Risk Disclosure: Trading involves substantial risk of loss and is not suitable for all investors. Full Disclaimer

MomentumTrading.aiBack to Home

Privacy Policy

Last updated: March 6, 2026

This Privacy Policy describes how MomentumTrading.ai collects, uses, stores, shares, and protects your personal information. We are committed to transparency and to safeguarding your privacy rights under applicable laws including the California Consumer Privacy Act (CCPA), the General Data Protection Regulation (GDPR), and other applicable privacy regulations.

Our Privacy Commitment: We do not sell your personal information. We do not share your data with third parties for their own marketing purposes. We collect only what is necessary to provide and improve our Service. You have the right to access, correct, delete, and port your data at any time.

Table of Contents

  1. 1. Introduction & Scope
  2. 2. Data Controller & Contact Information
  3. 3. Information We Collect
  4. 4. Cookies & Tracking Technologies
  5. 5. Analytics & Third-Party Services
  6. 6. Legal Bases for Processing (GDPR)
  7. 7. How We Use Your Information
  8. 8. Sharing & Disclosure of Information
  9. 9. Financial & Payment Data
  10. 10. Data Retention Schedule
  11. 11. Data Security Measures
  12. 12. Data Breach Notification
  13. 13. International Data Transfers
  14. 14. Your Rights Under CCPA (California)
  15. 15. Your Rights Under GDPR (EEA/UK)
  16. 16. Additional U.S. State Privacy Rights
  17. 17. Do Not Track Signals
  18. 18. Third-Party Links & Services
  19. 19. Children's Privacy
  20. 20. Changes to This Privacy Policy
  21. 21. Contact Us & Exercise Your Rights

1. Introduction & Scope

MomentumTrading.ai ("Company," "we," "our," or "us") operates the website located at momentumtrading.ai and all associated web applications, dashboards, and services (collectively, the "Service"). This Privacy Policy applies to all information collected through the Service, as well as any related services, sales, marketing, or events.

This Privacy Policy should be read in conjunction with our Terms of Service and Risk Disclosure & Disclaimer. By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

This policy applies to information collected from:

  • Visitors to our website (whether or not they create an account)
  • Registered users and subscribers of the Service
  • Individuals who contact us via email, support channels, or social media
  • Individuals who participate in surveys, promotions, or events

2. Data Controller & Contact Information

For the purposes of the GDPR and other applicable data protection laws, MomentumTrading.ai is the "data controller" of your personal information. This means we determine the purposes and means of processing your personal data.

MomentumTrading.ai

Data Protection Officer (DPO): [email protected]

Privacy inquiries: [email protected]

General support: [email protected]

If you are located in the European Economic Area (EEA) or the United Kingdom (UK) and have concerns about our data processing practices that we have not adequately addressed, you have the right to lodge a complaint with your local data protection supervisory authority.

3. Information We Collect

We collect information in three categories: information you provide directly, information collected automatically, and information from third-party sources.

3.1 Information You Provide Directly

Data CategorySpecific Data PointsWhen Collected
Account InformationFull name, email address, username, password (hashed)Account registration
Billing InformationBilling name, billing address, payment method type (card brand, last 4 digits only — full card numbers are processed by Stripe and never stored on our servers)Subscription purchase
Profile InformationTrading experience level, preferences, notification settingsOnboarding quiz, account settings
CommunicationsEmail content, support ticket content, feedback submissionsWhen you contact us
Survey ResponsesAnswers to optional surveys, feature requests, feedback formsWhen you participate

3.2 Information Collected Automatically

Data CategorySpecific Data PointsCollection Method
Device InformationDevice type, operating system, browser type and version, screen resolution, device identifiersHTTP headers, JavaScript APIs
Network InformationIP address, approximate geolocation (city/region level), ISP, connection typeServer logs
Usage DataPages viewed, features used, alerts clicked, time spent on pages, navigation paths, search queries within the ServiceAnalytics tracking, server logs
Referral DataReferring URL, landing page, campaign parameters (UTM tags)HTTP headers, URL parameters
Performance DataPage load times, error logs, crash reportsBrowser performance APIs

3.3 Information from Third-Party Sources

We may receive information about you from the following third-party sources:

  • Payment Processor (Stripe): Transaction confirmation, payment status, billing address verification results. We do not receive or store your full credit card number.
  • Authentication Providers: If you sign in using a third-party authentication service (e.g., Google, GitHub), we receive your name, email address, and profile picture as authorized by you during the sign-in process.
  • Analytics Providers: Aggregated and anonymized usage statistics from our analytics tools.

4. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate, analyze, and improve the Service. A "cookie" is a small text file stored on your device by your web browser. Below is a detailed breakdown of the cookies we use:

4.1 Types of Cookies We Use

Cookie TypePurposeDurationRequired?
Strictly NecessaryAuthentication, session management, security (CSRF protection), load balancing. The Service cannot function without these.Session to 30 daysYes
FunctionalRemember your preferences (theme, notification settings, dashboard layout), language selection, and recently viewed alerts.Up to 1 yearNo
Analytics / PerformanceMeasure how you use the Service (pages visited, features used, errors encountered) to help us improve. Data is aggregated and anonymized where possible.Up to 2 yearsNo
Marketing / AdvertisingTrack the effectiveness of our advertising campaigns and measure conversion rates. We do not serve third-party display ads on the Service.Up to 2 yearsNo

4.2 Managing Cookies

You can control and manage cookies in several ways:

  • Browser Settings: Most browsers allow you to refuse or delete cookies through their settings. Consult your browser's help documentation for instructions.
  • Opt-Out Tools: You can opt out of analytics cookies by using tools such as the Google Analytics Opt-Out Browser Add-on.
  • Industry Opt-Outs: You can opt out of interest-based advertising through the Digital Advertising Alliance (DAA) at optout.aboutads.info or the Network Advertising Initiative (NAI) at optout.networkadvertising.org.

Please note that disabling certain cookies may affect the functionality of the Service. Strictly necessary cookies cannot be disabled as they are essential for the Service to operate.

4.3 Other Tracking Technologies

In addition to cookies, we may use:

  • Web Beacons (Pixel Tags): Small transparent images embedded in emails or web pages to track whether an email has been opened or a page has been visited.
  • Local Storage: HTML5 local storage and session storage to store preferences and session data on your device.
  • Fingerprinting: We do not use browser or device fingerprinting techniques to track users across websites.

5. Analytics & Third-Party Services

We use the following third-party services that may collect information about your use of the Service:

ServicePurposeData CollectedPrivacy Policy
StripePayment processingPayment details, billing address, transaction datastripe.com/privacy
Web AnalyticsUsage analyticsPage views, session duration, feature usage, anonymized IPVaries by provider
Email Service ProviderTransactional & marketing emailsEmail address, open rates, click ratesVaries by provider
Error MonitoringBug tracking & performanceError logs, stack traces, device info, anonymized user IDVaries by provider
CDN / HostingContent delivery & hostingIP address, request headers, access logsVaries by provider

Each of these third-party services has its own privacy policy governing how they collect and use data. We encourage you to review their respective privacy policies. We select third-party providers that demonstrate a commitment to data protection and, where applicable, are certified under recognized privacy frameworks.

7. How We Use Your Information

We use the information we collect for the following purposes:

7.1 Service Delivery

  • Create and manage your account
  • Process subscription payments and manage billing
  • Deliver AI-generated alerts and analysis to your dashboard
  • Provide customer support and respond to inquiries
  • Send transactional emails (account confirmation, password resets, billing receipts)

7.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Conduct A/B testing to optimize the Service
  • Monitor and improve the performance and reliability of the Service
  • Develop new features based on aggregated usage data

7.3 Security & Fraud Prevention

  • Detect, investigate, and prevent fraudulent or unauthorized activity
  • Monitor for security threats and vulnerabilities
  • Enforce our Terms of Service and Acceptable Use Policy
  • Protect the rights, property, and safety of our users and the public

7.4 Communications

  • Send service-related announcements (e.g., maintenance windows, policy changes)
  • Send marketing communications (only with your consent; you may opt out at any time)
  • Respond to your feedback, questions, and support requests

7.5 Legal Compliance

  • Comply with applicable laws, regulations, and legal processes
  • Respond to lawful requests from public authorities
  • Establish, exercise, or defend legal claims

8. Sharing & Disclosure of Information

We do not sell your personal information. We do not rent your personal information. We do not share your personal information with third parties for their own direct marketing purposes.

We may share your information only in the following limited circumstances:

  • Service Providers (Data Processors): We share information with carefully selected third-party vendors who perform services on our behalf, such as payment processing (Stripe), email delivery, cloud hosting, analytics, and customer support. These providers are contractually obligated to use your data only to perform services for us and to maintain appropriate security measures. We enter into Data Processing Agreements (DPAs) with all processors that handle personal data of EEA/UK residents.
  • Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process (such as a court order or subpoena), or governmental request. We will attempt to notify you of such requests unless prohibited by law or court order.
  • Protection of Rights: We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a government request.
  • Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you via email and/or a prominent notice on the Service of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.
  • With Your Consent: We may share information with third parties when you have given us explicit consent to do so.
  • Aggregated / De-Identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you. For example, we may share aggregated statistics about how users interact with the Service.

9. Financial & Payment Data

Given the financial nature of our Service, we want to be especially transparent about how we handle payment and financial data:

  • Credit Card Numbers: We never see, store, or have access to your full credit card number. All payment processing is handled directly by Stripe, which is PCI DSS Level 1 certified (the highest level of payment security certification).
  • What We Store: We store only the card brand (e.g., Visa, Mastercard), the last four digits of your card number, and the card expiration date — solely for your reference in your account settings.
  • Trading Data: We do not collect, store, or have access to your brokerage account information, trading history, portfolio holdings, or account balances. The Service does not connect to your brokerage account.
  • Alert Interaction Data: We may record which alerts you view, click, or interact with within the Service to improve the relevance and quality of future alerts. This data is used internally only and is not shared with third parties.

10. Data Retention Schedule

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The following table outlines our retention periods:

Data TypeRetention PeriodReason
Account InformationDuration of account + 30 days after deletion requestService delivery; grace period for account recovery
Billing & Transaction Records7 years after the transactionTax compliance, financial record-keeping, dispute resolution
Usage / Analytics Data26 months (anonymized after 14 months)Service improvement, trend analysis
Server Logs90 daysSecurity monitoring, debugging
Support Tickets3 years after resolutionQuality assurance, dispute resolution
Marketing Consent RecordsDuration of consent + 3 yearsProof of consent for regulatory compliance
Cookies (non-essential)Up to 2 years (varies by cookie)Analytics, preferences
Email Communications3 yearsRecord-keeping, dispute resolution

When data reaches the end of its retention period, it is securely deleted or irreversibly anonymized. You may request early deletion of your data by contacting us (see Section 21), subject to any legal obligations that require us to retain certain records.

11. Data Security Measures

We implement a comprehensive set of technical and organizational security measures to protect your personal information:

11.1 Technical Measures

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher (256-bit encryption).
  • Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption.
  • Password Security: User passwords are hashed using industry-standard bcrypt algorithms with salting. We never store passwords in plain text.
  • Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, using role-based access controls (RBAC).
  • Infrastructure Security: Our infrastructure is hosted on reputable cloud providers that maintain SOC 2 Type II and ISO 27001 certifications.
  • Vulnerability Management: We conduct regular security assessments and apply security patches promptly.

11.2 Organizational Measures

  • Employee access to personal data is limited and logged
  • All team members with access to personal data receive privacy and security training
  • Third-party service providers are vetted for security practices and bound by data processing agreements
  • We maintain an incident response plan for data security events

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to implementing and maintaining reasonable security measures appropriate to the nature of the data we process.

12. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will follow these procedures:

Our Breach Response Commitment

  • 1. Investigation (Within 24 hours): Upon discovering a potential breach, we will immediately initiate an investigation to determine the scope, nature, and severity of the incident. We will take immediate steps to contain the breach and prevent further unauthorized access.
  • 2. Regulatory Notification (Within 72 hours): In compliance with GDPR Article 33, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach that is likely to result in a risk to the rights and freedoms of individuals. For California residents, we will comply with California Civil Code Section 1798.82 notification requirements.
  • 3. User Notification (Without Undue Delay): If the breach is likely to result in a high risk to your rights and freedoms, we will notify affected users without undue delay via email to your registered email address. The notification will include:
    • A description of the nature of the breach
    • The categories and approximate number of individuals affected
    • The likely consequences of the breach
    • The measures taken or proposed to address the breach
    • Contact information for our DPO or privacy team
    • Recommendations for steps you can take to protect yourself
  • 4. Remediation: We will take all reasonable steps to mitigate the effects of the breach, which may include forced password resets, enhanced monitoring, credit monitoring services (if financial data is involved), and improvements to our security infrastructure.
  • 5. Post-Incident Review: After resolving the breach, we will conduct a thorough review to identify root causes and implement measures to prevent similar incidents in the future.

We also comply with all applicable state breach notification laws in the United States, which may require notification within specific timeframes depending on the state of residence of affected individuals.

13. International Data Transfers

MomentumTrading.ai is based in the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers of personal data from the EEA/UK to the United States or other countries not deemed to have adequate data protection by the European Commission, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses as the primary mechanism for transferring personal data outside the EEA/UK.
  • Data Processing Agreements: All third-party processors that handle EEA/UK personal data are bound by DPAs that include appropriate transfer mechanisms.
  • Supplementary Measures: Where necessary, we implement additional technical and organizational measures to ensure an essentially equivalent level of protection for transferred data.

By using the Service, you acknowledge that your information may be transferred internationally as described above. You may request a copy of the safeguards we use for international transfers by contacting our DPO.

14. Your Rights Under CCPA (California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information:

14.1 Your CCPA Rights

RightDescription
Right to KnowYou may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collecting, and the categories of third parties with whom we share it.
Right to DeleteYou may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., legal obligations, ongoing transactions, security purposes).
Right to CorrectYou may request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale/SharingYou have the right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share personal information as defined by the CCPA/CPRA.
Right to Limit Use of Sensitive DataYou may limit the use and disclosure of sensitive personal information to what is necessary for the Service.
Right to Non-DiscriminationWe will not discriminate against you for exercising any of your CCPA/CPRA rights. We will not deny you services, charge different prices, or provide a different quality of service.

14.2 CCPA Disclosure: Categories of Information

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers (name, email address, IP address)
  • Commercial information (subscription history, transaction records)
  • Internet or electronic network activity (browsing history, usage data)
  • Geolocation data (approximate location derived from IP address)
  • Inferences drawn from the above categories

We have not sold personal information in the preceding 12 months. We have shared personal information with service providers solely for business purposes as described in Section 8.

14.3 How to Exercise Your CCPA Rights

You may submit a verifiable consumer request by emailing [email protected] with the subject line "CCPA Request." We will verify your identity before processing your request by matching the information you provide with the information we have on file. We will respond to verifiable requests within 45 days. If we need additional time, we will notify you of the extension (up to an additional 45 days) and the reason for it.

You may also designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may require you to verify your identity directly.

15. Your Rights Under GDPR (EEA/UK Residents)

If you are a resident of the European Economic Area or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR provide you with the following rights:

RightDescriptionGDPR Article
Right of AccessRequest a copy of the personal data we hold about you, along with information about how it is processed.Art. 15
Right to RectificationRequest correction of inaccurate or incomplete personal data.Art. 16
Right to Erasure ("Right to be Forgotten")Request deletion of your personal data when it is no longer necessary, you withdraw consent, or you object to processing.Art. 17
Right to Restrict ProcessingRequest that we limit the processing of your data in certain circumstances (e.g., while we verify accuracy).Art. 18
Right to Data PortabilityReceive your personal data in a structured, commonly used, machine-readable format (JSON or CSV) and transmit it to another controller.Art. 20
Right to ObjectObject to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds.Art. 21
Right to Withdraw ConsentWithdraw consent at any time where processing is based on consent. Withdrawal does not affect the lawfulness of processing before withdrawal.Art. 7(3)
Right to Lodge a ComplaintLodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.Art. 77

To exercise any of these rights, please contact our Data Protection Officer at [email protected]. We will respond to your request within one month. If your request is complex or we receive a large number of requests, we may extend this period by up to two additional months, and we will notify you of the extension.

We will provide the requested information free of charge. However, we may charge a reasonable fee or refuse to act on requests that are manifestly unfounded or excessive.

16. Additional U.S. State Privacy Rights

In addition to California, several other U.S. states have enacted comprehensive privacy laws. If you are a resident of any of the following states, you may have additional rights:

  • Virginia (VCDPA): Right to access, correct, delete, obtain a copy of, and opt out of targeted advertising and profiling.
  • Colorado (CPA): Right to access, correct, delete, and opt out of targeted advertising, sale of personal data, and profiling.
  • Connecticut (CTDPA): Right to access, correct, delete, obtain a copy of, and opt out of targeted advertising and sale of personal data.
  • Utah (UCPA): Right to access, delete, and opt out of targeted advertising and sale of personal data.
  • Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and others: Similar rights to access, correct, delete, and opt out of certain data processing activities.

To exercise rights under any state privacy law, please contact us at [email protected] and specify the state law under which you are making your request. We will process your request in accordance with the applicable law.

17. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. There is currently no universally accepted standard for how companies should respond to DNT signals. At this time, we do not respond to DNT signals. However, you can manage your tracking preferences through the cookie management options described in Section 4.2 of this policy.

We support the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information under applicable state privacy laws.

19. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect, use, or disclose personal information from children under 18 (or under 16 in the EEA/UK). If we become aware that we have collected personal information from a child under the applicable age, we will take immediate steps to delete that information.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at [email protected] so that we can take appropriate action.

20. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

  • Material Changes: We will notify you via email to your registered email address and/or a prominent notice on the Service at least 30 days before the changes take effect. Material changes include modifications to the types of data collected, new sharing practices, or changes to your rights.
  • Non-Material Changes: We will update the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and request deletion of your account.

21. Contact Us & Exercise Your Rights

If you have any questions about this Privacy Policy, want to exercise your privacy rights, or have a complaint about our data practices, please contact us using the appropriate channel:

MomentumTrading.ai

Privacy rights requests (CCPA, state laws): [email protected]

GDPR / UK GDPR requests (Data Protection Officer): [email protected]

General privacy questions: [email protected]

General support: [email protected]

We aim to respond to all privacy-related inquiries within 30 days. For GDPR requests, we will respond within one month as required by law. For CCPA requests, we will respond within 45 days.

By using MomentumTrading.ai, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. This Privacy Policy should be read in conjunction with our Terms of Service and Risk Disclosure & Disclaimer.