable them, please visit allaboutcookies.org.

5.2 Types of Cookies

We classify cookies into the following categories:

Strictly Necessary Cookies (Always Active)
These cookies are essential for the operation of the Site and cannot be turned off in our system. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or completing forms. These include session cookies, authentication tokens, and security cookies.

Analytics Cookies (Requires Consent for EEA Users)
These cookies allow us to measure and improve the performance of our Site by collecting data about how visitors interact with it. For example, we use Google Analytics to collect anonymized data about your use of the Site. We use these to improve performance and user experience.

Marketing and Advertising Cookies (Requires Consent for EEA Users)
These cookies may be set through our Site by us or our advertising partners to build a profile of your interests and show you relevant advertisements. They are used to deliver personalized ads and measure campaign effectiveness.

5.3 Managing Cookies

You can control cookies through:

• Our cookie preference center (available when you first visit the site and accessible at any time)
• Your browser settings (instructions at allaboutcookies.org)

Disabling strictly necessary cookies may impair your ability to use the Services.

5.4 Cookie Consent (GDPR Compliance)

For visitors from the European Economic Area (EEA), we only collect and process cookies for Analytics and Marketing/Advertising purposes after obtaining your explicit consent. You can manage your cookie preferences through the cookie banner displayed when you first visit our Site or by revisiting your cookie settings. By default, Strictly Necessary Cookies are enabled, as they are required for the functionality of the Site.

5.5 Do Not Track

Please note that we do not currently respond to "Do Not Track" browser signals, as there is no industry-wide standard for DNT compliance. We do not alter our site's data collection and use practices when we see a Do Not Track signal from your browser.

6. Data Security

6.1 Security Measures

We are committed to the protection of your information. When you provide sensitive details through our website, we ensure its security both in the digital realm and in our physical premises. We implement industry-standard security measures to protect your information:

• TLS/SSL encryption for data in transit. You can confirm this security by noting a closed lock icon at the bottom of your web browser or by the presence of "https" at the start of the webpage address.
• AES-256 encryption for sensitive data at rest (API keys, secret keys, payment information)
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to personal data. Access to personally identifiable information is limited to employees who require it to perform specific tasks (such as billing or customer service).
• Secure server environments with firewall protection. The computers and servers used to store personally identifiable information are maintained in a secure environment.

6.2 Your Responsibilities

You are responsible for:

• Maintaining the confidentiality of your account password
• Using strong, unique passwords
• Securing your API keys and secret keys
• Monitoring your account for unauthorized activity
• Immediately notifying us of suspected security breaches at [email protected]

6.3 No Guarantee

Despite our efforts, no security system is impenetrable. While CrossTrade complies with applicable privacy laws and implements robust security measures to safeguard user data, no system is immune to breaches or unauthorized access. We cannot guarantee absolute security of your information. Unauthorized access, hardware/software failure, and other factors may compromise security. By using our Services, you acknowledge and accept these risks associated with the collection, storage, and transmission of personal data, including data shared via cookies and tracking technologies.

6.4 Breach Notification

In the event of a confirmed data breach that compromises the security, confidentiality, or integrity of your personal data, CrossTrade will:

• Notify affected users via email within seventy-two (72) hours of confirming the breach, or as otherwise required by applicable law.
• Provide a description of the nature of the breach, the categories of data affected, and the approximate number of users impacted.
• Describe the measures taken or proposed to address the breach and mitigate its effects.
• Report the breach to relevant supervisory authorities as required under GDPR, state data breach notification laws, or other applicable regulations.

CrossTrade maintains incident response procedures and conducts regular security assessments to reduce the likelihood of data breaches. However, no system is immune to all threats, and users acknowledge the inherent risks associated with the transmission of data over the internet.

7. Your Privacy Rights

7.1 All Users

Regardless of location, you have the right to:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal exceptions)
• Portability: Request a machine-readable copy of your data
• Opt-Out: Unsubscribe from marketing emails at any time

To exercise these rights, contact us at [email protected].

7.2 European Economic Area (EEA) — GDPR Rights

If you reside in Europe or the European Economic Area (EEA), you are entitled to access personal information we have about you and request that your personal information be rectified, updated, or erased. You have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Obtain confirmation of whether we process your data and access to that data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion of personal data (subject to legal obligations)
• Right to Restrict Processing: Request that we limit how we use your data
• Right to Data Portability: Receive your data in a structured, commonly used format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing at any time (does not affect prior processing)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Should you wish to exercise these rights, please reach out to us using the contact details provided below.

Legal Basis for Processing (GDPR):

• Contractual Necessity: To fulfill any contracts we may have with you (such as if you place an order through the site) and to provide the Services
• Legitimate Interest: To improve our Services, prevent fraud, and ensure security, or to otherwise pursue our legitimate business interests as previously mentioned
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with laws and regulations

Data Transfers: We are based in the United States and the information we collect is governed by United States law. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the United States and other countries. Be aware that your information will be transferred outside of Europe, including to countries like Canada and the United States. For EEA users, we ensure adequate safeguards through Standard Contractual Clauses approved by the European Commission.

7.3 California Residents — CCPA Rights

If you are a California resident, you are entitled to certain rights under the California Consumer Privacy Act (CCPA) and California Civil Code Section 1798.83 ("Shine the Light" law).

Right to Know (CCPA)
You may request information about the categories and specific pieces of personal information we have collected, used, or shared over the past 12 months, including:

• Categories of personal information collected
• Categories of sources from which information was collected
• Business or commercial purposes for collecting, using, or sharing personal information
• Categories of third parties with whom we share personal information
• Specific pieces of personal information we have collected about you

Right to Delete (CCPA)
You may request the deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations).

Right to Opt-Out of Sale (CCPA)
We do not sell personal information. You may opt out of the sale of your personal information, including data collected for advertising purposes. To do so, visit our Do Not Sell My Personal Information page and submit the opt-out form. If our practices change, we will update this policy and provide an opt-out mechanism.

Right to Direct Marketing Information ("Shine the Light" law)
You may request, once a year and free of charge, information about the categories of personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. This includes the names and addresses of such third parties. To make this request, please contact us using the details below.

Rights for Minors Under 18 ("Shine the Light" law)
If you are under 18 and have a registered account with the Site, you can request the removal of unwanted content or information you publicly posted on our Site. While we will remove the data from public view, it may not be fully deleted from our systems (e.g., backups). Contact us to make this request. Note that removal from public view does not guarantee complete deletion from our systems.

Right to Non-Discrimination (CCPA)
We will not discriminate against you for exercising your CCPA rights, including by denying goods or services, charging different prices or rates, providing different levels of quality, or suggesting you will receive different prices or quality.

How to Exercise CCPA Rights:
Email: [email protected]
Include "CCPA Request" in the subject line and provide sufficient information to verify your identity (name, email, account details). We will respond to verified requests within 45 days (extendable by 45 days if necessary).

8. Children's Privacy

Our site and services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe we have collected information from a minor, contact us at [email protected].

9. Changes to This Privacy Policy

When we make changes, we will update the "Last Updated" date at the top of this policy and post the revised policy on our website. For material changes, we may provide additional notice (such as a banner on our website or email notification). Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.

10. Contact Us

For more information about our privacy practices, if you have questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you would like to make a complaint, please contact us:

Email: [email protected]
Mail:
CrossTrade LLC
1309 Coffeen Ave, STE 1200
Sheridan, WY 82801
United States

For EEA users: If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

For California users: Include "California Privacy Rights" in your email subject line for CCPA-related requests.