Privacy Policy

Effective Date: March 1, 2026
Version: 1.0.0

1. Introduction & Scope

PyP ("we," "us," or "our") operates an AI-guided trading platform that enables users to create, automate, and monetize trading strategies across multiple channels including web, Telegram, WhatsApp, and Discord. This Privacy Policy explains how we collect, use, share, and protect your personal information.

Contact Information: pyp-support@stanl.ink
Data Protection Officer: pyp-support@stanl.ink
Platform Coverage: Web app, Telegram bot, WhatsApp bot, Discord bot, mobile apps

2. Information We Collect

2.1 Account Information

• Registration Data: Email, username, password (hashed)
• Profile Information: Display name, avatar, bio, location (optional)
• Verification Data: KYC documents for creator monetization
• SLK Creator ID: For creator program participation
• Payment Information: Processed by SLK Pay (we don't store payment details)

2.2 Trading & Strategy Data

• Strategy Code: .pyp files, strategy names, descriptions
• Trading Preferences: Currency pairs, timeframes, risk settings
• Performance Data: Backtesting results, live trading metrics
• Market Data Usage: Historical data access patterns
• Subscription Data: Plan type, billing cycle, usage limits

2.3 Platform Usage Data

• Activity Logs: Login times, feature usage, session duration
• Bot Interactions: Telegram/WhatsApp/Discord message history
• API Usage: Request logs, rate limiting data
• Error Logs: Crash reports, debugging information
• Device Information: Browser type, OS, IP address, device ID

2.4 Communication Data

• Support Tickets: Help requests, bug reports, feature requests
• Community Posts: Forum posts, comments, ratings, reviews
• Notifications: Email preferences, push notification settings
• Marketing Communications: Newsletter subscriptions, promotional emails

2.5 Financial & Monetization Data

• Earnings Data: Creator revenue, marketplace sales
• Transaction History: Strategy purchases, subscription payments
• Payout Information: SLK Creator ID, payment preferences
• Tax Information: Required for creator monetization (handled by SLK Pay)

3. How We Use Your Information

3.1 Core Platform Services

• Account Management: Authentication, profile management
• Strategy Development: Code compilation, backtesting, optimization
• Trading Execution: Signal delivery, performance tracking
• Marketplace Operations: Strategy listing, sales, reviews

3.2 Communication & Support

• Customer Support: Ticket resolution, technical assistance
• Platform Updates: Feature announcements, maintenance notices
• Educational Content: Tutorials, webinars, market insights
• Community Features: Forums, chat, collaboration tools

3.3 Business Operations

• Service Improvement: Feature development, bug fixes, optimization
• Analytics: Usage patterns, performance metrics, user behavior
• Security: Fraud prevention, abuse detection, account protection
• Compliance: Legal requirements, regulatory reporting

3.4 Monetization & Payments

• Creator Payouts: Revenue distribution via SLK Pay
• Marketplace Transactions: Strategy sales, commission tracking
• Subscription Management: Billing, renewals, plan changes
• Financial Reporting: Tax documents, earnings statements

4. Information Sharing & Disclosure

4.1 Third-Party Service Providers

• SLK Pay: Payment processing, creator payouts, financial transactions
• Cloud Infrastructure: AWS, Cloudflare for hosting and CDN
• Analytics Services: Usage tracking, performance monitoring
• Communication Platforms: Telegram, WhatsApp, Discord APIs
• Email Services: Transactional and marketing email delivery

4.2 Business Transfers

• Mergers & Acquisitions: Data transfer in business transactions
• Asset Sales: Strategy marketplace, user base transfers
• Corporate Restructuring: Subsidiary transfers, spin-offs

4.3 Legal Requirements

• Law Enforcement: Court orders, subpoenas, legal investigations
• Regulatory Compliance: Financial regulations, tax reporting
• Safety & Security: Fraud prevention, abuse reporting
• Intellectual Property: DMCA takedowns, copyright disputes

4.4 User Consent

• Explicit Consent: Marketing communications, data sharing
• Marketplace Listings: Public strategy information
• Community Features: Forum posts, public profiles
• Creator Program: Public creator profiles, earnings disclosure

5. Data Retention & Deletion

5.1 Retention Periods

• Account Data: Retained while account is active + 7 years after closure
• Trading Data: Strategy performance data retained for 10 years
• Financial Records: Transaction history retained for 7 years (tax compliance)
• Communication Logs: Support tickets retained for 3 years
• Usage Analytics: Aggregated data retained indefinitely

5.2 Data Deletion Rights

• Account Deletion: Complete account removal process
• Data Portability: Export personal data in machine-readable format
• Selective Deletion: Remove specific data types upon request
• Automatic Deletion: Inactive account cleanup after 2 years

5.3 Deletion Limitations

• Legal Requirements: Data required for compliance cannot be deleted
• Financial Records: Transaction history retained for tax/audit purposes
• Security Logs: Fraud prevention data retained for security
• Aggregated Analytics: Anonymous usage statistics retained

6. Data Security & Protection

6.1 Technical Safeguards

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions, multi-factor authentication
• Network Security: Firewalls, DDoS protection, intrusion detection
• Code Security: Regular security audits, vulnerability scanning

6.2 Operational Security

• Employee Training: Privacy and security awareness programs
• Access Monitoring: Audit logs for all data access
• Incident Response: Data breach notification procedures
• Vendor Management: Third-party security assessments

6.3 Data Minimization

• Collection Limits: Only collect necessary data for services
• Purpose Limitation: Use data only for stated purposes
• Storage Limits: Delete data when no longer needed
• Access Limits: Restrict employee access to necessary data only

7. International Data Transfers

7.1 Transfer Mechanisms

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved data transfer agreements
• Binding Corporate Rules: Internal data transfer policies
• Consent: User consent for specific transfers

7.2 Geographic Locations

• Primary Servers: United States (AWS)
• Backup Locations: European Union (AWS)
• CDN Locations: Global Cloudflare network
• Third-Party Locations: As specified in service provider agreements

8. Children's Privacy

8.1 Age Restrictions

• Minimum Age: 18+ for trading features, 13+ for educational content
• Parental Consent: Required for users under 18
• Age Verification: Methods for confirming user age
• Restricted Features: Trading disabled for minors

8.2 Special Protections

• Limited Data Collection: Minimal data for minors
• Parental Controls: Account management by parents/guardians
• Educational Focus: Age-appropriate content and features
• No Marketing: No promotional communications to minors

9. Regional Privacy Rights

9.1 GDPR Rights (EU/UK)

• Right to Access: Request copy of personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Delete personal data ("right to be forgotten")
• Right to Portability: Export data in machine-readable format
• Right to Object: Opt-out of processing for marketing/profiling
• Right to Restrict: Limit processing in certain circumstances

9.2 CCPA Rights (California)

• Right to Know: Categories and sources of personal information
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale of personal information
• Right to Non-Discrimination: No penalties for exercising rights

9.3 Other Regional Rights

• PIPEDA (Canada): Access, correction, and complaint rights
• LGPD (Brazil): Similar rights to GDPR
• PDPA (Singapore): Data protection and access rights
• Privacy Act (Australia): Access and correction rights

10. Cookies & Tracking Technologies

10.1 Cookie Types

• Essential Cookies: Required for platform functionality
• Performance Cookies: Analytics and performance monitoring
• Functional Cookies: User preferences and settings
• Marketing Cookies: Advertising and promotional content

10.2 Tracking Technologies

• Web Beacons: Email open tracking, page view analytics
• Local Storage: Browser-based data storage
• Session Storage: Temporary session data
• Device Fingerprinting: Device identification for security

10.3 Cookie Management

• Cookie Banner: Consent management for non-essential cookies
• Cookie Settings: Granular control over cookie categories
• Opt-Out Options: How to disable cookies and tracking
• Third-Party Cookies: External service cookie policies

11. Marketing & Communications

11.1 Communication Types

• Transactional Emails: Account notifications, trading alerts
• Marketing Emails: Newsletters, promotional offers, product updates
• SMS/Push Notifications: Mobile app notifications, trading signals
• In-App Messages: Feature announcements, tips, tutorials

11.2 Consent & Preferences

• Opt-In Requirements: Explicit consent for marketing communications
• Preference Center: Granular control over communication types
• Unsubscribe Options: Easy opt-out from all communications
• Frequency Controls: Limit communication frequency

12. Automated Decision Making & Profiling

12.1 Automated Systems

• Trading Algorithms: AI-powered strategy recommendations
• Risk Assessment: Automated risk scoring and limits
• Fraud Detection: Automated suspicious activity detection
• Content Moderation: Automated content filtering

12.2 User Rights

• Right to Explanation: Understand automated decision logic
• Right to Human Review: Request human intervention
• Right to Object: Opt-out of automated decision making
• Right to Contest: Challenge automated decisions

13. Data Breach Notification

13.1 Breach Response

• Detection: Monitoring systems for data breaches
• Assessment: Evaluate breach scope and risk level
• Containment: Immediate steps to stop the breach
• Investigation: Forensic analysis of breach cause

13.2 Notification Procedures

• Regulatory Notification: Report to authorities within 72 hours
• User Notification: Inform affected users without undue delay
• Public Disclosure: Transparency reports on security incidents
• Remediation: Steps taken to prevent future breaches

14. Contact Information & Complaints

14.1 Privacy Contacts

• Data Protection Officer: pyp-support@stanl.ink
• Privacy Team: pyp-support@stanl.ink
• General Support: pyp-support@stanl.ink
• Legal Department: pyp-support@stanl.ink

14.2 Complaint Procedures

• Internal Complaints: Contact pyp-support@stanl.ink
• EU Residents: Contact your local data protection authority
• Response Timeframes: 30 days maximum for responses
• Resolution Process: Investigation and remediation procedures

15. Policy Updates & Changes

15.1 Update Procedures

• Notification Methods: Email, in-app notifications, website posting
• Effective Dates: 30 days after notification for material changes
• Material Changes: Significant changes require explicit consent
• Version Control: All versions archived with effective dates

15.2 User Options

• Continued Use: Acceptance of changes through continued use
• Opt-Out Rights: Right to close account if disagreeing with changes
• Grandfathering: Existing protections during transition periods
• Grace Periods: Time to review and respond to changes

---

Last Updated: March 1, 2026
Next Review: January 1, 2027

For privacy questions or to exercise your rights, contact pyp-support@stanl.ink