RISKSENT
Log inStart free

Privacy Policy

How we collect, use, share and protect your personal data when you use the RiskSent platform.

Last updated: April 20, 2026

1. Data controller

RiskSent (the “Controller”, “we”, “our”) is the data controller for personal data processed through the RiskSent website, apps and services (the “Platform”). The Platform is operated from Italy. The formal legal entity (company name, VAT / tax identification number and registered office) is pending incorporation and will be published here as soon as it is completed. In the meantime, any privacy-related request, GDPR exercise of rights or suspected breach can be sent to support@risksent.com; we respond within the timeframes required by GDPR.

2. What we collect

We collect only what we need to operate the Platform and to honour the agreement we have with you.

Account data

  • Identifiers: name, email, timezone, country, preferred language.
  • Authentication: hashed password, session tokens and OAuth identifiers where applicable.
  • Profile: trading style, risk preferences and onboarding answers you choose to provide.

Trading and usage data

  • Content you upload: strategies, journal entries, trades, notes, screenshots, backtest results.
  • Broker / data connections: read-only account information, trade history and metadata retrieved from third-party providers (e.g. MetaApi, MetaTrader accounts) strictly for the features you enable.
  • Alerts and integrations: Telegram chat IDs, webhook URLs and similar identifiers required to send you alerts.

Technical data

  • Device & network: IP address, user agent, device type, timestamps.
  • Product analytics: page views, feature usage, error logs and performance metrics to improve reliability.
  • Cookies: see our Cookie Policy for details.

Billing data

  • Plan, billing address, VAT ID (where applicable), invoices. Full card numbers are handled only by our PCI-compliant payment processor — we never store them.

3. How we use your data and legal bases (GDPR)

  • Provide the Platform (contractual necessity, art. 6.1.b GDPR) — accounts, authentication, trade import, backtesting, journaling, risk monitoring, alerts.
  • Billing & tax (legal obligation, art. 6.1.c GDPR) — issue invoices, keep accounting records.
  • Security & abuse prevention (legitimate interest, art. 6.1.f GDPR) — rate-limiting, fraud detection, audit logs.
  • Product improvement & analytics (legitimate interest) — aggregated metrics, bug reports, limited A/B testing. You can opt out of non-essential analytics at any time from /cookies.
  • Transactional emails (contractual necessity) — trial status, billing, security notices.
  • Marketing emails (consent, art. 6.1.a GDPR) — only if you opt in; you can unsubscribe from any marketing email.

4. Who we share data with

We do not sell your personal data. We share it only with carefully selected processors acting on our instructions:

  • Cloud hosting & database (e.g. Supabase, Vercel, AWS) for running the Platform.
  • Payment processor (e.g. Stripe) for billing.
  • Email provider for transactional and — with consent — marketing emails.
  • Analytics & error monitoring (e.g. Sentry) for performance and debugging.
  • AI provider (e.g. OpenAI / Anthropic) for the AI Coach feature — prompts are sent to process your request and are not used to train third-party models under our agreements.
  • Broker / data APIs (e.g. MetaApi) when you explicitly connect an account.
  • Messaging (e.g. Telegram) when you enable live alerts.

The full list of sub-processors is available on request at support@risksent.com.

5. International transfers

Some of our providers are located outside the EU/EEA. In that case, we rely on the European Commission’s Standard Contractual Clauses (SCC) and, where required, supplementary technical measures to protect your data.

6. How long we keep your data

  • Account data: while your account is active. After deletion we keep minimal data for up to 30 days for backup rotation, then erase it.
  • Trading content: deleted with the account (or on request) unless needed for legal defense.
  • Billing records: kept for up to 10 years as required by Italian/EU tax law.
  • Security logs: up to 12 months.

7. Your rights

Under the GDPR and similar laws, you have the right to:

  • access the data we hold about you and receive a copy;
  • rectify inaccurate data or complete incomplete data;
  • erase your data (“right to be forgotten”) where conditions are met;
  • restrict or object to certain processing;
  • data portability — receive your data in a structured, machine- readable format;
  • withdraw consent at any time, without affecting the lawfulness of prior processing;
  • lodge a complaint with your local supervisory authority (in Italy: Garante per la protezione dei dati personali, garanteprivacy.it).

To exercise any right, email support@risksent.com. We respond within 30 days.

8. Security

We apply appropriate technical and organisational measures — TLS everywhere, encryption at rest for sensitive fields, least-privilege access, 2FA for employees, audit logging, rate-limiting and regular backups — to protect your data. No system is 100% secure; in the event of a personal data breach affecting your rights, we will notify you and the competent authority as required by law.

9. Children

RiskSent is not directed to children under 18 and we do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

When we change this policy we will update the “Last updated” date and, for material changes, notify you by email or via an in-app banner before the change takes effect.

11. Contact

Privacy questions, GDPR requests or suspected breaches: support@risksent.com.

Questions about this document? Email us at support@risksent.com or visit our help center.