Privacy Policy

01Scope

This policy applies to personal data we collect through: your visits to umbra.trading; your Subscription to Umbra; your use of the Software and Licence Server; your support enquiries via email or Telegram; and any other interactions with us.

It does not apply to data handled by third-party services you choose to use alongside Umbra — including your MetaTrader 5 broker, your VPS provider, or any exchange or wallet you use to fund payments. Those services have their own privacy policies, which we encourage you to review.

02Data we collect

We collect only the data necessary to provide the Software and support.

2.1 Subscription data

When you subscribe we collect: your name, email address, and country of residence (for tax and jurisdictional compliance). We also generate a unique Subscriber identifier tied to your payment record.

2.2 Payment data

Payment is processed by Stripe. We do not store your card number, bank details, or cryptocurrency wallet addresses. Stripe provides us with a payment confirmation, the last four digits of your payment method (for reconciliation), and the country of the payment source.

2.3 Licence data

To activate the Software, we collect your MetaTrader 5 account number(s). Each installation is bound to a specific account number through our Licence Server. We store the account number, broker name, and timestamp of each authentication check. We do not collect or store your MT5 login password.

2.4 Support communications

When you contact us by email or Telegram, we retain the conversation for reference and continuity. Attachments (such as screenshots) you send are retained with the conversation.

2.5 Technical data

When you visit umbra.trading we may collect standard technical information: IP address, browser type, device type, referring URL, and pages visited. This data is used for security and analytics and is retained in aggregated form.

03How we use data

We use the data we collect to:

• Deliver the Software, operate the Licence Server, and authenticate your installations;
• Process your subscription payments and send transaction receipts;
• Provide customer support and respond to your enquiries;
• Send essential service notices (billing confirmations, licence updates, scheduled maintenance);
• Detect and prevent fraud, abuse, and violations of our terms;
• Comply with legal obligations, including tax and regulatory requirements in our jurisdiction;
• Improve the Software based on aggregated usage patterns (never individual data without consent).

We do not sell your data, rent it to third parties, use it for advertising, or share it with data brokers.

04Legal basis

For Subscribers in the European Economic Area, United Kingdom, or similar privacy regimes, we rely on the following legal bases to process your data:

• Contract performance — processing necessary to deliver the Subscription and Software you purchased;
• Legitimate interests — security, fraud prevention, and product improvement, where these do not override your rights;
• Legal obligation — compliance with tax, accounting, and regulatory requirements;
• Consent — where we seek specific consent (for example, for optional marketing communications), we rely on your consent, which you may withdraw at any time.

05Third-party processors

We use a small number of third-party services to operate Umbra. Each is contractually bound to process your data only on our instructions and to maintain appropriate security standards.

We review our processors periodically to confirm continued suitability. If you object to any specific processor, contact us and we will discuss options where technically feasible.

06When we share data

Beyond the processors listed in Section 5, we share personal data only:

• With your explicit consent, at the time consent is sought;
• When required by legal obligation — a court order, subpoena, tax authority demand, or equivalent;
• To enforce our terms or protect our rights, property, or safety, or those of our Subscribers or the public;
• In connection with a business transfer (merger, acquisition, sale of assets), in which case the acquiring party is bound by this policy or a substantially similar one.

07Retention

We retain personal data only as long as necessary for the purposes outlined in this policy, or as required by law.

• Subscription records (name, email, billing): retained for the duration of your Subscription plus seven years after cancellation, for tax and audit compliance;
• Licence activation records (MT5 account, authentication timestamps): retained for the duration of your Subscription plus one year after cancellation;
• Support communications: retained for two years after the conversation, for quality and dispute reference;
• Website analytics: retained for 26 months in anonymised aggregate form;
• Marketing consent records (if you opt in): retained until you withdraw consent, then deleted within 30 days.

08Security

We apply standard security practices appropriate to a small SaaS operation: encryption in transit (HTTPS) for all traffic, encrypted storage for sensitive records, access control limited to operational personnel, and regular review of third-party processor security standards.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you promptly and in accordance with applicable law.

09Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you;
• Correction — request that we correct inaccurate or incomplete data;
• Deletion — request that we delete your data (subject to legal retention obligations);
• Restriction — request that we limit how we process your data in certain circumstances;
• Portability — request your data in a structured, machine-readable format;
• Objection — object to processing based on legitimate interests;
• Withdraw consent — for processing based on consent, withdraw it at any time;
• Complaint — lodge a complaint with your local data protection authority.

To exercise any of these rights, email kai@umbra.trading with the subject line "Privacy request." We will respond within 30 days.

10Cookies & analytics

umbra.trading uses a minimal set of cookies:

• Essential cookies — required for the site to function (session state, security). These cannot be disabled.
• Analytics cookies — Google Analytics cookies that measure aggregate site usage. These are set only with your consent, via the cookie banner on your first visit.

We do not use advertising or tracking cookies, and we do not share cookie data with ad networks or data brokers.

11International transfers

Our processors are located in various jurisdictions including the United States and the European Union. Where data is transferred out of your region, we rely on standard contractual clauses, adequacy decisions, or equivalent legal mechanisms to ensure your data receives an appropriate level of protection.

12Children

Umbra is not directed to children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided data to us, contact us and we will delete it.

13Changes to policy

We may update this policy from time to time. Material changes will be notified by email to Subscribers at least 30 days before taking effect. The current version is always available at umbra.trading/privacy.

14Contact

Privacy questions, data requests, and complaints should be directed to kai@umbra.trading. Include "Privacy" in the subject line for fastest routing.