1.1 Account and Identity Information
When you create a CrossTrade account, we collect information necessary to establish and maintain your account. This includes your full name, email address, billing address, and payment information. Payment information, including credit card numbers, is processed securely through our payment processor, Stripe. We do not store complete credit card numbers on our servers. Your account credentials, including your username and password, are stored using industry-standard encryption protocols to protect against unauthorized access.
1.2 Brokerage Connection Information
To facilitate trade automation between your third-party alerting platforms and your brokerage accounts, we may collect connection information you provide when setting up broker integrations.
This may include:
- Brokerage account credentials (API keys, secret keys, OAuth tokens)
- Broker account identifiers
- Connected broker names and account types
- Webhook URLs and endpoint configurations
The specific information collected depends on the broker and connection method you choose. Some brokers may require only basic API credentials, while others may require additional authentication data.
Critical Security Note: API keys and secret keys provide direct access to your brokerage accounts and allow for the placement of trades, modification of positions, and in some cases, withdrawal of funds (depending on your broker's API permissions). We store these credentials encrypted both at rest and in transit using AES-256 encryption and TLS/SSL protocols. However, you remain solely responsible for the security of these credentials. Any unauthorized person who obtains your API keys or secret keys can use them to execute trades in your account, potentially leading to significant financial losses. Never share your CrossTrade login credentials, API keys, or secret keys with anyone. If you suspect your credentials have been compromised, immediately revoke them through your broker's platform and change your CrossTrade password.
1.3 Trading Activity Data
We collect data necessary to process, route, and analyze your trading activity. This includes incoming webhook payloads and alert content, trade symbols, quantities, order types, and prices, timestamps of alert receipt, forwarding, and execution, execution confirmations, rejections, and error logs, account activity logs and system interactions, position data including open positions, closed positions, and position sizes, profit and loss (P&L) data for connected accounts, trade history and performance metrics, risk management data such as stop losses, take profits, and drawdowns, and account balances and equity curves when available from broker APIs.
This data is used to route alerts to your brokers, provide account management features, enable trade journaling and performance analytics, generate reports and insights on your trading activity, and troubleshoot technical issues. We retain trading activity logs for 90 days for operational purposes and may retain aggregated, anonymized performance data indefinitely for product improvement.
1.4 Device and Usage Information
When you visit our Site or use our Services, we automatically gather certain technical data about your device and how you interact with our platform. This automatically-collected data is referred to as "Device Information" and includes your IP address, browser type and version, operating system, device identifiers, time zone and locale settings, pages visited and features used, referral sources (the websites or search terms that brought you to our Site), session duration and interaction patterns, machine identifiers such as your NinjaTrader Machine ID, and information about how you navigate through and interact with the Site.
We collect machine identifiers to prevent abuse of our free trial system and ensure compliance with our one-trial-per-user policy as outlined in our Terms of Service.
The methods we use to collect Device Information include:
Cookies: Data files placed on your device or computer, often containing an anonymous unique identifier. For more details about cookies and instructions on how to disable them, visit https://allaboutcookies.org/
Log Files: These monitor activities on the Site and collect data such as your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
Web Beacons, Tags, and Pixels: Electronic files utilized to track how you browse the Site and measure the effectiveness of marketing campaigns.
1.5 Order and Transaction Information
When you make or attempt to make a purchase through the Site, we gather certain information from you to process your transaction. This type of information is known as "Order Information" and includes your name, billing address, shipping address (if applicable), payment information (which includes credit card numbers, processed securely through Stripe), email address, and phone number. This information is used to complete your purchase, process payment, arrange any necessary shipping or delivery, and provide you with invoices and order confirmations.
1.6 Communications
We retain records of your communications with CrossTrade to provide customer support and improve our Services. This includes support tickets and customer service inquiries, email correspondence with CrossTrade, chat logs and support interactions, notification preferences and communication history, and feedback or survey responses you provide.In this Privacy Policy, when we refer to "Personal Information," we are encompassing all categories of information described above, including Device Information, Order Information, Account Information, Brokerage Connection Information, Trading Activity Data, and Communications.
2.1 Service Delivery
We primarily use the information collected through our Site to process and deliver the Services you request. For Order Information, this includes handling your payment details, processing transactions, arranging shipping (if applicable), and providing you with invoices and order confirmations. We use your Brokerage Connection Information to process and route trading alerts from your third-party platforms to your brokers, maintain and authenticate your account, execute webhook forwarding and API integrations, and provide technical support and troubleshooting.
2.2 Communications
We use your contact information to communicate with you regarding your orders, account status, or other inquiries. This includes transactional emails such as order confirmations, password resets, and security alerts, system status updates and service notifications, customer support responses, and marketing communications (only with your consent; you may opt out at any time on the My Account page).
2.3 Fraud Prevention and Security
We use the information we collect to aid in the detection and prevention of potential risks and fraud. We use Device Information, particularly your IP address, to screen orders for any potential risks or fraudulent activity, detect and prevent unauthorized access to accounts, monitor for suspicious activity or Terms of Service violations, prevent trial abuse and subscription fraud, and investigate security incidents.
2.4 Service Improvement and Analytics
We use Device Information to enhance and optimize our Site and Services. For instance, by generating analytics about how our customers browse and interact with the Site, we can monitor system performance and uptime, identify and resolve technical issues, analyze usage patterns to improve features (aggregated and anonymized), gauge the effectiveness of our marketing and advertising campaigns, and develop new features and functionality.
2.5 Legal Compliance
We may use and disclose your information to comply with applicable laws and regulations, respond to legal requests, subpoenas, search warrants, and court orders, enforce our Terms of Service, and protect our rights and the rights of our users.
We retain your personal information for as long as necessary to provide the Services and fulfill the purposes described in this Privacy Policy, or as required by law.
Upon account deletion or cancellation:
- Brokerage credentials (API keys, secret keys):
Immediately deleted from all systems
- Account and profile information: Retained until you request deletion
- Trading activity logs: Retained for operational and troubleshooting purposes- Billing records: Retained for 7 years to comply with tax and accounting requirements
- Support communications: Retained to maintain service quality and resolve disputes
You may request deletion of your data at any time by contacting [email protected]. We will process deletion requests within 30 days, except where retention is required by law or necessary to resolve disputes, enforce our agreements, or protect our legal rights.
CrossTrade does not sell your personal information to third parties. We collaborate with third-party services to assist in the utilization of your personal information as outlined above, sharing information only in the following limited circumstances:
4.1 Service Providers
We share information with third-party vendors who perform services on our behalf:
Stripe: Payment processing for our online payment operations. You can learn more about how Stripe handles your personal information by visiting their privacy policy at https://stripe.com/privacy.
Google Analytics: We use Google Analytics to gain insights into how our customers interact with our site and measure site performance (anonymized data). For detailed information on how Google uses your personal information, you can visit Google's Privacy Policy. If you prefer not to have your data used by Google Analytics, you have the option to opt-out by visiting Google Analytics Opt-out.
Cloud hosting providers: Infrastructure and data storage services.
Email service providers: Transactional and marketing emails.
These providers are contractually obligated to protect your data and may only use it to provide services to CrossTrade.
4.2 Brokerage Connections
We transmit trading alerts to the brokers you have connected. This transmission includes only the data necessary to execute trades (symbols, quantities, order types). We do not share your CrossTrade account credentials or personal information with brokers.
4.3 Legal Requirements and Compliance
There may be circumstances where we need to share your personal information in order to comply with legal obligations and regulations, respond to subpoenas, search warrants, or other lawful requests for information we receive, or to protect our own rights. We may disclose your information if required by law or if we believe in good faith that such action is necessary to comply with a law, regulation, or legal process, protect the safety, rights, or property of CrossTrade, our users, or the public, investigate fraud, security breaches, or Terms of Service violations, or defend against legal claims.
4.4 Business Transfers
If CrossTrade is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
5.1 What We Use
We use cookies and similar tracking technologies, such as pixels, tags, and web beacons, to collect, store, and track certain information when you visit our Site. These technologies enable us to maintain user sessions and authentication, remember your preferences and settings, provide essential services on our Site, analyze website traffic and usage patterns to improve your browsing experience (e.g., Google Analytics), and deliver personalized advertisements and measure the effectiveness of marketing campaigns.
For more information about cookies and how to manage or disable them, please visit allaboutcookies.org.
5.2 Types of Cookies
We classify cookies into the following categories:
Strictly Necessary Cookies (Always Active)These cookies are essential for the operation of the Site and cannot be turned off in our system. They are usually set in response to actions made by you, such as setting your privacy preferences, logging in, or completing forms. These include session cookies, authentication tokens, and security cookies.
Analytics Cookies (Requires Consent for EEA Users)These cookies allow us to measure and improve the performance of our Site by collecting data about how visitors interact with it. For example, we use Google Analytics to collect anonymized data about your use of the Site. We use these to improve performance and user experience.
Marketing and Advertising Cookies (Requires Consent for EEA Users)These cookies may be set through our Site by us or our advertising partners to build a profile of your interests and show you relevant advertisements. They are used to deliver personalized ads and measure campaign effectiveness.
5.3 Managing Cookies
You can control cookies through:
- Our cookie preference center (available when you first visit the site and accessible at any time at [link])
- Your browser settings (instructions at allaboutcookies.org)
Disabling strictly necessary cookies may impair your ability to use the Services.
5.4 Cookie Consent (GDPR Compliance)
For visitors from the European Economic Area (EEA), we only collect and process cookies for Analytics and Marketing/Advertising purposes after obtaining your explicit consent. You can manage your cookie preferences through the cookie banner displayed when you first visit our Site or by revisiting your cookie settings at [link]. By default, Strictly Necessary Cookies are enabled, as they are required for the functionality of the Site.
5.5 Do Not Track
Please note that we do not currently respond to "Do Not Track" browser signals, as there is no industry-wide standard for DNT compliance. We do not alter our site's data collection and use practices when we see a Do Not Track signal from your browser.
6.1 Security Measures
We are committed to the protection of your information. When you provide sensitive details through our website, we ensure its security both in the digital realm and in our physical premises. We implement industry-standard security measures to protect your information:
- TLS/SSL encryption for data in transit. You can confirm this security by noting a closed lock icon at the bottom of your web browser or by the presence of "https" at the start of the webpage address.
- AES-256 encryption for sensitive data at rest (API keys, secret keys, payment information)
- Regular security audits and vulnerability assessments
- Access controls limiting employee access to personal data. Access to personally identifiable information is limited to employees who require it to perform specific tasks (such as billing or customer service).
- Secure server environments with firewall protection. The computers and servers used to store personally identifiable information are maintained in a secure environment, reinforcing our commitment to your data's safety.
6.2 Your Responsibilities
You are responsible for:
- Maintaining the confidentiality of your account password
- Using strong, unique passwords
- Securing your API keys and secret keys
- Monitoring your account for unauthorized activity
- Immediately notifying us of suspected security breaches at [email protected]
6.3 No Guarantee
Despite our efforts, no security system is impenetrable. While CrossTrade complies with applicable privacy laws and implements robust security measures to safeguard user data, no system is immune to breaches or unauthorized access. We cannot guarantee absolute security of your information. Unauthorized access, hardware/software failure, and other factors may compromise security. By using our Services, you acknowledge and accept these risks associated with the collection, storage, and transmission of personal data, including data shared via cookies and tracking technologies.
6.4 Breach Notification
In the event of a data breach that affects your personal information, we will notify you via email within 72 hours of discovering the breach (or as otherwise required by applicable law) and provide information about the nature of the breach and steps you should take.
7.1 All Users
Regardless of location, you have the right to:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information (subject to legal exceptions)
- Portability: Request a machine-readable copy of your data
- Opt-Out: Unsubscribe from marketing emails at any time
To exercise these rights, contact us at [email protected].
7.2 European Economic Area (EEA) - GDPR Rights
If you reside in Europe or the European Economic Area (EEA), you are entitled to access personal information we have about you and request that your personal information be rectified, updated, or erased. You have additional rights under the General Data Protection Regulation (GDPR):
Right to Access: Obtain confirmation of whether we process your data and access to that data
Right to Rectification: Correct inaccurate personal data
Right to Erasure: Request deletion of personal data (subject to legal obligations)
Right to Restrict Processing: Request that we limit how we use your data
Right to Data Portability: Receive your data in a structured, commonly used format
Right to Object: Object to processing based on legitimate interests or for direct marketing
Right to Withdraw Consent: Withdraw consent for processing at any time (does not affect prior processing)
Right to Lodge a Complaint: File a complaint with your local data protection authority
Should you wish to exercise these rights, please reach out to us using the contact details provided below.
Legal Basis for Processing (GDPR):Contractual Necessity: To fulfill any contracts we may have with you (such as if you place an order through the site) and to provide the Services
Legitimate Interest: To improve our Services, prevent fraud, and ensure security, or to otherwise pursue our legitimate business interests as previously mentioned
Consent: For marketing communications and non-essential cookies
Legal Obligation: To comply with laws and regulations
Data Transfers: We are based in the United States and the information we collect is governed by United States law. By accessing or using the Services or otherwise providing information to us, you consent to the processing and transfer of information in and to the United States and other countries. Be aware that your information will be transferred outside of Europe, including to countries like Canada and the United States. For EEA users, we ensure adequate safeguards through Standard Contractual Clauses approved by the European Commission.
7.3 California Residents - CCPA Rights
If you are a California resident, you are entitled to certain rights under the California Consumer Privacy Act (CCPA) and California Civil Code Section 1798.83 ("Shine the Light" law).
Right to Know (CCPA)You may request information about the categories and specific pieces of personal information we have collected, used, or shared over the past 12 months, including:
- Categories of personal information collected
- Categories of sources from which information was collected
- Business or commercial purposes for collecting, using, or sharing personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information we have collected about you
Right to Delete (CCPA)You may request the deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations).
Right to Opt-Out of Sale (CCPA)We do not sell personal information. You may opt out of the sale of your personal information, including data collected for advertising purposes. To do so, visit [here] and submit the opt-out form. If our practices change, we will update this policy and provide an opt-out mechanism.
Right to Direct Marketing Information ("Shine the Light" law)You may request, once a year and free of charge, information about the categories of personal information (if any) disclosed to third parties for direct marketing purposes in the preceding calendar year. This includes the names and addresses of such third parties. To make this request, please contact us using the details below.
Rights for Minors Under 18 ("Shine the Light" law)If you are under 18 and have a registered account with the Site, you can request the removal of unwanted content or information you publicly posted on our Site. While we will remove the data from public view, it may not be fully deleted from our systems (e.g., backups). Contact us to make this request. Note that removal from public view does not guarantee complete deletion from our systems.
Right to Non-Discrimination (CCPA)We will not discriminate against you for exercising your CCPA rights, including by denying goods or services, charging different prices or rates, providing different levels of quality, or suggesting you will receive different prices or quality.
How to Exercise CCPA Rights: Email: [email protected]
Include "CCPA Request" in the subject line and provide sufficient information to verify your identity (name, email, account details).We will respond to verified requests within 45 days (extendable by 45 days if necessary).
Our site and services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.If we discover that we have collected information from a child under 18, we will delete it immediately. If you believe we have collected information from a minor, contact us at [email protected].
When we make changes, we will update the "Last Updated" date at the top of this policy and post the revised policy on our website. For material changes, we may provide additional notice (such as a banner on our website or email notification). Your continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Policy.
For more information about our privacy practices, if you have questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you would like to make a complaint, please contact us:
Email: [email protected]
Mail:
CrossTrade LLC
1309 Coffeen Ave, STE 1200
Sheridan, WY 82801
United States
For EEA users: If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
For California users: Include "California Privacy Rights" in your email subject line for CCPA-related requests.
