Legal

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how ATLAS FX Signals, operated by YellowParadox, collects, uses, and protects your personal information.

1. Information We Collect

ATLAS FX Signals is operated by YellowParadox. This policy describes how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Portuguese law.

YellowParadox®
Email: [email protected]
Portugal

Data Controller: YellowParadox - [email protected]

2. How We Use Your Information

Account Information

  • Full Name - Used for account identification and communications
  • Email Address - Used for authentication, notifications, and support
  • Password - Stored using bcrypt one-way hashing; we never store or see your plain-text password

Payment Information

  • Payment processing is handled entirely by Stripe; we do not store credit card numbers
  • We store your Stripe Customer ID to manage your subscription

Usage Data

  • API request logs (endpoint, timestamp, IP address)
  • Signal history and EA polling records
  • Login timestamps and session data

Technical Data

  • Browser type, operating system, and device information
  • MetaTrader account number and platform version (sent by the EA)

3. Data Storage and Security

We process your data under the following lawful bases:

  • Contract - Processing necessary to provide the Service you subscribed to
  • Legitimate Interest - Improving our platform, preventing fraud, and ensuring security
  • Legal Obligation - Compliance with tax, accounting, and regulatory requirements
  • Consent - Where you have explicitly opted in, such as marketing communications

4. Third-Party Services

  • Providing and maintaining the Service, including signal delivery and EA connectivity
  • Processing subscription payments via Stripe
  • Sending account notifications, security alerts, and service updates
  • Detecting and preventing fraud, abuse, and unauthorised access
  • Analysing usage patterns to improve signals, platform performance, and user experience

5. Your Rights (GDPR)

We share data only with the following categories of third-party processors:

  • Stripe - payment processing (PCI DSS Level 1 certified)
  • Cloudflare - CDN, DDoS protection, and SSL termination
  • Law enforcement or regulatory authorities when required by applicable law

We do not sell, rent, or trade your personal data to any third party.

6. Data Retention

Your data is stored on servers located in the European Union. All data is encrypted at rest and in transit using TLS 1.2+. We do not transfer personal data outside the EU/EEA.

7. Changes to This Policy

  • Account Data - Retained while your account is active, deleted within 30 days of account deletion
  • Payment Records - Retained for 7 years as required by Portuguese tax law
  • API Logs - Retained for 90 days, then automatically purged
  • Signal History - Retained for the duration of your subscription, anonymised upon account deletion

8. Your Rights Under GDPR

As a data subject, you have the following rights:

  • Right of Access - Request a copy of all personal data we hold about you
  • Right to Rectification - Correct inaccurate or incomplete personal data
  • Right to Erasure - Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction - Request that we limit processing of your data
  • Right to Data Portability - Receive your data in a structured, machine-readable format
  • Right to Object - Object to processing based on legitimate interest
  • Right to Withdraw Consent - Withdraw previously given consent at any time

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Data Security

We implement industry-standard security measures to protect your data:

  • TLS 1.2+ encryption for all data in transit
  • Bcrypt hashing for passwords
  • SHA-256 hashing for API tokens
  • Role-based access controls and audit logging
  • Regular security reviews and dependency updates

10. Cookies

For detailed information about cookies and similar technologies used on our platform, please see our Cookie Policy.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take steps to delete it.

12. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights, we will notify the relevant supervisory authority within 72 hours and notify affected users without undue delay, as required by Article 33 and 34 of the GDPR.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the platform at least 14 days in advance. Your continued use of the Service after changes constitutes acceptance.

14. Contact

For questions about this Privacy Policy or to exercise your data protection rights, contact us:

YellowParadox®
Email: [email protected]
Portugal