Privacy Policy

Last updated: · This policy describes how personal data is processed when you use levynd.ai and the Levynd platform (platform.levynd.ai).

The party responsible for data processing ("controller" under Art. 4(7) GDPR) is the operator named in the Imprint. Wherever this policy references "we", "us" or "Levynd" it means that operating entity. Fields marked in red below are completed by the operator before launch and are intentionally not filled with placeholder values.

1. Controller & Data Protection Contact

Controller within the meaning of the General Data Protection Regulation (GDPR):

Legal entity:
Address:
Email:

A Data Protection Officer is appointed where required under Art. 37 GDPR / § 38 BDSG. Contact for all data protection matters: .

2. Categories of Personal Data We Process

Category	Examples	Source
Account data	Email address, authentication identifier, subscription tier, account settings	Provided by you at registration
Trading & journal data	Imported fills, positions, trades, tags, notes, screenshots, goals, daily plans	Synced read-only from your broker, uploaded, or entered by you
Broker connection credentials	Read-only broker API keys (encrypted at rest)	Provided by you to enable auto-sync
AI Copilot interactions	Prompts, conversation history, generated insights tied to your account	Generated when you use the AI Copilot
Billing data	Subscription status, invoices, billing identifiers (card data is held by the payment provider, not by us)	Payment processor
Technical & usage data	IP address, device/browser metadata, request logs, error logs	Collected automatically when you use the service

3. Purposes & Legal Bases (Art. 6 GDPR)

Providing the service (account, journal, auto-sync, AI Copilot, reporting) — performance of a contract, Art. 6(1)(b).
Billing & fraud prevention — performance of a contract and legal obligation, Art. 6(1)(b) and (c).
Security, logging, abuse prevention — legitimate interest, Art. 6(1)(f) (interest: keeping the platform secure and available).
Product communication and, where applicable, marketing email — consent, Art. 6(1)(a) (double opt-in), or legitimate interest where permitted.
Compliance with retention obligations (e.g. invoices) — legal obligation, Art. 6(1)(c).

4. Information Obtained from Third Parties (Art. 14 GDPR)

When you connect a broker for read-only auto-sync, we receive trade and position data about your account from that broker's API. We use this data solely to populate your journal and analytics. We do not place orders, move funds, or modify your broker account; the connection is read-only by technical design.

5. Processors & Recipients (Art. 28 GDPR)

We use the following categories of processors under data-processing agreements. Each is engaged only to the extent needed to operate the service:

Cloud hosting and CDN provider (application hosting, edge delivery of this site)
Authentication provider (sign-in and account management)
Database / managed Postgres hosting (storage of your account and journal data)
Payment processor (subscription billing; holds card data as an independent controller)
Transactional and marketing email provider
AI inference provider(s) used to generate Copilot responses
Connected broker APIs (read-only, on your instruction)

The specific named sub-processors and their data-processing agreements are listed by the operator and made available on request: .

6. International Transfers (Art. 44–49 GDPR)

Where a processor handles personal data outside the EU/EEA, transfers are safeguarded by an adequacy decision, EU Standard Contractual Clauses, or another mechanism permitted under Chapter V GDPR, together with supplementary measures where required. Details are available from the controller named in the Imprint.

7. Retention

We keep account and journal data for as long as your account is active. After account deletion, personal data is erased or anonymised, except where a statutory retention obligation (e.g. for invoices) requires us to keep specific records for the legally mandated period.

8. Your Rights

Subject to the conditions of the GDPR, you have the right to:

access your personal data (Art. 15);
rectification of inaccurate data (Art. 16);
erasure / "right to be forgotten" (Art. 17);
restriction of processing (Art. 18);
data portability (Art. 20) — you can export your trading and journal data from your account;
object to processing based on legitimate interest (Art. 21);
withdraw consent at any time, without affecting prior lawful processing (Art. 7(3)).

You can export your data and delete your account from your account settings on the platform. To exercise any other right, contact .

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your residence, place of work, or place of the alleged infringement (Art. 77 GDPR).

10. Cookies & Tracking

This marketing site sets only the cookies strictly necessary to deliver the page and does not use third-party advertising trackers. The authenticated platform uses cookies and equivalent storage that are strictly necessary for sign-in and session security.

11. Changes to this Policy

We may update this policy to reflect changes to the service or legal requirements. The current version is always published at this URL with the date of the last update shown above.