Privacy Policy

Alpha Trader Firm LLC ("Company," "we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website at www.alphatraderfirm.com and use our services.

This policy is designed to comply with the General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA") as amended by the California Privacy Rights Act ("CPRA"), and other applicable data protection laws worldwide.

By accessing our services, you consent to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our services.

A. Information You Provide Directly

• Full legal name and contact details (email, phone, mailing address)
• Payment and billing information (processed via PCI-DSS compliant third-party processors — we do not store full credit card numbers)
• Identity verification documents for KYC procedures (government ID, proof of address, selfie verification)
• Account registration details including username and password
• Communications via support channels, email, live chat, or social media
• Survey responses, feedback, and promotional participation data

B. Information Collected Automatically

• IP address, device type, operating system, and browser type/version
• Unique device identifiers and device fingerprints
• Usage data: login activity, session duration, pages visited, platform interactions
• Geolocation data (approximate location based on IP address)
• Referral URLs and exit pages
• Cookies, web beacons, pixel tags, and similar tracking technologies
• Log files containing timestamps, access records, and error reports

C. Information from Third Parties

We may receive information from payment processors, identity verification providers, analytics partners, social media platforms, and public databases for compliance purposes.

For users in the EEA, UK, and Switzerland, we process personal data based on:

• Contractual Necessity — processing necessary to perform our contract with you (e.g., providing evaluation services, processing payments)
• Legitimate Interests — processing for fraud prevention, security, platform improvement, and analytics, provided these interests don't override your fundamental rights
• Legal Obligation — processing to comply with applicable laws (tax reporting, AML compliance, legal process)
• Consent — where you've provided explicit consent for specific activities (marketing, non-essential cookies). You may withdraw consent at any time.

• Provide, maintain, and manage your access to our evaluation services
• Process orders, transactions, and refund requests
• Verify your identity for compliance, KYC/AML, and fraud prevention
• Communicate about account updates, service changes, or support inquiries
• Monitor and enforce compliance with our Terms & Conditions
• Detect, prevent, and investigate fraud and unauthorized access
• Improve our services, website functionality, and user experience
• Send marketing communications (only with your consent, where required)
• Comply with legal obligations and law enforcement requests
• Protect our rights, property, and safety, and that of our users

We do not sell, rent, or trade your personal data. We may share information with:

• Service Providers — vendors for hosting, payment processing, identity verification, email delivery, and analytics (contractually bound to maintain confidentiality)
• Legal & Regulatory Authorities — when required by law, legal process, or to protect our legal rights
• Fraud Prevention — fraud prevention databases, chargeback services, and financial institutions
• Business Transfers — in connection with mergers, acquisitions, or asset sales
• With Your Consent — when you've given explicit consent for sharing

Your personal data may be transferred to, stored in, and processed in countries outside your country of residence, including the United States. Where we transfer data from the EEA, UK, or Switzerland to countries without adequate data protection, we implement safeguards including Standard Contractual Clauses ("SCCs") approved by the European Commission, binding corporate rules, or your explicit consent.

We implement robust technical and organizational safeguards including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit (HTTPS)
• Role-based access controls with multi-factor authentication
• Regular security audits, penetration testing, and vulnerability assessments
• Intrusion detection and prevention systems
• Secure server infrastructure with redundancy and disaster recovery
• Employee security training and confidentiality agreements
• Incident response procedures for data breaches

Despite our efforts, no method of transmission over the Internet is 100% secure. Users are responsible for maintaining the confidentiality of their account credentials.

We retain personal information only as long as necessary. Specific retention periods:

• Account data: duration of account plus 5 years after closure
• Transaction records: 7 years for tax and legal compliance
• KYC/identity documents: 5 years after the business relationship ends
• Server logs and analytics: up to 2 years

Once no longer required, data is securely deleted or irreversibly anonymized.

A. Rights Under GDPR (EEA/UK/Swiss Residents)

• Right of Access — request a copy of personal data we hold about you
• Right to Rectification — request correction of inaccurate or incomplete data
• Right to Erasure ("Right to Be Forgotten") — request deletion, subject to legal retention requirements
• Right to Restriction of Processing — request limits on how we use your data
• Right to Data Portability — receive data in a structured, machine-readable format
• Right to Object — object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent — withdraw consent at any time

B. Rights Under CCPA/CPRA (California Residents)

• Right to Know — disclosure of categories and specific pieces of personal information collected
• Right to Delete — request deletion of personal information
• Right to Correct — request correction of inaccurate information
• Right to Opt-Out of Sale/Sharing — we do not sell or share your personal information
• Right to Non-Discrimination — no discrimination for exercising privacy rights

To exercise any rights, contact [email protected]. We respond within 30 days (GDPR) or 45 days (CCPA).

In the event of a personal data breach likely to risk your rights and freedoms, we will: notify the relevant supervisory authority within 72 hours (GDPR Article 33); notify affected individuals without undue delay where high risk exists; document the breach, its effects, and remedial actions; and cooperate with regulatory authorities.

Our platform may contain links to external websites not operated by us. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review their privacy policies before submitting personal information.

Our services are not intended for individuals under 18 (or the age of majority in their jurisdiction). We do not knowingly collect personal information from minors. If we become aware of inadvertent collection from a minor, we will immediately delete such information.

Our platform does not currently respond to "Do Not Track" (DNT) signals. You can manage cookie preferences through our Cookies Policy and browser settings.

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be communicated via email or prominent notice. The "Last Updated" date indicates when the policy was last revised. Continued use after changes constitutes acceptance.

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

For GDPR-related inquiries, you may also contact your local data protection authority.