DATA GOVERNANCE & SECURITY
Privacy Policy
Effective Date: July 18, 2026 | Last Updated: July 18, 2026
Commitment to Financial Privacy: AurumGamma Quant Research ("we," "our," or "us") is dedicated to institutional data privacy. We operate purely as an analytical order-flow platform. We do not connect to your personal broker accounts, we do not inspect your proprietary trading book, and we never sell user data to third parties.
1. Information We Collect
To provide our real-time Gamma Exposure (GEX) dashboard, Commitment of Traders (COT) terminal, and TradingView HUD integrations, we collect limited categories of information:
- Account & Authentication Data: When you subscribe to AurumGamma Pro, we collect your email address, account identifier, and subscription tier through our authentication infrastructure (Google Firebase Authentication).
- Payment Information: Subscription payments are processed securely by our third-party merchant of record (Whop / Stripe). We do not collect, process, or store full credit card numbers or banking credentials on our servers.
- Technical Session & Usage Logs: We collect non-identifiable technical metrics including browser type, IP address (truncated or anonymized for security monitoring), device viewport, and timestamp data when interacting with our real-time Firebase Firestore market feeds.
- Analytics Cookies: We utilize Google Analytics 4 (GA4) with IP anonymization enabled to understand site traffic trends and feature adoption across our dual dashboards.
2. How We Use Your Information
Your information is processed strictly for legitimate operational purposes:
- Real-Time Data Delivery: Authorizing your active session to fetch real-time CME 0DTE call/put walls and weekly CFTC COT ledger strings via our cloud APIs.
- Service Notifications & Rationale Updates: Communicating critical system maintenance, daily market open sync confirmations, and security notices.
- Security & Anti-Abuse: Preventing credential stuffing, unauthorized API scraping, and multi-IP simultaneous session abuse.
- Product Optimization: Analyzing aggregate, de-identified usage of our AI Gemini quant copilot and matrix radar to improve latency and interface responsiveness.
3. Sub-Processors & Third-Party Sharing
We work exclusively with audited, enterprise-tier sub-processors bound by strict confidentiality and data protection agreements:
- Google Cloud & Firebase: For real-time database synchronization (Firestore), authentication, and edge content delivery (Firebase Hosting).
- Stripe & Whop: For secure PCI-DSS compliant billing and subscription lifecycle management.
- TradingView Inc.: When you paste our Pine Script HUD code into TradingView, execution happens locally within your TradingView browser environment. We do not transmit data back from your private TradingView account.
4. International Data Transfers
Because AurumGamma operates globally, your data may be processed on secure servers hosted in the United States and the European Union. Whenever data is transferred outside the European Economic Area (EEA), we ensure robust protections through Standard Contractual Clauses (SCCs) approved by the European Commission.
5. Your Rights Under GDPR & CCPA/CPRA
If you reside in the European Economic Area (GDPR), United Kingdom (UK GDPR), or California (CCPA/CPRA), you possess comprehensive legal rights regarding your personal data:
- Right to Access & Portability: You may request an export of your account record and subscription history in a machine-readable format.
- Right to Rectification: You can update inaccurate email addresses or billing profiles directly via your user portal or by contacting support.
- Right to Erasure ("Right to be Forgotten"): You may request permanent deletion of your account and associated session records, provided no legal tax/billing retention requirement supersedes.
- Right to Restrict Processing & Opt-Out of Sale: We do not sell or share personal information for behavioral advertising. You may opt-out of optional analytics cookies at any time.
6. Data Retention & Security
We employ enterprise TLS 1.3 encryption in transit and AES-256 encryption at rest for all cloud storage tiers. Account data is retained only for as long as your subscription remains active plus 7 years for mandatory tax and accounting compliance. Temporary session logs and rate-limiting IP tokens are purged automatically within 30 days.
7. Contact Our Data Protection Officer (DPO)
To exercise your privacy rights or inquire about institutional data security compliance, contact our dedicated privacy team: