Privacy Policy

Last updated: 4 May 2026

This policy explains what personal data ForexFin (“we”, “us”) collects, why, and your rights under the EU General Data Protection Regulation (GDPR) and the Dutch Uitvoeringswet AVG.

1. Who runs ForexFin

ForexFin is operated as a Netherlands-based sole trader. For any privacy question or to exercise your rights, contact privacy@forexfin.tech.

2. What we collect, why, and on what legal basis

• Email address — if you sign in to set up price alerts. We use it to send you a magic-link sign-in and the alert emails you create. Legal basis: performance of a contract (Art. 6(1)(b) GDPR).
• Alert configuration (pair, threshold, optional note) — required to deliver the service you asked for. Legal basis: performance of a contract.
• Server logs (IP address, user-agent, request paths, timestamps) — for security, abuse prevention, and debugging. Legal basis: legitimate interest (Art. 6(1)(f)) in keeping the service running and secure.
• Analytics events (page views, referrer, anonymised IP, device type) via Google Analytics 4 — only if you accept analytics cookies. Legal basis: your consent (Art. 6(1)(a)).

The calculators on this site run entirely in your browser. The numbers you enter (account balance, lot size, prices, etc.) are never sent to us.

3. Who else processes your data

We share the minimum needed with the following processors, all bound by data-processing agreements:

• OVH (EU) — hosting and server infrastructure.
• Postmark (US) — transactional email delivery for sign-in links and alert notifications.
• Twelve Data (US) — FX rate provider. We send only the currency-pair symbol; no personal data.
• Google Analytics 4 (US) — only after you grant consent. IP is anonymised; no advertising features are enabled.

4. International transfers

Where a processor is based outside the EU/EEA (Postmark, Twelve Data, Google), transfers are covered by the European Commission’s Standard Contractual Clauses and supplementary safeguards.

5. How long we keep it

• Account & alerts: kept while your account is active. Triggered alerts are retained for 90 days, then deleted.
• Server logs: 30 days.
• Analytics data (if consented): 14 months in Google Analytics, then automatically purged.

You can request deletion of your account and all associated data at any time by emailing us.

6. Your rights

Under GDPR you have the right to:

• Access the data we hold about you, and receive a copy in a portable format.
• Rectify inaccurate data.
• Erase your data (“right to be forgotten”).
• Restrict or object to processing based on legitimate interest.
• Withdraw consent for analytics at any time — either via the “Change your choice” control on our Cookie Policy page, or by clearing your browser’s site data.
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl) or the supervisory authority in your country of residence.

7. No automated decision-making

We do not perform profiling or automated decision-making in the sense of Art. 22 GDPR. Price-alert evaluation is a simple threshold check, not a decision about you.

8. Security

Traffic is encrypted in transit with TLS. Sign-in is passwordless via single-use email links. Sessions are stored in an HTTP-only cookie scoped to this domain.

9. Changes

If we update this policy, we will change the “Last updated” date above and, for material changes, notify account holders by email.

10. Contact

Questions, requests, or complaints: privacy@forexfin.tech.