Privacy Policy

As of: 30 June 2026

Contents 1. Controller 2. Data Protection Contact and Data Protection Officer 3. General Information on Data Processing 4. Categories of Personal Data 5. Registration, User Account and Password Storage 6. Phone Number Verification with Twilio Verify 7. MT5 Connection and Trading Data 8. Uploading Chart Screenshots 9. Pre-Market Scan Report and Twelve Data 10. Payment Processing with Stripe 11. Hosting, Server Operations and Database at IONOS 12. Backups 13. Contact Form and Email Communication 14. Newsletter 15. Cookies, Sessions and CSRF Protection 16. Own Landing Page Analytics 17. Recipients and Processors 18. Transfers to Third Countries 19. Retention Periods 20. Obligation to Provide Personal Data 21. Automated Decision-Making and Profiling 22. Security of Processing 23. Your Rights as a Data Subject 24. Right to Lodge a Complaint with a Supervisory Authority 25. Changes to this Privacy Policy

1. Controller

Investment Coins UG (haftungsbeschränkt)
Hiesfelderstr. 103 A, 46147 Oberhausen, Deutschland
Email: info@investment-coins.de
Phone: 0208 62 189 535

Where „we", „us" or „TriaTex" is used, this refers to Investment Coins UG (haftungsbeschränkt).

2. Data Protection Contact and Data Protection Officer

For data protection enquiries, please contact: info@investment-coins.de. Based on the information available to us, no Data Protection Officer has been appointed. Should one be appointed in the future, this Privacy Policy will be updated accordingly.

3. General Information on Data Processing

We process personal data only to the extent necessary for the operation of the TriaTex platform, the performance of the contract, the security of the system, payment processing, communication with users, or compliance with legal obligations.

The platform is used in particular for recording and analysing trading data, storing trading journals, uploading chart screenshots, using MT5-related trading data, and providing reports and features depending on the chosen plan.

We do not use third-party analytics, tracking or marketing cookies.

4. Categories of Personal Data

AreaData CategoriesLegal Basis / Purpose
Registration and user accountName, email address, password hash, user ID, subscription status, registration and login timestampsArt. 6(1)(b) GDPR: account creation and management; Art. 6(1)(f) GDPR: security and abuse prevention
Phone number verificationMobile number, verification status, timestamp, technical delivery information via Twilio VerifyArt. 6(1)(b) GDPR: account security; Art. 6(1)(f) GDPR: abuse and fraud prevention
Trading journal and MT5 dataTrades, sessions, notes, account number, balance, open positions, technical import dataArt. 6(1)(b) GDPR: provision of platform features
ScreenshotsChart screenshots uploaded by the user and metadataArt. 6(1)(b) GDPR: storage and display in the trading journal
Payment and subscriptionStripe customer ID, payment status, billing data, plan, term; no full card data storedArt. 6(1)(b) GDPR: payment processing; Art. 6(1)(c) GDPR: retention obligations
Contact form and emailName, email address, message content, timestamp, technical delivery dataArt. 6(1)(f) GDPR; Art. 6(1)(b) GDPR where contract-relevant
NewsletterEmail address, sign-up timestamp, consent recordArt. 6(1)(a) GDPR: consent
Server logsIP address, date and time, URL accessed, status code, browser informationArt. 6(1)(f) GDPR: operational security

5. Registration, User Account and Password Storage

A user account is required to use the platform. Passwords are not stored in plain text but as a cryptographic hash. Password resets use a time-limited token.

Legal basis: Art. 6(1)(b) GDPR; security-related logging: Art. 6(1)(f) GDPR.

6. Phone Number Verification with Twilio Verify

To verify mobile phone numbers, we use Twilio Verify (Twilio Ireland Limited / Twilio Group). Your mobile number is transmitted to Twilio to provide a verification code by SMS.

Purpose: securing the registration, preventing multiple fraudulent accounts. Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR.

Twilio may process data in third countries (in particular the USA). Twilio provides a Data Protection Addendum and appropriate transfer mechanisms for this purpose.

7. MT5 Connection and Trading Data

When using the MT5 connection or an Expert Advisor, technical trading data (trades, sessions, account numbers, balance, open positions) is transmitted and stored. Names, broker data or other personal information should not be processed via MT5.

Legal basis: Art. 6(1)(b) GDPR. You are responsible for not uploading third-party data in notes, screenshots or free-text fields.

8. Uploading Chart Screenshots

Screenshots are associated with your user account and stored for display, analysis and documentation in the trading journal. Please ensure that screenshots do not contain unnecessary personal data, credentials, full account numbers, email addresses, third-party names or other confidential information.

Legal basis: Art. 6(1)(b) GDPR.

9. Pre-Market Scan Report and Twelve Data

For the pre-market scan report we use the API of Twelve Data Inc. The API call is made server-side without transmitting personal user data. Only market data (prices, OHLCV data) is retrieved. The results are temporarily stored on our servers and displayed to authorised users.

10. Payment Processing with Stripe

For paid subscriptions we use Stripe. Stripe processes payment data; we do not store complete credit card or bank data on our servers. We receive payment confirmations, status information, customer ID, subscription information and technical events.

Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(c) GDPR. Stripe may process data in third countries (in particular the USA); Stripe relies on standard contractual clauses.

11. Hosting, Server Operations and Database at IONOS

The platform is operated at IONOS on servers in Germany (Apache, MariaDB, no CDN). When accessed, the server processes IP address, date/time, URL accessed, status code, browser and device information and referrer information. Server logs are stored for a maximum of 7 days.

Legal basis: Art. 6(1)(f) GDPR. IONOS processes personal data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR.

12. Backups

Backups are stored exclusively on the same server and deleted after one month. Backups may contain personal data from user accounts, trading data, screenshots, payment status information and technical data. Restoration only takes place for system security, troubleshooting or recovery purposes.

Legal basis: Art. 6(1)(f) GDPR.

13. Contact Form and Email Communication

We process the submitted information (name, email address, message text, timestamp). The contact form is processed via PHP; emails are sent via our own SMTP server.

Legal basis: Art. 6(1)(f) GDPR; where contract-relevant also Art. 6(1)(b) GDPR. Requests are deleted after final processing.

14. Newsletter

We only send newsletters with consent. Legal basis: Art. 6(1)(a) GDPR. You may withdraw your consent at any time, in particular via the unsubscribe link or by email to info@investment-coins.de. After unsubscribing, the email address is removed from the active mailing list.

15. Cookies, Sessions and CSRF Protection

We use only technically necessary cookies: session cookies to maintain the login and CSRF tokens to protect forms. No third-party tracking, analytics or marketing cookies.

A cookie banner is generally not required based on this description. Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR.

16. Own Landing Page Analytics

Analytics are carried out internally only, without external tracking providers. Where data is analysed in anonymised or aggregated form, no personal data is involved. Where pseudonymous data is used: legal basis Art. 6(1)(f) GDPR. Legitimate interest: improving the platform without sharing data with external tracking providers.

17. Recipients and Processors

Data is shared only to the extent necessary. Recipients:

Data processing agreements pursuant to Art. 28 GDPR are concluded with service providers as required.

18. Transfers to Third Countries

Processing outside the EU/EEA takes place in particular with Stripe and Twilio. An adequate level of data protection is ensured through EU standard contractual clauses, data processing addenda or other appropriate transfer mechanisms. The specific legal basis depends on the respective contractual arrangement and provider account.

19. Retention Periods

20. Obligation to Provide Personal Data

Without an email address, user account and password, the platform cannot be used. Phone number verification is a prerequisite for registration. Payment data is required for paid plans. Trading data, screenshots and notes are voluntary but required for the corresponding features.

21. Automated Decision-Making and Profiling

Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place. We do not provide automated investment decisions, financial advice or individual trading recommendations.

22. Security of Processing

Technical and organisational measures: TLS-encrypted data transmission, password hashing, access restrictions, backups, server-side security measures, protection mechanisms against abusive requests. Absolute security for internet-based transmissions cannot be guaranteed.

23. Your Rights as a Data Subject

You have the following rights against us:

To exercise your rights, please contact: info@investment-coins.de

24. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority may be that of your place of residence, workplace or the place of the alleged infringement.

For NRW: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
www.ldi.nrw.de

25. Changes to this Privacy Policy

We may amend this Privacy Policy if the platform, the service providers used, the legal situation or the actual data processing changes. The current version will always be available on the website.