Privacy Policy

This Privacy Policy outlines how we collect, use, share, and protect your personal data when using the website braintechfinance.com and the web application web.braintechfinance.com (hereinafter referred to as the "Services").

1. DATA CONTROLLER

The data controller is Braintech Finance. For any questions or requests regarding personal data processing, you can contact us at: info@braintechfinance.com

2. PERSONAL DATA COLLECTED

We collect the following personal data from users:

2.1 Account Data

Collected at registration and used to create and manage the user account:

• Email address
• Password (stored in irreversibly hashed form; never accessible in plain text by Braintech)
• Auto-generated display name (format: brain_XXXXXXXX, assigned by the system at registration)
• Referral code (optional, provided by the user if applicable)
• Marketing consent flag and timestamp (optional, recorded only if explicitly provided by the user)
• Terms & Conditions acceptance timestamp

2.2 Service Data

Collected during use of the Services for the purpose of providing account monitoring, performance reporting, and platform functionality:

• MT5 account number (received from BrainLink at first connection and used for account identification)
• Account equity and balance (periodic snapshots sent by BrainLink)
• Account currency
• Number of open trades (count only, not trade details)
• Closed trade data: strategy identifier, instrument, direction, lot size, P&L percentage, P&L value, open time, close time
• Active strategy identifiers, risk percentage, and capital allocation percentage configured by the user
• BrainLink app version and EA version
• BrainLink update state

2.3 BrainLink Local Data - Not Transmitted to Braintech Servers

The BrainLink software, installed on the user's own machine or VPS, stores the following data exclusively and locally on the user's device:

• MT5 account password
• Broker server address

These data are written to a local configuration file (config.json) on the user's machine and are never transmitted to Braintech servers. Braintech Finance has no access to, and cannot retrieve, the user's MT5 login credentials.

2.4 Analytics Data

We use Google Analytics 4 (GA4) on the braintechfinance.com marketing website to collect aggregated and anonymized browsing data (such as geographic area, pages visited, session duration). A dedicated cookie banner and cookie policy are currently being implemented to provide full transparency and consent management for EU users in compliance with GDPR and the ePrivacy Directive. Until the banner is in place, GA4 is configured in anonymized mode. We do not perform personal profiling for commercial or advertising purposes.

3. LEGAL BASIS FOR PROCESSING

The processing of your personal data is based on the following legal grounds under Regulation (EU) 2016/679 ("GDPR"):

3.1 Contract Performance - Art. 6(1)(b) GDPR

The processing of account data (email, hashed password, display name) and service data (MT5 account number, equity, balance, trade history, strategy configuration) is necessary to provide the Services and fulfill the contractual obligations described in the Terms & Conditions. This processing does not require separate consent, as it is necessary for the performance of the contract to which the user is a party.

3.2 Consent - Art. 6(1)(a) GDPR

Marketing consent is collected separately, optionally, and independently from the acceptance of the Terms & Conditions. Users who do not provide marketing consent can still access and use the Services without limitation. Where consent is the legal basis, it can be revoked at any time by contacting info@braintechfinance.com, without affecting the lawfulness of processing carried out prior to revocation.

3.3 Legitimate Interest - Art. 6(1)(f) GDPR

Aggregate and anonymized analytics data (GA4) is processed on the basis of Braintech's legitimate interest in understanding how users interact with the website, in order to improve the Services. Users retain the right to object to this processing (see Section 7).

4. DATA USE METHODS AND PURPOSES

4.1 Provision of Services

• Creation, management, and maintenance of the user account
• Display of MT5 account number, balance, equity, and trade history on the Platform
• Sending of functional and transactional emails (registration confirmation, license key delivery, account status updates, password reset)
• Calculation and display of performance metrics and strategy ROI

4.2 Internal Analysis and Improvement

Aggregate or anonymized data is used to improve user experience and resolve technical issues. No individual profiling is performed for commercial purposes.

4.3 Analytics

Aggregate browsing data collected via Google Analytics 4 on the marketing website is used solely to understand usage patterns and improve the website. A cookie banner will be implemented to obtain explicit consent for this processing in accordance with EU requirements.

5. DATA SHARING AND TRANSFER

5.1 Third-Party Providers

Collected data may be processed on systems managed by third-party infrastructure providers (including Amazon Web Services for hosting in the eu-south-1 region, Milan, Italy, and Google for analytics). Where providers are located outside the European Union, data transfers are governed by Standard Contractual Clauses (SCC) as provided under GDPR Art. 46, supplemented by additional technical and organizational security measures.

5.2 Legal Obligations

In exceptional cases, we may share data with public or judicial authorities if required by applicable law.

5.3 No Sale of Data

Braintech Finance does not sell, rent, or trade personal data with third parties for commercial purposes.

6. DATA SECURITY

6.1 Protection Measures

We implement physical, logical, and organizational security measures - including encryption in transit (TLS), hashed password storage, and network access controls - to prevent unauthorized access, disclosure, or loss of personal data.

6.2 Restricted Access

Access to personal data is limited to authorized personnel and collaborators who require it to fulfill the stated purposes.

6.3 Local Data Security

Data stored locally by BrainLink on the user's machine (MT5 credentials, broker server) is the user's responsibility to protect. Braintech Finance has no access to this data and cannot recover it in case of loss.

7. USER RIGHTS

Under the GDPR, the user has the right to:

• Access their personal data
• Rectify inaccurate or incomplete data
• Delete data ("right to be forgotten"), except where processing is required by law
• Restrict processing in cases outlined by Art. 18 GDPR
• Object to processing, including processing based on legitimate interest (Art. 21 GDPR)
• Request data portability to another controller, if technically feasible
• Withdraw consent at any time, where consent is the legal basis, without affecting the lawfulness of prior processing

To exercise these rights, contact us at: info@braintechfinance.com with the subject "Privacy Rights Exercise Request".

A response will be provided within 30 days of the request, unless exceptional complexity requires an extension of up to two additional months, in which case the user will be notified.

7.1 Right to Lodge a Complaint

If the user believes that their personal data has been processed in violation of applicable data protection law, they have the right to file a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali - www.garanteprivacy.it), without prejudice to any other administrative or judicial remedy.

8. DATA RETENTION

We retain personal data for the duration of the contractual relationship or as long as the account remains active. Upon account deletion, we will delete or anonymize personal data within a reasonable timeframe, unless longer retention is required to comply with legal, fiscal, or regulatory obligations (e.g., accounting records).

Aggregate analytics data collected via Google Analytics 4 is subject to Google's own retention policies and is anonymized at collection.

9. NO DIRECT MARKETING

We do not currently send any type of commercial communication or newsletters to our users. Automated emails are related solely to registration, license key delivery, account status notifications, password recovery, or other essential service communications.

If direct marketing activities are introduced in the future, separate and specific consent will be requested from the user, independently of the Terms & Conditions and this Privacy Policy.

10. COOKIES

We use technical cookies strictly necessary for the Platform's operation on web.braintechfinance.com. On the braintechfinance.com marketing website, we use Google Analytics 4 for aggregate analytics. A dedicated cookie banner and cookie policy are currently being implemented and will be published on braintechfinance.com to provide users with full control over non-essential cookies in compliance with GDPR and the ePrivacy Directive (Directive 2002/58/EC as amended).

11. CHANGES TO THE PRIVACY POLICY

Any material changes to this Privacy Policy will be communicated to registered users via email at the address provided during registration and/or through a notice on the Platform, at least 30 days before taking effect, in accordance with Art. 15 of the Terms & Conditions. We encourage users to periodically review this page.

For any questions or clarification regarding this Privacy Policy, contact us at: info@braintechfinance.com