Privacy Policy
This Privacy Policy describes how EasyFunds LLC, a Delaware limited liability company ("EasyFunds," "we," "us," or "our"), collects, uses, and shares personal information when you use the Riskframer service at riskframer.com and dashboard.riskframer.com (the "Service").
We respect your privacy and aim to be transparent about our practices.
1. Who We Are (Data Controller)
For purposes of the EU General Data Protection Regulation (GDPR), the United Kingdom GDPR, and similar laws, EasyFunds LLC is the data controller of the personal information we process.
EasyFunds LLC (Delaware, USA)
Email for privacy matters: legal@riskframer.com
EU Representative
As a US-based entity offering services to individuals in the European Economic Area, we are required to designate a representative in the EU under Article 27 GDPR.
Our EU Representative is currently being appointed. Once designated, the EU Representative's name and contact details will be published here. Until then, you may direct GDPR-related requests directly to legal@riskframer.com and we will respond in accordance with applicable law.
2. Information We Collect
2.1 Information You Provide
- Account information: email address, password (hashed), name (optional), profile preferences.
- Trade data: trades you log manually, including symbol, size, entry/exit price, time, notes, tags, and any other fields you fill in.
- Subscription information: billing address, country, tax ID (if applicable). We do not store your full credit card number — payment information is collected and processed by Stripe.
- Brokerage credentials (Pro tier): your broker login, server, and password, used solely to connect to your brokerage account on your behalf. These credentials are stored encrypted and used only by our broker connectivity provider (MetaApi).
- Communications: messages you send to
hello@riskframer.com,legal@riskframer.com, or via in-app feedback.
2.2 Information Collected Automatically
- Usage data: pages visited, features used, timestamps, session duration, errors encountered.
- Device information: browser type, operating system, IP address, language preference.
- Cookies and similar technologies: see our Cookie Policy for details.
2.3 Information from Third Parties
- Stripe: payment status, transaction history, billing address (when you make a payment).
- MetaApi: trade execution data, account balance, open positions retrieved from your connected brokerage.
- Authentication providers (if you sign in with a third-party account in the future): basic profile data they share with us.
We do not purchase personal data from data brokers.
3. How We Use Your Information
We use your personal information to:
- Provide the Service: create and manage your account, store your trade journal, display analytics, connect to your brokerage account, enforce your trading rules, send notifications related to your trades.
- Process payments: bill you for Pro subscriptions, manage renewals, handle add-ons (via Stripe).
- Send transactional emails: welcome messages, trial reminders, payment notifications, security alerts. These are necessary to operate the Service and are not promotional.
- Improve the Service: analyze usage patterns, debug, develop new features, ensure security. Where we analyze user behavior, we use aggregated and pseudonymized data wherever possible.
- Provide support: respond to your inquiries, troubleshoot issues.
- Comply with legal obligations: respond to lawful requests from authorities, enforce our Terms, prevent fraud.
Legal Bases (GDPR)
For users in the EU/UK, we process personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Provide the Service | Performance of contract (Art. 6(1)(b)) |
| Process payments | Performance of contract (Art. 6(1)(b)) |
| Send transactional emails | Performance of contract (Art. 6(1)(b)) |
| Improve the Service, security, analytics | Legitimate interests (Art. 6(1)(f)) |
| Comply with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Marketing communications (if any) | Consent (Art. 6(1)(a)) — opt-in only |
You can object to processing based on legitimate interests by contacting legal@riskframer.com.
4. How We Share Your Information
We do not sell your personal information.
We share personal information only with:
4.1 Service Providers (Processors)
These third parties process data on our behalf under contractual agreements that limit how they may use it:
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA, EU |
| Supabase, Inc. | Hosting, database, authentication | USA, EU |
| Cloudflare, Inc. | Content delivery, security | Global |
| MetaApi | Brokerage connectivity | EU |
| Resend | Transactional email | USA, EU |
We have data processing agreements (DPAs) with these providers as required by applicable law.
4.2 Legal Requirements
We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of EasyFunds, our users, or others.
4.3 Business Transfers
If EasyFunds is involved in a merger, acquisition, or sale of assets, personal information may be transferred to the acquiring entity, subject to this Privacy Policy.
5. International Data Transfers
EasyFunds is based in the United States. When you use the Service from outside the United States, your personal information will be transferred to and processed in the United States and other countries where our service providers operate.
For transfers from the EU/UK to the US or other countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Adequacy decisions of the European Commission, where applicable, or
- Other appropriate safeguards under applicable law.
You may request a copy of the safeguards in place by contacting legal@riskframer.com.
6. Data Retention
We retain personal information only as long as necessary to:
- Provide the Service to you while your account is active.
- Comply with legal, tax, and accounting obligations (typically 7 years for billing records).
- Resolve disputes and enforce our agreements.
When you delete your account, we delete your personal information within 30 days, except where retention is required by law (for example, financial records). Brokerage credentials are deleted immediately upon account deletion.
Anonymized and aggregated data may be retained indefinitely as it does not identify you.
7. Your Rights
Depending on your location, you have the following rights regarding your personal information:
7.1 EU/UK Users (GDPR / UK GDPR)
- Access: request a copy of the personal information we hold about you.
- Rectification: request correction of inaccurate or incomplete information.
- Erasure ("right to be forgotten"): request deletion of your personal information, subject to legal retention requirements.
- Restriction: request that we limit how we process your information.
- Portability: receive your personal information in a structured, machine-readable format.
- Objection: object to processing based on legitimate interests.
- Withdrawal of consent: where processing is based on consent, withdraw it at any time.
- Complaint: lodge a complaint with your local data protection authority. A list of EU authorities is available at edpb.europa.eu.
7.2 California Users (CCPA / CPRA)
- Right to know what personal information we collect, use, and share.
- Right to delete your personal information, subject to exceptions.
- Right to correct inaccurate personal information.
- Right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioral advertising.
- Right to non-discrimination for exercising your rights.
7.3 Exercising Your Rights
To exercise any of these rights, contact us at legal@riskframer.com. We will respond within the timeframe required by applicable law (typically 30 days under GDPR, 45 days under CCPA). We may need to verify your identity before fulfilling your request.
8. Security
We implement reasonable technical and organizational measures to protect your personal information, including:
- Encryption in transit (TLS) for all communication with the Service.
- Encryption at rest for sensitive data including passwords (hashed) and brokerage credentials.
- Access controls and authentication for our systems.
- Regular security reviews of our infrastructure and third-party providers.
No security measure is 100% effective. If we become aware of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact legal@riskframer.com and we will delete it promptly.
10. Cookies and Tracking
We use cookies and similar technologies to operate and improve the Service. See our Cookie Policy for details, including how to manage your preferences.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date and, for material changes, notify you by email or via the Service. We encourage you to review this policy periodically.
12. Contact
For privacy-related questions, requests, or complaints:
EasyFunds LLC (Delaware, USA)
Email: legal@riskframer.com
For general support:
Email: hello@riskframer.com