Privacy Policy

Last Updated: March 28, 2026

1. Introduction

Aramas GmbH, operating as MyAllies Trading ("we", "us", or "our"), is committed to protecting the privacy and personal data of our users. This Privacy Policy explains how we collect, use, store, and protect your information when you use our trading platform, website, mobile application, API, and related services (collectively, the "Services").

As a company headquartered in Zurich, Switzerland, we process all personal data in accordance with the Swiss Federal Act on Data Protection (nFADP/DSG), the Swiss Data Protection Ordinance (DPO/DSV), and, where applicable, the European General Data Protection Regulation (EU 2016/679, "GDPR") and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"). By using our Services, you acknowledge that you have read and understood this Privacy Policy.

This policy applies to all visitors, registered users, and trading clients of MyAllies Trading, regardless of their geographic location. Where specific regulations grant additional rights to residents of particular jurisdictions, those rights are described in the relevant sections below.

2. Information We Collect

2.1 Personal Identification Information

When you create an account, we collect personal identification information necessary to verify your identity and provide our Services in compliance with applicable Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. This includes:

• Full legal name, date of birth, and nationality
• Residential address and proof of address documentation
• Email address and telephone number
• Government-issued identification documents (passport, national ID, or driver's license)
• Tax identification number(s) and tax residency information
• Employment status, source of funds, and investment experience
• For corporate accounts: legal entity information, beneficial ownership details, articles of incorporation, and authorized signatory documentation

2.2 Financial and Trading Data

We collect data related to your trading activity on our platform, including:

• Order history, transaction records, and trade confirmations
• Portfolio positions, account balances, and margin requirements
• Profit and loss figures, dividend payments, and tax-related transaction data
• Deposit and withdrawal history, including payment method details
• Interaction with platform features such as watchlists, alerts, AI insights, and social trading
• Risk assessment information and investment suitability questionnaire responses

2.3 Technical and Usage Data

When you access our Services, we automatically collect certain technical information, including:

• IP address, browser type and version, operating system, and device identifiers
• Referring URLs, pages viewed, click patterns, and timestamps of interactions
• Screen resolution, language preferences, and time zone settings
• Session duration, feature usage frequency, and navigation paths
• API usage data, including request types, frequency, and response times
• Data collected through cookies and similar tracking technologies as described in Section 11

2.4 Communications Data

We retain records of communications between you and our support team, including emails, chat transcripts, phone call recordings (where disclosed and consented to), and any feedback or complaints you submit. This data is retained to improve our service quality and to maintain records required by financial services regulations.

3. How We Use Your Data

We use your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our trading platform and Services, including order execution, portfolio management, and market data delivery
• Identity Verification: To verify your identity and complete KYC/AML checks as required by applicable financial regulations
• Account Security: To monitor for and prevent unauthorized access, fraud, market manipulation, and other prohibited activities
• Communications: To send you account notifications, transaction confirmations, price alerts, and other service-related communications you have configured
• Regulatory Compliance: To comply with applicable laws, regulatory reporting obligations, tax reporting requirements, and respond to lawful requests from authorities
• Risk Management: To assess and manage credit risk, counterparty risk, and operational risk associated with your trading activity
• Platform Improvement: To analyze usage patterns, conduct research, and improve our features, AI models, and user experience
• Marketing: With your explicit consent, to send you promotional communications about new features, products, or services. You may opt out at any time

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual Necessity (Art. 6(1)(b) GDPR): Processing necessary for the performance of our contract with you to provide trading Services, including account management, order execution, and settlement
• Legal Obligation (Art. 6(1)(c) GDPR): Processing required to comply with applicable laws, including Swiss financial market supervision requirements (FINMA), AML/KYC regulations, tax reporting obligations, and record-keeping requirements
• Legitimate Interests (Art. 6(1)(f) GDPR): Processing necessary for our legitimate interests in operating, improving, and securing our platform, fraud prevention, and business analytics, provided these interests are not overridden by your fundamental rights and freedoms
• Consent (Art. 6(1)(a) GDPR): Processing based on your explicit consent for specific activities such as marketing communications, optional analytics, and participation in surveys or beta programs. You may withdraw consent at any time without affecting the lawfulness of prior processing

5. Data Sharing and Third Parties

We do not sell your personal data to third parties. We share your data only in the following circumstances and with the following categories of recipients:

• Brokerage and Execution Partners: Licensed financial intermediaries and clearing houses that execute and settle your trades, including Interactive Brokers and associated market venues
• Payment Processors: Stripe and banking partners for processing deposits, withdrawals, and payment verification
• Identity Verification Providers: Third-party KYC/AML service providers for identity verification and ongoing due diligence
• Cloud Infrastructure: Hosting, storage, and computing providers (with data processing agreements in place) for platform operation
• Analytics Providers: Anonymized and aggregated usage data shared with analytics partners for platform improvement
• Regulatory Authorities: Government agencies, financial regulators (including FINMA), tax authorities, and law enforcement as required by applicable law or legal process
• Professional Advisors: Legal, accounting, and audit professionals under obligations of confidentiality
• Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, your data may be transferred to the successor entity, subject to this Privacy Policy

All third-party service providers are contractually required to protect your data, process it only for the specific purposes we authorize, and maintain security measures at least as stringent as our own. We conduct due diligence on all data processors and require them to comply with applicable data protection laws.

6. International Data Transfers

Your data is primarily stored and processed in Switzerland, which is recognized by the European Commission as providing an adequate level of data protection. In cases where data is transferred to countries outside Switzerland or the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• European Commission adequacy decisions for the recipient country
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules for transfers within corporate groups
• The recipient's participation in recognized certification frameworks

For transfers to the United States, we rely on Standard Contractual Clauses and supplementary measures as needed to ensure an equivalent level of data protection. You may request a copy of the safeguards in place by contacting our Data Protection Officer.

7. Data Security

We implement comprehensive technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• AES-256 encryption for all data at rest and TLS 1.3 encryption for all data in transit
• Multi-factor authentication (MFA) for all user accounts and internal system access
• Role-based access controls with the principle of least privilege for internal personnel
• Regular security assessments, vulnerability scanning, and annual penetration testing by independent third parties
• SOC 2 compliant security practices for our infrastructure and operational processes
• Intrusion detection and prevention systems with 24/7 monitoring
• Employee background checks and mandatory data protection training
• Business continuity and disaster recovery plans with regular testing
• Incident response procedures for prompt detection, containment, and notification of data breaches

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy or as required by applicable law. Specific retention periods include:

• Trading Records: Transaction data and order history are retained for a minimum of ten (10) years in accordance with Swiss financial record-keeping requirements and applicable tax laws
• KYC/AML Records: Identity verification documents and due diligence records are retained for a minimum of ten (10) years after the termination of the business relationship
• Account Information: General account data is retained for the duration of your account relationship and for the legally required period thereafter
• Communications Records: Support correspondence and recorded communications are retained for five (5) years
• Technical Logs: Server logs and technical usage data are retained for up to twenty-four (24) months
• Marketing Data: Marketing preferences and consent records are retained until you withdraw consent, plus a reasonable period for record-keeping

When your data is no longer needed, we securely delete or anonymize it using industry-standard methods in accordance with our data retention and disposal policies.

9. Your Rights Under GDPR

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under applicable data protection law:

• Right of Access (Art. 15 GDPR): You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data
• Right to Rectification (Art. 16 GDPR): You have the right to request correction of inaccurate or incomplete personal data
• Right to Erasure (Art. 17 GDPR): You have the right to request deletion of your personal data, subject to applicable legal retention requirements. Please note that financial record-keeping obligations may prevent immediate deletion of certain data
• Right to Restriction (Art. 18 GDPR): You have the right to request restriction of processing in certain circumstances, such as when the accuracy of your data is contested
• Right to Data Portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller
• Right to Object (Art. 21 GDPR): You have the right to object to processing based on legitimate interests or for direct marketing purposes
• Right to Withdraw Consent (Art. 7(3) GDPR): Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal
• Right to Lodge a Complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local supervisory authority

To exercise any of these rights, please contact our Data Protection Officer using the details provided in Section 15. We will respond to your request within thirty (30) days, or within the timeframe required by applicable law.

10. Your Rights Under CCPA/CPRA

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively "CCPA") provides you with additional rights regarding your personal information:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected it, the business or commercial purpose for collecting it, and the categories of third parties with whom we share it
• Right to Delete: You have the right to request that we delete your personal information, subject to certain exceptions including legal retention obligations for financial records
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you
• Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising purposes
• Right to Limit Use of Sensitive Personal Information: You have the right to limit our use and disclosure of sensitive personal information to what is necessary to provide the Services
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality, or level of service for exercising your rights

To exercise your CCPA rights, you may submit a verifiable consumer request by contacting us at privacy@myallies.com or through your account settings. We will verify your identity before processing your request and respond within forty-five (45) days. You may also designate an authorized agent to make a request on your behalf.

Categories of Personal Information Collected (past 12 months): Identifiers, financial information, commercial information, internet activity, geolocation data, professional information, and inferences drawn from these categories. For a complete description, see Section 2 above.

11. Cookies and Tracking Technologies

Our platform uses cookies and similar technologies to enhance your experience, analyze usage patterns, and provide personalized features. For comprehensive information about our use of cookies, including the types of cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.

Categories of cookies used on our platform include:

• Strictly Necessary Cookies: Required for the platform to function correctly, including session management, authentication, security features, and load balancing. These cannot be disabled
• Functional Cookies: Enable personalized features such as language preferences, layout settings, and saved watchlist configurations
• Analytics Cookies: Help us understand how users interact with our platform so we can improve our Services. Data is aggregated and anonymized
• Performance Cookies: Monitor platform performance, error rates, and loading times to ensure service reliability

You can manage your cookie preferences through your browser settings or our cookie preference center. Please note that disabling essential cookies may affect your ability to use certain platform features, including trading functionality.

12. Children's Privacy

Our Services are not directed to individuals under the age of 18 (or the legal age of majority in their jurisdiction, whichever is greater). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without verified parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child, please contact us immediately.

13. Automated Decision-Making

Our platform uses automated systems for the following purposes:

• Fraud Detection: Automated monitoring of account activity and transactions to detect and prevent fraudulent or suspicious behavior
• AML Screening: Automated screening against sanctions lists and politically exposed persons (PEP) databases
• Risk Assessment: Automated risk scoring for margin trading and options trading eligibility based on your financial profile and trading experience
• AI Trading Insights: Machine learning models that generate market analysis and trading signals based on market data (these are informational only and do not execute trades without your instruction)

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. Where automated decisions affect your access to Services (such as account approval or trading permissions), you have the right to request human review, express your point of view, and contest the decision. Contact our support team to exercise this right.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and, where appropriate, by sending you an email notification at least thirty (30) days before the changes take effect. The date of the most recent revision is indicated at the top of this policy. Your continued use of our Services after any changes constitutes acceptance of the updated policy.

15. Contact and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:

Aramas GmbH
Data Protection Officer
Zurich, Switzerland
Email: privacy@myallies.com

If you are unsatisfied with our response to your data protection inquiry, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or, if you are located in the EEA, with your local data protection supervisory authority.