Legal Document
Privacy Policy
Privacy Notice · Last Updated: December 1, 2025
Data Controller
Tradoo AG · Baarerstrasse 8, CH-6300 Zug, Switzerland
Privacy Contact
privacy@tradoo.financeTable of Contents
Navigate to specific sections of these terms
About This Privacy Notice
Tradoo AG (hereinafter also "we", "us", or "Tradoo") collects and processes personal data relating to you and, in some cases, other individuals ("third parties"). In this Privacy Notice, the terms "data" and "personal data" are used interchangeably.
Key definitions
Any information relating to an identified or identifiable natural person. A person is identifiable if they can be identified, directly or indirectly, by an identifier (e.g., name, identification number, location data, online identifier) or by one or more factors specific to their identity.
A legally protected subcategory that may include data revealing racial or ethnic origin, religious or philosophical beliefs, health data, biometric data for identification, data concerning sex life or sexual orientation, genetic data and data on trade union membership.
Any operation performed on personal data, such as collection, recording, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment or combination, restriction, erasure, or destruction.
This Privacy Notice explains what we do with your data when you:
- Access or use our websites (tradoo.finance, tradoo.io, tradoo.ai, tradoo.foundation)
- Obtain our services or products
- Subscribe to newsletters, events, or waitlists
- Interact or communicate with us (e.g., via email, phone, forms, social media)
- Otherwise engage with us as a customer, supplier, partner, investor, or prospect
Where applicable, we may provide just-in-time notices for specific processing activities not covered by or supplementing this Privacy Notice. We may also inform you separately (e.g., in consent forms, contract terms, additional privacy notices, forms and other communications).
If you disclose personal data about third parties to us (e.g., colleagues, employees, business partners), you confirm that you are authorized to do so, that such data is accurate and that those individuals have been informed about this Privacy Notice.
This Privacy Notice is governed by the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR). The specific application of these laws depends on the individual case.
Data Controller
Tradoo AG is the controller for the processing described in this Privacy Notice, unless we inform you otherwise in a specific case (e.g., in an additional privacy notice, on a form, in a contract, or when a service provider acts as an independent controller).
Contact for privacy matters and to exercise your rights
Company Identification (UID)CHE-216.713.957
Data Protection Representative in the EEA
To ensure compliance with Art. 27 of the General Data Protection Regulation (GDPR), Tradoo has appointed a data protection representative within the European Economic Area (EEA). The EEA includes the European Union (EU) as well as the Principality of Liechtenstein, Iceland and Norway.
Our subsidiary, VGS Datenschutzpartner GmbH, located in Germany, serves as our official data protection representative in the EEA. They act as an additional point of contact for supervisory authorities and data subjects regarding all inquiries related to ensuring compliance with the GDPR.
We may also appoint additional representatives or a data protection officer for specific jurisdictions if required by law; where applicable, relevant details will be provided in the respective local notice.
What Data We Process
Depending on your interaction with us, we process various categories of data. The main categories are:
a) Technical data
When you use our websites or other online offerings, we collect technical data to ensure functionality, security and performance. This includes IP address, device and browser details, operating system, referrer URL, timestamps, pages viewed, interactions, session identifiers, cookie IDs and similar identifiers and server log files.
Retention: Typically 6-24 months; longer if required for security, forensic, legal, or technical reasons.
b) Registration data
Certain offerings (e.g., account areas, investor or partner portals, newsletter subscriptions, event registrations) require a user account or sign-up. You provide data such as name, email, password (hashed), 2FA details (if enabled), organization, role, preferences; we also collect metadata about access and use of the service.
Retention: For the duration of use plus typically 12 months after account closure or last use, unless longer retention is required for legal obligations, dispute resolution, or security.
c) Communication data
When you contact us (contact forms, email, phone, chat, social media, mail), we process the content of the communication, your contact details, associated metadata and—where legally permitted—recordings for training, support quality, or evidentiary purposes.
Retention: Typically 12 months after last interaction; emails and formal correspondence may be retained up to 10 years if required for compliance or evidentiary purposes.
d) Master data
Basic identity and relationship data required to manage our business relationships and for marketing/relationship management (where permitted): name, address, email, phone, language, job title/role, employer, relationship history, preferences, customer/investor numbers, powers of attorney, consent records, opt-outs, bank details (if relevant) and similar.
Retention: Typically 10 years after last interaction or contract end; shorter (often up to 2 years) for pure marketing contacts, unless legally or for evidentiary purposes required longer.
e) Contract data
Data arising in connection with contract initiation and performance: agreements, usage records, billing and payment information, deliverables, support cases, KYC/AML data (if legally required), feedback and complaints.
Retention: Typically 10 years after last contract activity or contract end; longer if legally or for evidentiary purposes required.
f) Behavioral and preference data
To improve our offerings and personalize communications (where permitted), we analyze how users interact with our websites and services (e.g., page flows, clicks, features used). We may combine this with other data (e.g., master/registration data) to infer preferences.
Retention: Typically 2 weeks to 24 months, depending on relevance; longer if required for legal or technical reasons.
g) Other data
Depending on context, we may process: access control data (visitor lists, badge logs), images or recordings from events (with appropriate on-site notice), data related to legal proceedings or regulatory inquiries and data about shareholders/investors for corporate law purposes.
Obligation to provide data
You are generally not obligated to provide data. However, certain services (account creation, contracts, access to protected areas) cannot be provided without necessary data. The websites cannot be used without processing technical data. For marketing analytics and non-essential cookies, you can refuse or withdraw consent (see Section 12).
Purposes of Processing
We process personal data for the following purposes (and compatible purposes):
Responding to inquiries, providing information, customer support, exercising data subject rights; documentation for training, quality assurance and evidentiary purposes.
Providing and improving functionality, availability, performance, information security (including fraud/abuse detection, incident handling), user experience and accessibility.
Concluding, managing and performing agreements with customers, suppliers, partners and investors; account management; billing; compliance checks (e.g., AML/KYC, where locally applicable).
Analyzing usage and feedback to develop and improve features, content, design and performance.
Sending information about our products and services (including newsletters), where permitted; personalizing content and offers where consent is given; organizing events and community activities.
Fulfilling legal obligations (commercial, tax, corporate, regulatory), record-keeping, enforcing or defending legal claims, risk management and corporate governance.
Protecting facilities, infrastructure, networks and data; managing visitor access and incident response.
You can object to processing based on legitimate interests and you can withdraw consent at any time (see Section 11 and Section 12). For direct marketing, you can unsubscribe at any time via the unsubscribe link or by contacting privacy@tradoo.finance.
Legal Basis for Processing
Depending on the specific processing and jurisdiction, we rely on:
E.g., newsletters, certain cookies/analytics, specific optional features. You can withdraw consent at any time with effect for the future.
E.g., account creation, service provision, billing.
E.g., website security and analytics, communicating with you, improving and managing our business, defending legal claims, ensuring network and information security.
E.g., retention obligations, accounting, corporate, tax, or regulatory requirements (including AML/KYC, where applicable).
In rare cases only.
Where we process sensitive personal data, we do so only if and to the extent a legal basis exists (e.g., explicit consent, necessity for the establishment, exercise, or defense of legal claims, overriding public interest, or as otherwise permitted under applicable law).
Profiling and Automated Decisions
We may analyze personal aspects concerning you (profiling) based on the data described in Section 3, in order to:
- Infer preferences to improve content and UX
- Detect abuse and enhance security
- Conduct statistical analyses, forecasts and capacity planning
- Tailor information (including, where consent is given, marketing)
We aim for proportionality and accuracy and implement safeguards against misuse.
Automated individual decisions with legal effect or similarly significant impact on you are not made without human review. If such decisions become necessary (e.g., for legally required fraud prevention), we will inform you as required by law and provide the opportunity to obtain human intervention and contest the decision.
Data Sharing and Recipients
In connection with the purposes described in Section 4, we may disclose personal data to the following categories of recipients. These recipients may process the data as processors (acting on our behalf), joint controllers, or independent controllers:
We use carefully selected third-party providers in Switzerland or abroad to perform certain tasks on our behalf, such as: IT hosting, cloud storage and server infrastructure; website operation and analytics; communication tools (email providers, support platforms); payment and billing service providers; identity verification or security service providers (if applicable).
We may share data with customers, suppliers, advisors, investors, or other contractual partners where necessary for contract performance, due diligence, collaboration, negotiations, reporting, advisory services, or relationship management.
We may disclose data when: legally obligated to do so; fulfilling regulatory or reporting obligations; necessary for the establishment, exercise, or defense of legal claims; necessary to protect our rights, property, or safety.
We may disclose data to lawyers, auditors, tax advisors and consultants. These parties are subject to professional confidentiality obligations.
In some cases, data may be disclosed to third parties in the context of transactions (e.g., mergers, acquisitions, financing arrangements), strictly to the extent required and under confidentiality obligations.
International Data Transfers
As set out in Section 7, personal data may be disclosed:
- Within Switzerland
- Within the European Economic Area (EEA)
- And in certain cases worldwide (e.g., United States)
If the recipient is located in a country without adequate data protection under Swiss or EU law, we ensure protection through one or more of the following measures:
- Adequacy decision by the Swiss Federal Council or European Commission
- Standard Contractual Clauses (SCCs) of the European Commission
- Binding Corporate Rules of the recipient
- Your explicit consent, where appropriate
- Situations where disclosure is contractually, legally, in the public interest, or for legal claims required
Note: Internet routing may involve data transmission across borders even when sender and recipient are in the same country.
Data Retention Periods
We store personal data for as long as necessary:
- To fulfill the purposes described in Section 4
- To meet legal and regulatory retention requirements
- Or for our legitimate interests in documentation and evidence preservation (e.g., to enforce or defend legal claims)
| Data Type | Typical Retention Period |
|---|---|
| Technical / Analytics data | 6-24 months |
| Registration and account data | Duration of use + 12 months |
| Emails and correspondence | Up to 10 years (evidence and legal compliance) |
| Contract and billing records | 10 years (statutory retention) |
| Visitor and access logs | Typically up to 3 months |
| Marketing contact data | Until withdrawal or 2 years after last interaction |
| Investor / shareholder records | As legally required (may exceed 10 years) |
After the applicable retention period expires, we delete or anonymize the data in accordance with our normal operational procedures.
Data Security
We implement technical and organizational measures to ensure the confidentiality, integrity and availability of your personal data. These include, as appropriate:
- Access controls and authentication procedures
- Encryption of data in transit and at rest (where appropriate)
- Network and infrastructure monitoring
- Backup and recovery procedures
- Security and access logging
- Internal confidentiality policies and training
- Access restriction on a need-to-know basis
Security notice
However, no system can be completely secure. If you believe your data or account may have been compromised, contact us immediately at: privacy@tradoo.finance.
Your Rights
Depending on applicable law (Swiss FADP / GDPR), you have the right to:
Access
Access to your personal data
Data Portability
Receive a copy of your data in a common electronic format
Rectification
Correction of inaccurate or incomplete data
Erasure
Deletion of your data (subject to legal limitations)
Restriction
Restriction of processing
Objection
Object to processing based on legitimate interests
Withdrawal of Consent
At any time (for consent-based processing; with effect for the future)
We may request proof of identity to prevent unauthorized access.
If you are located in Switzerland, the EU, or the EEA, you have the right to lodge a complaint with the competent data protection authority. However, we encourage you to contact us first so we can address your concern.
Cookies and Tracking Technologies
Strictly necessary cookies only
We use only strictly necessary cookies required for the technical operation and security of the websites. These cookies do not track your browsing behavior across websites and are not used for analytics, profiling, or targeted advertising.
We do NOT use
Marketing cookies
Cross-site tracking identifiers
Advertising pixels
Behavioral analytics cookies (e.g., Google Analytics, Meta Pixel, LinkedIn Insight Tag)
Certain third-party tools or embedded content (e.g., blockchain network widgets, chart visualizations, or social media sharing modules) may set their own cookies when loaded. These cookies are controlled by the respective third parties. Their own privacy and cookie policies apply.
You can disable cookies via your browser settings. Please note that disabling certain cookies may impair the basic functionality of the websites.
For more details, see our Cookie Policy.
Manage your cookie preferences
You can review and update your cookie settings at any time.
Social Media Presence
We maintain pages on social platforms (e.g., X/Twitter, LinkedIn, Instagram, YouTube, Telegram, Discord).
When you visit or interact with such pages:
- We may receive statistics and interaction data about visits and engagement
- The platform operators process your data independently for their own purposes (e.g., profiling, marketing, platform improvement)
For details, please consult the privacy policies of the respective platforms.
Changes to This Notice
We may change or update this Privacy Notice at any time, particularly when we:
- Adjust our internal data processing practices
- Introduce new products or services
- Adopt changes to legal, regulatory, or technical requirements
- Integrate new service providers, technologies, or data transfers
- Or develop our operational or organizational structures
The version published on our websites at the time of access applies.
If changes are material, we will take appropriate steps to inform you transparently. This may include notifications on the websites, in-product notifications, email communications, or prompts at your next interaction with our services.
Where required by law, we will obtain your renewed consent before applying changes—for example, when introducing new processing purposes, expanded use of data categories, cross-border transfers to recipients without adequacy decisions, or additional tracking and profiling features.
We recommend reviewing this Privacy Notice regularly. The date of the last update is indicated at the end of this document.
Regulatory Context - Financial Services and Wealth Management
Activities in the area of digital asset management, algorithmic trading support, tokenization, or automated portfolio strategies may be subject to financial market and anti-money laundering regulations. In this context, the processing of personal data may additionally be subject to the following legal frameworks, where applicable:
- Swiss Anti-Money Laundering Act (AMLA / GwG)
- Swiss Financial Services Act (FinSA / FIDLEG)
- Swiss Financial Institutions Act (FinIA / FINIG)
- Swiss Anti-Money Laundering Ordinance (AMLO / GwV)
- And the supervisory practice of the Swiss Financial Market Supervisory Authority (FINMA) or comparable foreign authorities
Tradoo AG currently does not provide any services that require authorization or licensing under FinSA, FinIA, AMLA, or comparable international financial market regulations.
The platform provides software-based analysis, automation and data tools only.
Tradoo AG does not receive, hold, safeguard, manage, or invest client funds on behalf of users.
Tradoo AG does not provide investment advice, portfolio management, asset management, brokerage, execution services, or any activity involving discretionary management of client assets.
All trading and investment decisions are made solely and independently by the user, at their own discretion and risk.
Any potential future expansion of the service offering into regulated activities will only occur after full regulatory assessment and obtaining all necessary licenses and registrations. Regulatory and compliance integrity is a core priority for Tradoo AG.
Depending on your interaction with us - particularly if you:
- Create or maintain a user, trading, or investment account
- Submit identity or residency documentation
- Conduct transactions, deposits, withdrawals, or token-related activities
Tradoo AG may be legally required to:
- Verify identity and beneficial ownership (KYC)
- Assess risk category and suitability, where applicable
- Monitor and document transactions in accordance with anti-money laundering requirements
- Retain records for at least 10 years for audit and compliance purposes
- And disclose certain data to competent authorities, where legally required
These obligations apply regardless of your place of residence, nationality, or access method (e.g., web interface, API, wallet or smart contract interactions).
Contact for Data Protection and Regulatory Inquiries
Tradoo AG
Related Legal Documents
Additional information about our services
Tradoo AG
Baarerstrasse 8 • CH-6300 Zug • Switzerland
UID: CHE-216.713.957 • Commercial Register
Email: legal@tradoo.finance
Document Type: Terms of Use
Version 1.0 · November 15, 2025