Privacy Policy

Your data is used exclusively to:

• •Provide and maintain the Performax service (journal, analytics, sync, alerts).
• •Power artificial intelligence features: the AI coach analyzes your trades, profiles, and psychological states to generate personalized insights.
• •Send email notifications that you have enabled (risk alerts, rule violations, API key errors).
• •Improve the product by analyzing aggregated usage data (pages visited, clicks) internally.

We do not sell, rent, or share your personal data for advertising or third-party marketing purposes.

• •Performance of contract (Art. 6(1)(b)): the majority of processing activities are necessary to provide you with the service you have subscribed to (trading journal, synchronization, AI coach, alerts).
• •Consent (Art. 6(1)(a)): psychological and behavioral tracking (mood, tilt score, revenge trading analysis) relies on your voluntary participation.
• •Legitimate interest (Art. 6(1)(f)): the collection of usage data (pages visited, clicks) for product improvement. You may object to this processing by contacting us.

Performax uses a minimal number of client-side storage mechanisms. All cookies listed below are essential, except PostHog which only loads after explicit consent:

Withdrawing consent: clear your browser's localStorage for this site (or use incognito mode) and the consent banner will reappear so you can change your choice.

We never sell your data. We share your data only with the technical sub-processors necessary for the operation of the service:

Crypto exchanges: when you connect an exchange (OKX, WEEX, Hyperliquid, Lighter), we use your API keys to retrieve your trade history and balances. Your API keys are encrypted at rest using industry-standard authenticated encryption before storage. We never transmit your API keys to any third party - they are used exclusively to communicate with the API of the exchange you have selected.

Market data APIs: we query public APIs to obtain market data (prices, volatility, economic calendar). No personal data is transmitted to these services.

Some of our sub-processors may process data in the United States. These transfers are governed by:

• •The EU-U.S. Data Privacy Framework (DPF) for certified entities.
• •Standard Contractual Clauses (SCCs) approved by the European Commission.

Our primary database is hosted in the European Union.

We retain your data in accordance with the following principles:

• •Account and trading data: retained as long as your account is active. Deleted upon account deletion.
• •AI conversations: retained as long as your account is active. Deleted upon account deletion.
• •Behavioral and psychological data: retained as long as your account is active to support the coach's longitudinal analyses.
• •Usage data (behavior logs): retained for product improvement purposes. Deleted upon account deletion.
• •Files (screenshots, images): retained in our storage buckets as long as your account is active.
• •After account deletion: all data identified above is permanently deleted (hard delete). No copies are retained, with the exception of automatic infrastructure backups that are purged according to our infrastructure provider's retention cycle (typically 7 days).

We implement the following technical measures:

• •Credential encryption: your exchange API keys are encrypted at rest using industry-standard authenticated encryption before storage.
• •Data isolation: strict per-user access controls are enforced at the database layer to ensure that each user can only access their own data.
• •Secure cookies: authentication sessions use HTTP-only cookies, inaccessible to client-side JavaScript.
• •Security headers: restrictive Content-Security-Policy, X-Frame-Options DENY, strict Referrer-Policy, Permissions-Policy disabling camera/microphone/geolocation.
• •Passwords: securely hashed using a modern, industry-standard algorithm. We never have access to your plaintext password.
• •Encrypted communications: all connections use HTTPS/TLS.
• •Rate limiting: AI endpoints are limited to 10 requests per minute per user, with monthly quotas per plan.

No security measure is infallible. We cannot guarantee the absolute security of your data, but we are committed to responding promptly in the event of an incident and to notifying you in accordance with the GDPR (Art. 33-34).

Under the GDPR and applicable legislation, you have the following rights:

• •Right of access (Art. 15): obtain confirmation that your data is being processed and receive a copy thereof.
• •Right to rectification (Art. 16): correct inaccurate or incomplete data.
• •Right to erasure (Art. 17): request the deletion of your data. You may delete your account from the application settings.
• •Right to restriction of processing (Art. 18): request the restriction of processing in certain circumstances.
• •Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
• •Right to object (Art. 21): object to processing based on legitimate interest (in particular, usage data collection).
• •Right relating to automated profiling (Art. 22): the AI coach analyses (tilt, revenge trading, scoring) constitute automated profiling. You may contest these analyses, request human intervention, or express your point of view.
• •Withdrawal of consent: you may withdraw your consent at any time for processing activities that rely on it (psychological data), without affecting the lawfulness of prior processing.

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority (in France: the CNIL - www.cnil.fr).

Account deletion: you may permanently delete your account from the Settings page of the application. Deletion requires confirmation of your password and results in the irreversible deletion of all your data (trades, exchange accounts, playbooks, AI conversations, behavioral data, files).

Data export: you may request a complete export of your data by contacting us at [email protected]. We will provide a JSON file containing all of your personal data within 30 days.

Performax is not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately.

We may update this privacy policy periodically. In the event of a material change, we will notify you by email or through an in-app notification before the changes take effect. The date of the last update is indicated at the top of this page.

We encourage you to review this page regularly to stay informed of our practices.

The data controller is:

Gourmet Systems FZ-LLC

FDRK8954 Compass Building, Al Shohada Road

Al Hamra Industrial Zone-FZ

Ras Al Khaimah, United Arab Emirates

For any questions regarding this privacy policy or your personal data:

Email: [email protected]