Privacy Policy

The controller responsible for the processing of personal data on this platform is:

Trade Like Mark

hello@tradelikemark.com

Slovenia

If you have any questions or concerns regarding your personal data, please contact us at the email address above.

We collect the following categories of personal data:

• Account data: email address, name, password (hashed and stored securely)

• Payment data: billing information processed via Stripe — we never store your full card details

• Profile data: Telegram username (if you choose to connect your account)

• Usage data: pages visited, content accessed, lesson progress

• Technical data: IP address, browser type, device type, operating system

• Communication data: emails or messages you send to us

We process your personal data for the following purposes:

• To provide and operate the platform — Art. 6(1)(b) GDPR (performance of a contract)

• To process payments and manage your subscription — Art. 6(1)(b) GDPR

• To send account-related emails (receipts, password resets) — Art. 6(1)(b) GDPR

• To send marketing emails (newsletter) — Art. 6(1)(a) GDPR (consent — you may unsubscribe at any time)

• To improve platform performance and security — Art. 6(1)(f) GDPR (legitimate interests)

• To comply with legal obligations — Art. 6(1)(c) GDPR

We use cookies and similar technologies to operate the platform:

• Essential cookies: required for authentication and session management — these cannot be declined as they are necessary for the platform to function

• Analytics cookies: used to understand how visitors use the platform (only with your consent)

You can manage your cookie preferences via the banner shown on your first visit. You may withdraw consent at any time by clearing your browser cookies.

We use the following third-party services that may process your data:

• Supabase (supabase.com) — database and authentication hosting. Data may be processed on servers in the EU and USA. Supabase is certified under the EU-US Data Privacy Framework.

• Stripe (stripe.com) — payment processing. Stripe is PCI-DSS certified and processes payment data under its own privacy policy.

• Vercel (vercel.com) — website hosting and infrastructure. Servers located in the EU.

• YouTube (youtube.com / Google LLC) — embedded course videos. YouTube may set cookies and collect data when you watch embedded videos. Subject to Google's Privacy Policy.

• Telegram (telegram.org) — optional community feature. Only applies if you choose to connect your Telegram account.

We retain your personal data for as long as your account is active or as needed to provide our services. If you delete your account:

• Account and profile data is deleted within 30 days

• Payment records are retained for 7 years as required by Slovenian accounting law

• Anonymised usage analytics may be retained indefinitely

As a data subject under the GDPR, you have the following rights:

• Right of access (Art. 15): request a copy of your personal data

• Right to rectification (Art. 16): request correction of inaccurate data

• Right to erasure (Art. 17): request deletion of your data ("right to be forgotten")

• Right to restriction (Art. 18): request that we limit how we use your data

• Right to data portability (Art. 20): receive your data in a machine-readable format

• Right to object (Art. 21): object to processing based on legitimate interests

• Right to withdraw consent (Art. 7(3)): withdraw consent at any time (e.g. for marketing emails)

To exercise any of these rights, contact us at hello@tradelikemark.com. We will respond within 30 days. If you believe your rights have been violated, you may lodge a complaint with the Slovenian Information Commissioner (ip-rs.si).

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encrypted connections (HTTPS/TLS), hashed password storage, and access controls. However, no system is 100% secure and we cannot guarantee absolute security.

Some third-party services we use (such as Stripe and Supabase) may transfer data to countries outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the EU-US Data Privacy Framework.

TradeLikeMark is not intended for persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. The date of the latest revision is shown below. We will notify registered users of significant changes via email. Continued use of the platform after changes are published constitutes acceptance of the updated policy.

For any privacy-related questions or to exercise your rights:

Trade Like Mark

hello@tradelikemark.com

Slovenia