Privacy Policy

1. Who we are

In this Privacy Policy, “Edgecraft”, “we”, “us” and “our” refer to Edgecraft. “You” and “your” refer to the person or organisation accessing or using Edgecraft. For the purposes of data protection law, Edgecraft is the controller of your personal data unless we state otherwise.

2. What this Privacy Policy covers

This Privacy Policy covers personal data we process in connection with:

• the Edgecraft website;
• the Edgecraft waitlist;
• account registration and login;
• product usage;
• strategy testing and analysis features;
• AI-assisted workflows;
• reports and insights;
• customer support;
• email updates and marketing;
• billing and subscriptions;
• analytics and security;
• integrations with exchanges, APIs, data providers, and other third-party services.

This Privacy Policy does not apply to third-party websites, exchanges, wallets, brokers, data providers, payment processors, or services that we do not control. Their own privacy policies will apply.

3. Personal data we collect

We may collect the following categories of personal data.

Account and contact data

This may include your name, email address, username, password or authentication details, company name, role, country, communication preferences, and account settings.

Waitlist and marketing data

This may include your email address, referral source, campaign data, waitlist status, product interest, feedback, survey responses, and marketing preferences.

Product usage data

This may include pages viewed, features used, clicks, events, session information, device information, browser type, IP address, approximate location, logs, timestamps, error reports, and diagnostic data.

Trading strategy and analysis data

This may include prompts, trading ideas, strategy rules, parameters, scripts, indicators, watchlists, strategy notes, backtest settings, optimisation settings, analysis requests, generated reports, performance outputs, and related user-generated content.

Connected account and integration data

If you connect third-party services, we may process information needed to provide the integration. This may include exchange account identifiers, API permissions, balances, positions, orders, fills, transaction history, trading activity, fees, funding data, portfolio data, and integration status. Where possible, you should use the minimum permissions required for the feature you want to use.

Payment and billing data

If you subscribe to a paid plan, our payment processor may collect payment details, billing address, tax information, invoices, transaction records, subscription status, and payment history. We do not intentionally store full card numbers.

Communications data

This may include emails, support requests, chat messages, call notes, feedback, bug reports, and other communications with us.

AI input and output data

This may include prompts, instructions, uploaded or connected data, generated outputs, analysis summaries, explanations, comparisons, recommendations, and related interaction history.

Security and fraud prevention data

This may include login history, authentication events, IP addresses, device identifiers, unusual activity signals, abuse reports, and information needed to detect, prevent, or investigate misuse, fraud, security incidents, or unlawful activity.

4. How we collect personal data

We collect personal data:

• directly from you when you join the waitlist, create an account, use the platform, submit prompts, configure strategies, contact us, or provide feedback;
• automatically when you use our website or platform;
• from connected third-party services where you choose to connect them;
• from payment processors and subscription tools;
• from analytics, security, and infrastructure providers;
• from publicly available sources or business contacts where relevant to sales, partnerships, or compliance.

5. How we use personal data and our lawful basis

We use personal data for the purposes below.

To provide Edgecraft

We use account data, product usage data, strategy data, integration data, and AI input/output data to operate the platform, provide features, generate reports, run analysis, support integrations, and deliver the service.
Lawful basis: performance of a contract with you, or our legitimate interests in providing and improving the service.

To manage accounts and subscriptions

We use account, billing, and payment data to create accounts, manage subscriptions, process payments, issue invoices, provide access, and handle account administration.
Lawful basis: performance of a contract with you, compliance with legal obligations, and our legitimate interests in operating a paid service.

To provide AI-assisted analysis

We use prompts, strategy content, connected data, product usage data, and outputs to generate, explain, compare, summarise, investigate, and refine strategy-related insights.
Lawful basis: performance of a contract with you and our legitimate interests in providing AI-assisted product functionality.

To improve Edgecraft

We use product usage data, feedback, diagnostic data, aggregated data, de-identified data, and support interactions to understand how Edgecraft is used, fix bugs, improve features, develop new tools, and measure performance.
Lawful basis: our legitimate interests in improving and developing Edgecraft.

To secure the platform

We use account data, technical data, usage data, logs, and security signals to protect Edgecraft, prevent misuse, detect suspicious activity, investigate incidents, enforce our Terms, and maintain service integrity.
Lawful basis: our legitimate interests in security and fraud prevention, and compliance with legal obligations.

To communicate with you

We use contact data and communications data to respond to enquiries, provide support, send service updates, notify you about changes, and manage your relationship with us.
Lawful basis: performance of a contract with you and our legitimate interests in communicating with users.

To send marketing

We may use your contact data and marketing preferences to send product updates, launch information, educational content, feature announcements, and related communications.
Lawful basis: consent where required, or our legitimate interests where permitted by law. You can unsubscribe from marketing emails at any time.

To comply with law

We may use personal data to comply with legal, regulatory, tax, accounting, sanctions, law enforcement, court, or other official requirements.
Lawful basis: compliance with legal obligations and our legitimate interests in protecting our business and users.

6. AI and model training

• Edgecraft may use AI providers or AI systems to process your prompts, strategy content, connected data, and outputs in order to provide AI-assisted features.
• We will not intentionally use your private strategy content, connected account data, or personal data to train public AI models unless we clearly tell you and, where required, obtain your consent.
• We may use aggregated, de-identified, or anonymised information to improve Edgecraft, evaluate model performance, improve product quality, detect errors, and develop new features.
• Where we use third-party AI providers, we will take reasonable steps to ensure appropriate contractual and technical safeguards are in place.
• You should not submit information to Edgecraft that you are not authorised to provide or that you do not want processed by AI-assisted systems.

7. API keys and connected services

• If you connect an exchange, wallet, data provider, or other third-party service, Edgecraft may process credentials, tokens, API keys, permissions, account identifiers, trading data, and related information needed to provide the integration.
• We recommend using the lowest level of access required for the relevant feature. You should regularly review and revoke permissions you no longer need.
• We may store integration credentials in an encrypted or otherwise protected form where needed to provide the service.
• You are responsible for managing permissions within the third-party service and for reviewing that service’s own privacy policy, terms, permissions, and security settings.

8. Cookies and similar technologies

• We may use cookies, pixels, local storage, SDKs, and similar technologies to operate the website and platform, remember preferences, support login sessions, analyse usage, improve performance, measure campaigns, and secure the service.
• Some cookies are necessary for the website or platform to work. Others are optional and may be used for analytics or marketing, depending on your choices and applicable law.
• Where required, we will ask for your consent before using non-essential cookies.

9. Who we share personal data with

We may share personal data with:

• hosting, cloud, database, and infrastructure providers;
• authentication and security providers;
• analytics and product analytics providers;
• AI and machine learning providers;
• payment processors and billing providers;
• customer support and communication tools;
• email and marketing platforms;
• exchanges, wallets, data providers, brokers, execution venues, or other integrations you choose to connect;
• professional advisers, including lawyers, accountants, auditors, insurers, and consultants;
• regulators, law enforcement, courts, tax authorities, or public authorities where required;
• potential buyers, investors, acquirers, or successors if we are involved in a merger, acquisition, financing, restructuring, or sale of business assets.

We do not sell your personal data.

10. International transfers

We may process and store personal data in countries outside your country of residence, including the United Kingdom, European Economic Area, United States, or other locations where our service providers operate. Where required, we use appropriate safeguards for international transfers, such as adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement or Addendum, or other legally recognised transfer mechanisms.

11. How long we keep personal data

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy. Retention periods may depend on the type of data, account status, legal requirements, security needs, dispute risks, tax and accounting obligations, and whether the data is needed to provide the service.

As a guide:

• account data is kept while your account is active and for a reasonable period afterwards;
• billing and transaction records may be kept for tax, accounting, and legal purposes;
• support communications may be kept to manage enquiries and improve service quality;
• usage logs and security records may be kept for a limited period for diagnostics, security, and fraud prevention;
• strategy content and connected account data may be deleted or de-identified after account closure, unless we need to keep it for legal, security, backup, or dispute reasons;
• aggregated or anonymised data may be kept for longer because it does not identify you.

12. Your rights

Depending on where you live and the laws that apply, you may have rights to:

• access your personal data;
• correct inaccurate or incomplete personal data;
• delete your personal data;
• restrict how we use your personal data;
• object to certain processing;
• withdraw consent where processing is based on consent;
• request portability of your personal data;
• complain to a data protection authority.

To exercise your rights, contact us at support@edgecraft.app. We may need to verify your identity before responding. Some rights are subject to limits and exceptions under applicable law.

If you are in the UK, you can contact the Information Commissioner’s Office. If you are in the EEA, you can contact your local data protection authority.

13. Marketing choices

You can unsubscribe from marketing emails by using the unsubscribe link in the email or contacting us at support@edgecraft.app. Even if you unsubscribe from marketing, we may still send service-related messages, such as account notices, security alerts, billing updates, legal updates, and important platform communications.

14. Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These measures may include access controls, encryption, monitoring, logging, secure infrastructure, credential protection, and internal policies. No system is completely secure. You are responsible for keeping your account credentials secure, using strong passwords, enabling available security features, and managing third-party API permissions carefully.

15. Children

Edgecraft is not intended for children or anyone under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, contact us and we will take appropriate steps to delete it.

16. Automated decision-making

Edgecraft may use automated systems, including AI, to generate analysis, summaries, scores, alerts, explanations, or other outputs. These outputs are intended to support user review and decision-making. They are not intended to make legally or similarly significant decisions about you without human involvement. You remain responsible for deciding whether and how to act on any output.

17. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by posting the updated Privacy Policy on our website, sending an email, or notifying you through the platform. The updated Privacy Policy will apply from the date stated at the top of the page unless otherwise stated.

18. Contact us

If you have questions about this Privacy Policy or how we handle personal data, contact us at support@edgecraft.app.

For general questions about Edgecraft, early access or how the platform works, please visit our FAQ.