EACrafter logo - AI trading bot builderEACrafter

GDPR Compliance

Information about our GDPR compliance and your data protection rights. Last updated: January 2, 2026.

Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data:

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your personal data

Legal Basis for Processing

We process your personal data based on:

  • Consent for marketing communications and referral program participation
  • Contract performance for service delivery including bot generation, collaboration, and licensing
  • Legitimate interests for service improvement, security monitoring, and fraud prevention
  • Legal obligations for compliance requirements and financial record keeping

Force Majeure & Subscription Terms

In compliance with consumer protection and data protection regulations, we may adjust subscription pricing due to force majeure circumstances, including:

  • VAT (Value Added Tax) and other tax obligation changes mandated by law
  • Regulatory compliance requirements imposing additional operational costs
  • Force majeure events beyond our reasonable control

Users will be provided 30 days advance notice of pricing changes (except where immediate VAT adjustments are legally required). You may exercise your right to cancel your subscription before new pricing takes effect.

Data Retention

We retain your personal data only for as long as necessary:

  • Account data: Until deletion plus 30 days
  • Bots, environments, licenses: Until account deletion
  • Transaction records: 7 years for tax compliance
  • Referral earnings: 7 years for tax compliance
  • Security audit logs: 2 years
  • Analytics: 26 months (anonymized)

Data Transfers

When we transfer your data outside the EU, we ensure appropriate safeguards are in place, such as adequacy decisions or standard contractual clauses.

Data Processing Activities

User Account Management

Purpose: Provide access to Bot Builder, EA Development Lab, and collaboration services

Legal Basis: Contract performance

Data: Name, email, avatar, account preferences, Visual Strategy Builder designs, bot configurations

Team Collaboration

Purpose: Enable multi-user bot development and review workflows

Legal Basis: Contract performance

Data: Team invitations, roles, review comments, online presence, collaboration history

Bot Environments & Licensing

Purpose: Manage development/staging/production environments and license restrictions

Legal Basis: Contract performance

Data: Environment configurations, license keys, account restrictions, broker prefixes

Payment Processing & Referrals

Purpose: Process subscriptions, custom development payments, and referral commissions

Legal Basis: Contract performance

Data: Payment details (via Stripe), referral codes, commission records

Custom EA Development

Purpose: Deliver professional Expert Advisor programming services

Legal Basis: Contract performance

Data: Trading strategy requirements, platform preferences, communication history

Bot Journal & Incident Logging

Purpose: Document trading sessions and track issues

Legal Basis: Contract performance

Data: Journal entries, incident reports, session notes, broker information

Risk Charter & Strategy Collections

Purpose: Store personal risk rules and organize trading strategies

Legal Basis: Contract performance

Data: Risk settings, drawdown limits, trading restrictions, collection metadata

Service Analytics & Security

Purpose: Improve platform, prevent fraud, and maintain security

Legal Basis: Legitimate interests

Data: Usage patterns, performance metrics, security audit logs, rate limiting data

International Transfers

Our primary data processing occurs within the EU. When we use third-party services that may transfer data internationally, we ensure:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs) are in place
  • Additional safeguards like encryption and access controls
  • Regular assessment of transfer mechanisms

Automated Decision Making

We use automated systems for:

  • Fraud detection: To protect our platform and users
  • Rate limiting: To ensure fair usage and prevent abuse
  • AI backtest analysis: To provide automated performance insights
  • Bot code generation: AI-powered trading bot creation
  • Content recommendations: To improve user experience

You have the right to request human review of automated decisions that significantly affect you.

Exercise Your Rights

To exercise any of your GDPR rights, contact our support team:

Privacy and GDPR Requests: support@eacrafter.com

Security Reports: technical@eacrafter.com

Response Time: Within 30 days (1 month)

Verification: ID may be required to verify identity

Free of Charge: All requests are processed without cost

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of discovery, as required by GDPR Article 34.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. You can contact:

  • Your local data protection authority
  • The authority in your EU country of residence
  • The authority where the alleged infringement occurred