1. Who we are
For the purposes of this Policy, the data controller is [Vant8 Legal Entity Name], registered at [Registered Office Address] (“Vant8”, “we”, “us”). Questions about this Policy or your data can be sent to privacy@vant8.com.
2. What we collect
2.1 Account and identity data
- Email address and a hashed password (or a federated identity token if you sign in with a third party).
- Optional profile information you provide (display name, language).
- Where verification is required for higher tiers, identity-verification data collected by our KYC provider — typically a government ID image, a liveness selfie, and the results of the verification check. We receive only the verification result and a reference; the underlying ID images are processed by the provider under their own terms.
2.2 Connection data
- Exchange API keys. Encrypted at rest and never displayed back to you after entry. We accept only keys you supply us and require them to be limited to read + trade scope.
- DEX wallet material. Wallets used for on-chain execution are derived from key material that is encrypted at rest under your control.
- Connected-account metadata. Exchange names, wallet addresses, chain IDs, supported markets, last-sync time, and similar configuration data.
2.3 Trading and platform data
- Orders and fills you submit through the Services (symbol, side, quantity, price, venue, fees, slippage, time).
- Strategy configurations, deployments, and outcomes.
- AI recommendation requests and responses (your inputs and the ranked recommendations returned).
- Smart Order Router scoring inputs and decisions, including post-trade slippage measurements used to improve future routing.
- Notifications, alerts, and messages you receive (including Telegram messages where you have enabled the bot integration).
2.4 Payment data
Subscription billing is processed by Stripe. We receive the payment method’s last four digits, brand, expiry month, and a Stripe customer reference, plus the status, amount, and currency of each charge. We do not receive or store full card numbers.
2.5 Device and usage data
- IP address, approximate geolocation derived from the IP, browser type, operating system, device type, and language.
- Pages viewed, links clicked, features used, errors encountered, and timestamps.
- Authentication events (login, logout, password reset, second-factor challenge).
2.6 Cookies and similar storage
See our Cookie Policy for the complete list and your controls.
3. Why we use it (legal bases)
We process your personal data on the following legal bases under GDPR (and analogous bases under other laws):
- Performance of a contract. To create your account, connect your venues, execute trades you authorize, deliver AI recommendations, route orders, send transactional notifications, and bill your subscription.
- Legitimate interests. To prevent fraud, keep the Services secure, debug errors, improve features (including by training the Smart Order Router’s venue model and the limit-order fill-probability model on aggregate execution data), and communicate operationally with you. We have considered your rights and freedoms in setting the scope.
- Legal obligation. To comply with anti-money-laundering, counter-terrorist-financing, sanctions, tax, and recordkeeping laws applicable to us.
- Consent. For non-essential cookies, certain analytics, and marketing communications. You can withdraw consent at any time.
4. Who we share it with
We share personal data only as described below.
- Service providers. Cloud hosting, database, email delivery, KYC verification, payment processing (Stripe), error tracking, and customer-support providers. These providers process data on our instructions under contract.
- Connected venues. When you place an order, we send the necessary order data to the exchange, DEX, or perp venue you have connected, using your credentials or wallet. Those venues process the data under their own privacy notices.
- Telegram (optional). If you enable the Telegram bot integration, we send alerts and trade notifications to the Telegram chat ID you supplied. Telegram processes those messages under its own terms.
- Authorities. Where compelled by valid legal process, or where we have a good-faith belief that disclosure is necessary to comply with law, protect rights, or prevent fraud.
- Successors. In connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality protections.
We do not sell personal data, and we do not share personal data for cross-context behavioural advertising.
5. International transfers
We may transfer personal data to countries other than the one you are in, including countries that the European Commission or other regulators have not recognised as providing an adequate level of protection. Where we do, we rely on appropriate safeguards — including Standard Contractual Clauses or equivalent mechanisms — and apply additional technical and organisational measures.
6. How long we keep it
- Account data: for as long as your account is active, then for a residual retention period required by law and dispute-defence purposes (typically up to seven years).
- Trading and platform data: retained for as long as required to provide you with historical analytics and to satisfy our recordkeeping obligations.
- KYC verification results: retained for as long as required by the AML / CTF rules applicable to us.
- Payment records: retained for tax and accounting purposes for the periods required by law.
- Operational logs and error data: retained for a limited period (typically up to 90 days) and then deleted or aggregated.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, delete, port, restrict, or object to our processing of your personal data; to withdraw consent; to lodge a complaint with your supervisory authority; and to opt out of certain processing under local law (including, where applicable, the right to opt out of “sale” or “sharing” under US state privacy laws, even though we do not engage in those practices).
To exercise a right, email privacy@vant8.com from the address on your account, or use the in-account export and deletion controls where available. We may need to verify your identity before fulfilling certain requests.
8. Children
The Services are not directed at, and are not intended for, anyone under 18. We do not knowingly collect personal data from anyone under 18, and we will delete such data on becoming aware of it.
9. Security
We use technical and organisational measures appropriate to the nature and risk of the processing — encryption of credentials and key material at rest, transport encryption, access controls, logging, and incident response. No system is perfectly secure; you are responsible for safeguarding your account credentials and for using a strong, unique password and second-factor authentication.
10. Changes to this Policy
We will notify you of material changes in advance by email or in-product notice. Minor changes will be reflected in the “Last updated” date at the top of this Policy.
11. Contact
Privacy questions and requests: privacy@vant8.com. Postal address: [Registered Office Address].