GDPR Compliance Statement
Effective Date: December 14, 2024
Our Commitment
jazzrabbit OÜ is fully committed to complying with the General Data Protection Regulation (GDPR). As an Estonian company, we are subject to EU data protection laws and take your privacy rights seriously.
Key GDPR Principles We Follow
1. Lawfulness, Fairness, and Transparency
- We clearly explain what data we collect and why
- We only process data when we have a legal basis
- Our Privacy Policy is written in clear, plain language
2. Purpose Limitation
- We only use your data for the purposes we've stated
- We don't sell your data to third parties
- Marketing is only with your explicit consent
3. Data Minimization
- We only collect data necessary for our service
- We don't request unnecessary personal information
- Anonymous data is used where possible
4. Accuracy
- You can update your personal data at any time
- We provide tools to correct inaccurate information
- We delete outdated data proactively
5. Storage Limitation
- Trading data: 2 years after account closure
- Analytics: anonymized after 26 months
- Account data: deleted upon request
6. Security
- All data encrypted in transit and at rest
- EU-based hosting (Hetzner, Germany)
- Regular security audits and updates
Your Rights Under GDPR
| Right | Description | How to Exercise |
|---|---|---|
| Access | Get a copy of your data | Email privacy@telegramtometatrader.com |
| Rectification | Correct inaccurate data | Account settings or email |
| Erasure | Delete your data | Email request |
| Portability | Export your data | Email request |
| Restriction | Limit processing | Email request |
| Objection | Object to processing | Email request |
| Withdraw Consent | Revoke consent | Email or account settings |
Response Time
We respond to all GDPR requests within 30 days as required by law.
Data Processing Agreements
We have Data Processing Agreements (DPAs) with all our sub-processors:
- Supabase (database)
- MetaApi (trading API)
- Posthog (analytics)
- Stripe (payments)
- Hetzner (hosting)
International Transfers
When data is transferred outside the EU/EEA:
- We use Standard Contractual Clauses (SCCs)
- We verify adequate protection levels
- We assess third-country risks
Data Protection Officer
For GDPR inquiries, contact:
Email: dpo@telegramtometatrader.com
Supervisory Authority
You have the right to lodge a complaint with:
Andmekaitse Inspektsioon (Estonian Data Protection Inspectorate)
Website: www.aki.ee
Email: info@aki.ee
Security Measures
Technical Measures
- TLS 1.3 encryption for all connections
- AES-256 encryption for sensitive data at rest
- Secure password hashing (bcrypt)
- Regular vulnerability assessments
Organizational Measures
- Access controls and least privilege
- Employee training on data protection
- Incident response procedures
- Regular policy reviews
Data Breach Notification
In case of a data breach:
- We notify the supervisory authority within 72 hours
- Affected users are notified without undue delay
- We document all breaches and responses
Updates
This statement is reviewed annually and updated as needed. Material changes will be communicated via email.
Last Updated: December 14, 2024
For questions about GDPR compliance:
jazzrabbit OÜ
Registry code: 16489902
Email: privacy@telegramtometatrader.com