Legal

The fine print - written to be read.

Terms, privacy, cookies, disclosures. Plain English. No dark patterns. If a clause is unclear, email legal@trademire.ai - a lawyer actually answers.

Document
Terms of Service

The agreement governing your use of TradeMire.

Effective Jan 01 2025 - Updated Mar 15 2025
Active
Privacy Policy

What we collect, why, where it lives, and how to delete it.

Effective Jan 01 2025 - Updated Mar 15 2025
Document
Cookie Policy

Eight cookies in total. One analytics. Opt out any time.

Effective Jan 01 2025 - Updated Mar 15 2025

Effective date: January 1, 2025 - Last updated: March 15, 2025

TradeMire ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy describes how we collect, use, store, share, and protect personal information when you use the TradeMire platform.

This policy applies to all users globally. Depending on where you reside, additional jurisdiction-specific provisions apply (GDPR for EEA/UK/Swiss residents, KVKK for Turkey, UAE PDPL for UAE residents, CCPA/CPRA for California).

GDPR KVKK UAE PDPL
Plain English

We do not store your funds or your wallet seed. Exchange API keys are encrypted on our side and only decrypted in transit to the connected exchange.

1. Data Controllers

TradeMire's sole legal entity operates from Istanbul, Republic of Türkiye, and acts as the data controller for all users globally, with jurisdiction-specific compliance frameworks layered on top.

🇪🇺

TradeMire

Istanbul, Republic of Türkiye

Registered with Istanbul Trade Registry

Controller for EEA, UK, and Swiss users under GDPR
🇹🇷

TradeMire

Istanbul, Republic of Türkiye

Registered with Istanbul Trade Registry

Controller for Turkish users under KVKK (Law No. 6698)
🇦🇪

TradeMire

Istanbul, Republic of Türkiye

Registered with Istanbul Trade Registry

Controller for UAE and GCC users under PDPL

Data Protection Officer

For all data protection inquiries, contact our DPO: dpo@trademire.ai

2. Information We Collect

We collect the following categories of personal data:

Account & Identity Data

Full name, email address, phone number (optional), authentication credentials, KYC/AML documents where required by law.

Financial & Exchange Data

Encrypted exchange API keys, trading preferences, portfolio configurations, strategy parameters. We do not store withdrawal credentials or private keys.

Technical & Usage Data

IP address, browser type and version, device identifiers, operating system, session duration, pages visited, feature interactions.

Communication Data

Support tickets, feedback submissions, email correspondence, in-app messages.

3. Legal Bases for Processing

We process your personal data based on the following legal grounds, applicable across GDPR (Art. 6), KVKK (Art. 5), and UAE PDPL frameworks:

Contractual Necessity

Processing required to deliver our platform services, execute trading strategies, and maintain your account. (GDPR Art. 6(1)(b))

Legal Obligation

Processing required to comply with applicable laws, including AML/KYC regulations, financial reporting requirements, and tax laws.

Legitimate Interest

Processing for platform security, fraud prevention, infrastructure optimization, and service improvement - where our interests do not override your fundamental rights.

Consent

Where required - such as for analytics cookies, marketing communications, or processing of special categories of data. You may withdraw consent at any time.

4. How We Use Your Data

We use personal data exclusively for the following purposes:

  • Providing, operating, and maintaining the TradeMire platform and trading services.
  • Executing trading strategies, managing exchange connections, and processing portfolio operations on your behalf.
  • Authenticating users, preventing unauthorized access, and ensuring platform security.
  • Communicating service updates, security alerts, and responding to support inquiries.
  • Analyzing aggregated and anonymized usage patterns to improve platform performance and reliability.
  • Complying with legal and regulatory obligations in all operating jurisdictions.

5. Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Exchange Providers - Encrypted API credentials are transmitted solely to execute your authorized trading operations on connected exchanges.
  • Infrastructure Providers - Cloud hosting, CDN, and monitoring services (hosted within EEA/compliant jurisdictions) under data processing agreements.
  • Legal Authorities - When required by law, regulation, court order, or binding governmental request.
  • Professional Advisors - Legal counsel, auditors, and compliance consultants, bound by professional secrecy obligations.

All third-party data processors are vetted for compliance with GDPR, KVKK, and UAE PDPL requirements. A current list of subprocessors is available on request from dpo@trademire.ai.

6. International Data Transfers

TradeMire operates from Istanbul, Republic of Türkiye. Your data may be transferred to and processed in jurisdictions outside your country of residence under appropriate safeguards.

GDPR

For transfers from the EEA to non-adequate countries, we rely on EU Standard Contractual Clauses (SCCs) as approved by the European Commission, supplemented by additional safeguards where required.

KVKK

For transfers from Turkey, we comply with KVKK cross-border transfer provisions (Art. 9) and obtain necessary approvals from the Personal Data Protection Authority where required.

UAE PDPL

For transfers from the UAE, we adhere to the conditions set out in Art. 22 of the PDPL and any supplementary regulations issued by the UAE Data Office.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, or as required by law:

Data Type Retention Period Justification
Account Data Duration of account + 3 years after deletion Contractual obligation and regulatory record-keeping
Exchange API Keys Immediately deleted upon disconnection No longer required once connection is severed
Trading Activity Logs 5 years AML/KYC and financial audit compliance
Technical / Usage Logs 12 months (rolling) Security monitoring and infrastructure optimization
Support Communications 2 years after resolution Service quality and dispute resolution

8. Data Security

We implement rigorous technical and organizational measures to protect your data:

  • AES-256 encryption at rest for all sensitive data including API keys and credentials.
  • TLS 1.3 encryption in transit for all communications between clients, servers, and exchange APIs.
  • Zero internal access architecture - employee access to production data is strictly prohibited and technically enforced.
  • Multi-factor authentication (MFA) available for all user accounts.
  • Regular independent security audits and penetration testing by accredited third-party firms.
  • Incident response plan with 72-hour breach notification commitment to relevant supervisory authorities.

Despite best-in-class measures, no system can guarantee absolute security. We encourage users to enable MFA and use strong, unique passwords.

9. GDPR Rights (EEA / UK / Swiss Users)

GDPR

If you reside in the European Economic Area, United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Right of Access (Art. 15) - Obtain a copy of your personal data and information about how it is processed.
  • Right to Rectification (Art. 16) - Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Art. 17) - Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to Restriction (Art. 18) - Request restriction of processing in certain circumstances.
  • Right to Data Portability (Art. 20) - Receive your data in a structured, machine-readable format and transmit it to another controller.
  • Right to Object (Art. 21) - Object to processing based on legitimate interests, including profiling.
  • Right to Withdraw Consent (Art. 7) - Withdraw consent at any time, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint - File a complaint with the French data protection authority, CNIL, or your national supervisory authority.

We will respond to all GDPR requests within 30 days. Complex or numerous requests may be extended by an additional 60 days with notice.

10. KVKK Rights (Turkey)

KVKK

If you reside in Turkey, you have the following rights under the Personal Data Protection Law No. 6698 (Kişisel Verilerin Korunması Kanunu):

  • Learning whether your personal data is processed (Art. 11(a)).
  • Requesting information about the processing if your data has been processed (Art. 11(b)).
  • Learning the purpose of processing and whether data is used in accordance with its purpose (Art. 11(c)).
  • Knowing the third parties to whom personal data is transferred domestically or abroad (Art. 11(ç)).
  • Requesting rectification of personal data if it is incomplete or inaccurate (Art. 11(d)).
  • Requesting deletion or destruction of personal data under conditions set forth in Art. 7 (Art. 11(e)).
  • Requesting notification of rectification/deletion to third parties to whom data has been transferred (Art. 11(f)).
  • Objecting to a result generated exclusively through automated systems that is against your interests (Art. 11(g)).
  • Claiming compensation for damages arising from unlawful processing of your personal data (Art. 11(ğ)).

You may file complaints with the Turkish Personal Data Protection Authority (Kişisel Verileri Koruma Kurumu - KVKK Kurumu) at www.kvkk.gov.tr.

We will respond to KVKK requests within 30 days in accordance with Art. 13 of the Law. The application process follows the procedure published by the KVKK Kurumu.

TradeMire is registered with the Data Controllers Registry (VERBİS) as required by Art. 16 of the KVKK.

11. UAE PDPL Rights

UAE PDPL

If you reside in the United Arab Emirates, you have the following rights under the Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL):

  • Right to be informed about the collection and processing of your personal data (Art. 13).
  • Right to access your personal data that we hold (Art. 14).
  • Right to request rectification, erasure, or restriction of processing (Art. 15-16).
  • Right to data portability in a commonly used electronic format (Art. 17).
  • Right to object to processing, including for direct marketing purposes (Art. 18).
  • Right to withdraw consent at any time (Art. 19).

Complaints may be filed with the UAE Data Office, the supervisory authority established under the PDPL.

We will respond to requests in accordance with the timeframes set by the UAE Data Office's implementing regulations.

12. Cookies

We use strictly necessary cookies to maintain session state and user preferences. Optional analytics cookies are only loaded after explicit consent.

For detailed information about the cookies we use, their purposes, and how to manage preferences, please refer to our Cookie Policy.

13. CCPA / CPRA Rights (California)

CCPA / CPRA

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the following rights:

  • Right to Know - You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete - You may request deletion of your personal information, subject to certain exceptions permitted by law.
  • Right to Correct - You may request correction of inaccurate personal information that we maintain about you.
  • Right to Opt-Out of Sale/Sharing - You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination - We will not discriminate against you for exercising any of your CCPA/CPRA rights, including by denying service or charging different prices.

TradeMire does not sell, share for cross-context behavioral advertising, or use sensitive personal information for purposes that require an opt-out under CCPA/CPRA.

To exercise your CCPA/CPRA rights, contact us at privacy@trademire.ai. We will verify your identity and respond within 45 days, with a possible 45-day extension.

14. Automated Decision-Making

TradeMire uses automated systems to execute trading strategies, manage risk parameters, and generate market analytics. These systems do not produce legal effects on you or significantly affect you in a way that requires consent under GDPR Art. 22, except where you explicitly enable them on your own account.

Under GDPR Art. 22, KVKK Art. 11(g), and applicable regulations, you have the right not to be subject to a decision based solely on automated processing that produces legal effects. You can disable automated trading at any time from your account settings.

15. Children's Privacy

TradeMire services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact dpo@trademire.ai.

16. Changes to this Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or regulatory guidance. Material changes will be communicated via email and an in-platform notification at least 30 days before the effective date.

17. Contact and Supervisory Authorities

For any privacy-related questions, data access requests, or complaints:

  • Data Protection Officer: dpo@trademire.ai
  • General privacy inquiries: privacy@trademire.ai
  • EU/EEA: TradeMire, Istanbul, Republic of Türkiye
  • Turkey: TradeMire, Istanbul, Republic of Türkiye
  • UAE: TradeMire, Istanbul, Republic of Türkiye

Supervisory Authorities

🇪🇺

European national DPAs (e.g. CNIL, ICO)

🇹🇷

KVKK Kurumu (Turkey) - www.kvkk.gov.tr

🇦🇪

UAE Data Office - established under Federal Decree-Law No. 45/2021