TRADER ORIGIN

Privacy Policy

Effective date: 2026-03-08

This Privacy Policy explains how Aetherium Solutions Ltd, trading as Trader Origin ("we", "us", "our") collects, uses, and protects your personal data when you use any of our services, including the Enigma desktop application, the Genesis Engine, automated trading algorithms via AstraBit, and the Trader Origin website (collectively, the "Services"). We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

Aetherium Solutions Ltd is the data controller for personal data processed through the Services. Contact: support@traderorigin.com.

2. Data We Collect

Account & Subscription Data: Username, email address, hashed password, role, account type (individual or business), business name (if applicable), account creation date, terms acceptance record, marketing email preference. For Genesis Engine subscribers: your TradingView username and Discord username (collected via LaunchPass for role assignment and script access).

Payment & Billing Data: Transaction records, subscription status, and billing email are stored by us. Card details and sensitive payment information are handled directly by Stripe (and by AstraBit for algorithm subscriptions) and are never stored on our servers.

Technical Data: IP address (hashed for session validation), browser type, device and operating system information, pages visited on our website, basic usage patterns (features accessed, session duration).

Market Data Usage: Which assets you view (including cryptocurrency and traditional market instruments), chart configurations, backtest parameters, and strategy configurations — used to deliver the Service and improve functionality.

Exchange API Keys: If you connect a third-party exchange account (e.g. Hyperliquid), your API keys are stored encrypted on our servers. We use these keys solely to execute trade orders and retrieve account data as you instruct. We do not store exchange account passwords or withdrawal-enabled credentials.

Trade Execution Data: Records of trades submitted through the Service, including order parameters, execution status, timestamps, and associated strategy or webhook configurations.

Webhook & Alert Configurations: Alert rules, webhook endpoints, trigger conditions, and automation settings you create within the Service.

Contact & Support Data: When you contact us via our contact form, email, or submit a support ticket, we store your name, email address, message content, subject, category, and any replies.

Promotional Data: If you participate in a competition or promotion, we may collect information necessary for your participation, such as your name, email address, or other details as specified in the promotion's rules.

Local Storage: The desktop application stores preferences, authentication tokens, and workspace layout locally on your device.

Cookies: We use cookies and similar technologies on our website and services. See our Cookie Policy for details.

3. How We Use Your Data

• Account management: Authentication, session management, and account security.
• Service delivery: Providing market data, backtesting, analytical tools, granting access to the Genesis Engine script, and executing trade orders on your connected exchange accounts as you instruct.
• Subscription management: Processing payments, managing subscription status, and maintaining financial records across all our Services.
• Promotions: Managing your participation in any promotions or competitions.
• Security: Fraud prevention, abuse detection, and protecting our infrastructure.
• Analytics: Understanding how the Services are used to improve features, performance, and user experience.
• Communications: Service-related emails (verification, password reset, security alerts, important updates) and responding to inquiries and support requests.
• Legal compliance: Ensuring compliance with applicable laws and preventing fraudulent activity.

4. Legal Basis for Processing

• Contract: Processing necessary to provide the Services you signed up for (account management, service delivery, billing).
• Legitimate interest: Security monitoring, analytics, and service improvement.
• Consent: Where required, such as for optional marketing communications and non-essential cookies.
• Legal obligation: Retention of financial records as required by UK tax law.

5. Data Sharing

We value your privacy and do not sell your personal data. We may share data with:

• Third-party exchanges (e.g. Hyperliquid) — your API keys are transmitted to the exchange to execute trades you initiate. We send only the data necessary to fulfil your trade instructions.
• Stripe, Inc. — for securely processing all payments. We do not store your full payment card details.
• AstraBit — for managing subscriptions to automated trading algorithms. AstraBit processes data under its own privacy policy.
• LaunchPass — for managing Genesis Engine subscriptions and Discord role access.
• Zapier — for automating workflows between our service providers (e.g. notifications between LaunchPass and our internal systems).
• Netlify — for hosting our website and processing contact form submissions.
• Google Analytics — for website traffic and performance analysis (anonymised/aggregated data).
• Infrastructure providers — hosting and email delivery services, under data processing agreements.
• Law enforcement — only when required by valid legal process.
• Business transfers: If Aetherium Solutions Ltd is involved in a merger, acquisition, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such transfer.

6. Data Retention

• Account data: Retained while your account is active, plus a reasonable period after deletion to handle disputes or legal requirements.
• Server logs: Retained for 90 days.
• Financial records: Retained as required by UK tax law (typically 6 years).
• Support tickets: Retained while your account is active.
• API keys: Retained while actively connected. Deleted from our servers when you remove them or upon account deletion.
• Trade execution logs: Retained while your account is active, plus a reasonable period for dispute resolution.

7. Your Rights

Under UK GDPR (and, where applicable, EU GDPR), you have the right to:

• Access the personal data we hold about you.
• Rectification — correct inaccurate personal data.
• Erasure — request deletion of your data ("right to be forgotten").
• Data portability — receive your data in a structured, machine-readable format.
• Object to processing based on legitimate interests.
• Restrict processing in certain circumstances.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, contact support@traderorigin.com. We will respond within 30 days. For data managed directly by our partners (such as payment details with Stripe or subscription management with LaunchPass/AstraBit), you may need to contact them directly.

8. Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), hashed passwords (bcrypt), IP-bound sessions, two-factor authentication, and encrypted storage of exchange API keys. No system is completely secure, and we cannot guarantee absolute security.

9. Children

The Services are not intended for anyone under the age of 18. We do not knowingly collect data from children.

10. International Transfers

Some of our service providers (including Stripe, Google Analytics, and exchange API endpoints) are based outside the United Kingdom. These transfers are covered by appropriate safeguards, including adequacy decisions and standard contractual clauses where applicable. By connecting your exchange API keys, you acknowledge that your trade data will be transmitted to the exchange's servers in their operating jurisdiction.

11. International Users

We process data under UK GDPR. If you are located in the European Economic Area (EEA), you benefit from equivalent protections under EU GDPR. If you are in the United States, California residents may have additional rights under the California Consumer Privacy Act (CCPA) — contact us to exercise them. Users in other jurisdictions should review their local data protection laws. We will make reasonable efforts to comply with applicable privacy regulations worldwide.

12. Third-Party Links

Our Services contain links to third-party platforms and services. This Privacy Policy does not apply to those platforms. We encourage you to review their respective privacy policies, as we are not responsible for their data handling practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via in-app notification (for Enigma) and by updating the effective date on this page. Your continued use of our Services after such changes constitutes your acceptance of the updated Privacy Policy.

14. Contact & Complaints

For privacy-related questions or to exercise your rights: support@traderorigin.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.