Effective Date: July 2025
Enaria Technology LLC (“Enaria,” “we,” “us,” or “our”) is committed to protecting your privacy and handling your personal data with transparency and care. Enaria, a SaaS AI trading platform registered in the British Virgin Islands, provides AI computational power and membership services. By using our platform, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.
Important Note: Enaria is not a financial services provider. We do not offer brokerage or investment services, and we never hold or control client funds. All trading activity facilitated through our platform is executed via your own MetaTrader accounts (or other trading accounts) that you connect manually, typically through a Virtual Private Server (VPS) integration. Enaria only provides the technology and AI tools; you retain full custody of your funds and control of your trading accounts at all times.
The data controller responsible for your personal data is Enaria Technology LLC (BVI). If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at privacy@enaria.io. We take privacy inquiries seriously and will respond as promptly and thoroughly as possible.
This Privacy Policy applies to personal data collected through Enaria’s website, application, and services (collectively, the “Platform”). It covers how we and our partner service providers collect, use, share, and protect information in connection with the Platform. This Policy does not apply to any third-party websites or services that may be linked to our Platform or to services provided by third parties that we integrate with (such as identity verification or payment processors). Those third parties have their own privacy policies, and we encourage you to review them separately. Enaria’s services are intended for users who are 18 years of age or older. We do not knowingly allow minors to use our Platform or knowingly collect personal data from individuals under 18, and we will delete any such information if we become aware of it.
We only collect personal data that is necessary for the purposes described in this Policy. The types of personal data we may collect include:
Identity Data: Information that identifies you, such as your name, email address, phone number, and other contact details provided when you register an account or communicate with us. This also includes any identifiers you provide during Know-Your-Customer (KYC) verification (e.g. date of birth, nationality).
Account Credentials: Login information you use to access the Platform, such as username and password. Account authentication is handled by a third-party service (Clerk) that securely manages user sign-up and sign-in on our behalf. Clerk may collect your email, password, and any authentication tokens; however, these are protected and not visible to us in plain form. We do not have access to your actual password, and any sensitive authentication data is stored in encrypted form. For accounts where two-factor authentication (2FA) is enabled, you will generate a 2FA secret/key. Enaria does not store your 2FA secret keys or backup codes — it is your responsibility to securely store them. If you lose access to your 2FA device or codes, we cannot reset them for you. (Note: We also do not collect any biometric identifiers for authentication; any biometric login features on your device remain local to your device.)
Profile Information: Any additional information you choose to add to your profile on the Platform, such as a profile photo, preferences, or settings. Providing this information is optional and under your control.
Transaction Data: Information related to your activities on the Platform and purchases of our services. For example, we keep records of the membership plans or computational power packages you purchase, subscription start and end dates, and transaction history like invoices or payment confirmations. Note that Enaria itself does not process or hold your financial assets, but we maintain a record of the services you’ve obtained and their status. If our Platform interacts with your connected trading account (e.g. to deploy AI strategies via VPS), we may log certain transactional or performance data from those activities (such as trade signals or execution timestamps), but we do not directly execute trades or withdraw/deposit funds on your behalf.
Usage Data: Data about how you interact with our Platform. This includes your activities and behavior on the site/app: e.g. pages or features you access, time spent on the Platform, click streams, and actions taken (like settings changes or links clicked). We collect this to understand usage trends and improve user experience. Usage Data may be collected via analytics tools (like Google Analytics or Meta Pixel) and through cookies or similar technologies (see “Cookies and Tracking” below).
Device and Technical Data: Technical information automatically collected when you use the Platform. This includes your Internet Protocol (IP) address, Media Access Control (MAC) address of your device, your approximate geographic location at login (e.g. city/country derived from IP), browser type and version, device type, operating system, unique device identifiers or IDs, network information, and device event information (such as crashes or error logs). We collect this to secure the Platform and optimize compatibility for your device. We may also record log-in timestamps and usage logs linked to your account for security auditing.
Verification Data (KYC/AML): Information collected for identity verification and compliance purposes. Since KYC verification is mandatory to use our services, we (through our provider) will collect data such as your date of birth, physical address, national ID or passport details, photographs or scans of identification documents, proof of address (e.g. utility bill), and any information needed for Know-Your-Customer and Anti-Money Laundering checks. Important: Enaria uses a third-party KYC provider to handle the collection and verification of your KYC information. This means any personal documents or biometric data (for example, a facial recognition scan or selfie for ID verification) are provided directly to the KYC Provider via their secure channels. We receive from the KYC Provider only the results of the verification (e.g. pass/fail or verified status) and necessary details to approve your account. We do not store your raw ID documents or biometric identifiers on our systems; those are handled by the KYC Provider in accordance with their privacy safeguards. KYC completion is a prerequisite for accessing Enaria’s platform services, in line with legal requirements.
Communication Data: Records of your communications with us. If you contact Enaria support or we reach out to you with service-related communications, we may keep copies of correspondence such as emails, support tickets, chat logs, or call records. This helps us track issues and improve our customer service.
Payment and Financial Information: Enaria does not collect or store your sensitive payment details such as credit card numbers, bank account numbers, or cryptocurrency wallet private keys. All payments for our services (e.g. purchasing memberships or computational power) are handled through trusted third-party payment processors. For fiat/credit card payments, we use Payment Processor Card; for cryptocurrency transactions, we use Payment Processor Crypto. These processors will collect payment information directly from you to complete the transaction. Enaria itself receives only limited information in return – for instance, a confirmation that a payment was completed, the payment amount, and your account or order identifiers. We may also store billing contact info you provide (such as billing name, address, or tax ID if needed for invoicing) and records of the transactions (invoice numbers, amounts, dates) for accounting. But we never see or hold your full credit card number, bank details, or private crypto keys, and we do not process payments on our servers.
Cookies and Tracking Data: As you interact with our website, we use cookies and similar technologies to collect certain data (detailed in Cookies and Tracking below). This can include your cookie preferences and identifiers tied to your browsing session. Non-essential cookies (like analytics or advertising cookies) will only be set with your consent, per applicable law.
Sensitive Data: We do not intentionally collect any “special categories” of sensitive personal data about you (such as information about your health, genetic or biometric identifiers for identification, racial or ethnic origin, political opinions, etc.), unless it is absolutely required for our services and carried out with appropriate safeguards. For example, if biometric identification is required for KYC (such as a face match to your ID), it is handled by our KYC Provider under strict security controls – we do not directly store that biometric data. We also do not knowingly collect data from children under 18, as noted; our Platform is for adult use only. If you believe someone under 18 has provided us personal data, please contact us so we can delete it.
We use your personal data for the following purposes, and we will not process it in a manner incompatible with these purposes without your knowledge or consent:
Providing and Managing Your Account: We process Identity Data and Account Credentials to create and maintain your user account, authenticate you at login, and allow you to use the Platform’s features. For example, we use your email and password (via Clerk’s authentication system) to log you in securely, and use your Identity Data to personalize your account profile. We may contact you with account-related messages (like welcome emails, verification codes, or important notices about your account).
Providing the Platform Services: To operate the core services you request. We use the necessary personal data to enable the AI trading tools and computational services you sign up for. For instance, if you connect a MetaTrader account, we use your provided API or login details to integrate our AI strategies with your account (with your authorization). We use Transaction Data to keep track of the services you’ve purchased and to deliver those services (e.g. activating your membership or computing power allocation). If you initiate a payment or subscription, we use your data to facilitate that transaction through our payment processors and to confirm your purchase. In short, your data is used to fulfill our contract with you and provide the services and functionalities you expect.
Communications and Customer Support: To communicate with you about your account and respond to your inquiries. We will use your contact information to send service-related communications such as confirmations of transactions, notifications of software updates or changes to our terms, security alerts (e.g. new login to your account), and other administrative messages. If you reach out with questions or support requests, we will use your Communication Data to assist you and resolve issues, keeping records of our communications. These communications are considered part of the services and are necessary for customer care and informing you of important information.
Platform Improvement and Analytics: To analyze usage of the Platform and improve our services and user experience. We may use Usage Data and technical analytics (collected via cookies or third-party analytics tools) to understand how users interact with features, identify trends, debug problems, and optimize performance. For example, we might analyze which features are most used or where users encounter errors, so we can improve those areas. We also analyze aggregated usage patterns to make informed decisions about new features or content. This processing is in our legitimate interest to continually make our Platform better and more useful to our members.
Personalization: To personalize your experience on the Platform. We might use Profile Information, preferences, and cookie data to remember your settings and tailor the content you see. For instance, we may recall your preferred language, layout, or the type of content you engage with, in order to show you relevant information or settings by default. This makes the user experience more convenient and customized to you.
Marketing and Promotional Communications: To send you updates, newsletters, or offers about our products or related services, only if you have opted-in or if otherwise permitted by law. If you join our mailing list or consent to receive marketing, we will use your contact details to inform you of new features, promotions, or events related to Enaria that might interest you. You can withdraw your consent and opt-out of marketing emails at any time, and we will honor that choice (see “Your Rights” below). We may also use limited data (like your email or site activity) to show you relevant ads or messages on our or third-party platforms, but only in accordance with your advertising cookie preferences. We will not bombard you with marketing, and we won’t share your contact info with third-party advertisers without your consent.
Compliance and Legal Obligations: To comply with our legal and regulatory obligations. Enaria, as a company offering services in a regulated space (trading technology and membership services), must adhere to laws such as anti-money laundering (AML) and know-your-customer regulations, tax laws, and other applicable rules. We will use Verification Data (KYC information) to perform identity checks, prevent fraud, fulfill AML/Counter-Terrorist Financing requirements, and ensure we do not provide services to sanctioned or restricted individuals. We may also use and retain transaction records for accounting and tax reporting. When processing personal data to meet a legal obligation (e.g., responding to lawful requests, or keeping KYC records), we will only use the data necessary for that compliance. KYC completion is required before you can fully use our Platform, and this is done to satisfy legal regulations and protect the integrity of our services.
Security and Fraud Prevention: To secure our Platform, our users, and our systems. We continuously monitor for suspicious or unauthorized activities and use personal data to help prevent fraud, cyber-attacks, and other harmful acts. For example, we use Device/Technical Data (like IP, MAC address, geo-location) to detect if an unknown device or location is logging into your account, which helps us flag potential unauthorized access. We may use account and usage information to enforce 2FA policies or detect patterns of misuse. If we suspect fraud or a violation of our terms, we will investigate and may use relevant personal data (including identity and usage logs) to confirm facts and take action. This is done under our legitimate interest in keeping the Platform safe and secure for everyone.
Enforcing Terms and Legal Claims: To enforce our Terms of Service, Membership Agreement, or other user agreements, and to establish or defend legal claims. If necessary (for example, in the event of a dispute, debt collection, or legal proceeding), we will use personal information as evidence and to protect our rights. This may include using data to resolve complaints, address breach of contract, or cooperate with law enforcement or regulators if required. We will only share the minimum necessary data for such purposes and only when legally permitted or required.
Other Purposes: We will not use your personal data for any purposes that are unrelated to the above without obtaining your consent, unless otherwise permitted by law. If we ever need to process your data for a new purpose, we will update this Privacy Policy and notify you and/or obtain consent as required.
For individuals in the European Economic Area (EEA), United Kingdom, or other regions with similar laws, we rely on certain legal grounds to process your personal data under the General Data Protection Regulation (GDPR) and corresponding regulations:
Performance of a Contract (GDPR Art. 6(1)(b)): Most of our data processing is based on this legal basis. When you sign up for Enaria and agree to our terms, a contract is formed, and we must process your data to deliver the services you request. This includes using Identity Data and Account Data to create your account, Transaction Data to provide the purchased services, and so on. If you choose not to provide necessary information, we may not be able to provide the service or execute the contract with you.
Legitimate Interests (GDPR Art. 6(1)(f)): We process some data as needed for legitimate interests of our own or of third parties, provided these are not overridden by your data protection rights. Our legitimate interests include: improving and personalizing our platform (e.g. analyzing Usage Data to enhance features), ensuring the security of our services and preventing fraud, supporting our customers, and operating an efficient business. For example, using IP addresses to detect fraud, or using Usage Data to debug and improve user experience, are actions based on our legitimate interest in maintaining a reliable, safe service. When relying on this basis, we carefully consider and balance the potential impact on your rights.
Legal Obligation (GDPR Art. 6(1)(c)): In certain cases, we need to process data to comply with a legal obligation. For instance, retaining KYC and transaction records for anti-money laundering laws or financial regulations, responding to court orders or regulatory requests, or keeping proper business records for tax and accounting purposes. In such cases, the law is the basis for processing and we will limit use of the data to what is necessary for compliance.
Consent (GDPR Art. 6(1)(a)): We rely on your consent for specific, optional data processing activities. The clearest example is sending marketing communications or using non-essential cookies and trackers. We will ask for your consent before processing your data for these purposes (unless another basis applies). You have the right to withdraw consent at any time (e.g. unsubscribe from marketing emails or decline cookies), and we will stop the processing in question. Withdrawal of consent does not affect the lawfulness of processing we conducted prior to your withdrawal.
Other Bases: In very rare situations, we might process personal data under other legal bases recognized by GDPR: for example, to protect vital interests (Art. 6(1)(d)) if the processing is necessary to save someone’s life or prevent serious harm, or for tasks carried out in the public interest (Art. 6(1)(e)) if ever applicable to our services (not typical for Enaria’s operations). We would only rely on these bases if relevant and would inform you where appropriate.
We always ensure we have a lawful basis for processing your personal data. If you have questions about the legal basis for any specific processing, please contact us.
We treat your personal data with care and confidentiality. We do not sell your personal information to third parties. However, we do share your data with certain trusted third parties under the following circumstances, and only to the extent necessary for those purposes. Whenever we share data, we put in place appropriate safeguards and contractual measures (such as Data Processing Agreements under GDPR) to ensure your data is protected.
Service Providers (Processors): We share personal data with third-party companies that provide services on our behalf, to help us operate the Platform and support our business. These include:
Authentication Provider (Clerk): As noted, Clerk manages user authentication and account creation. When you sign up or log in, the necessary credentials and identity info are processed by Clerk’s systems. Clerk acts as our data processor for this function, and is contractually obligated to protect your data and use it only for authentication.
Identity Verification Provider : We transmit the personal data you submit for KYC (identification documents, etc.) to our KYC/AML service provider. They process this data strictly for verification and compliance screening, and report back to us. The KYC Provider is bound by confidentiality and data protection agreements, and will not use your information for other purposes.
Payment Processors: When you make payments, your data is shared with our payment processing partners. For example, if you pay by credit card, Payment Processor Card will receive your card details and billing information to process the transaction. If you pay in cryptocurrency, Payment Processor Crypto will handle your crypto address and transaction. These processors are independent controllers or processors of your payment data, and they have their own legal obligations (e.g. PCI DSS compliance for card security, or financial regulations). We share only the necessary information (such as your user ID or order number to match the payment). Importantly, we do not receive or store your sensitive payment details as the payment is completed on the processor’s side.
Data Hosting and Infrastructure: We use third-party hosting/cloud providers to store data and run our application (e.g. cloud servers or data centers). Personal data resides on those servers but is protected under our control. These providers may technically have access to data for maintenance or support, but they are not allowed to use or disclose it except as needed to provide the hosting service under strict confidentiality.
Analytics and Tracking Providers: We utilize tools like Google Analytics and Meta Pixel to collect Usage Data and metrics about how our Platform is used. These third-party analytics services set cookies or similar identifiers in your browser (with your consent) and compile reports for us on user interactions and advertisement effectiveness. We share certain online identifiers or events with these providers to help us analyze and improve our marketing and user experience. For instance, Google Analytics will receive your site usage information (anonymized IP, device info, pages viewed, etc.), and Meta Pixel might receive hashed identifiers to help us with advertising on Facebook/Meta platforms. These providers act as independent data controllers for their use of data in some cases (especially for their own analytics purposes), but we ensure any data sharing is done in compliance with privacy laws and with your consent via our cookie banner.
Customer Support and Communication Tools: We may use third-party platforms for customer support ticketing, live chat, or email communications (for example, an email delivery service or CRM). If you contact us or we send you emails, your contact details and message may pass through these providers. They are obligated to keep your data secure and only process it for our specified support purposes.
Other IT and Security Services: We might engage providers for services such as data backups, cybersecurity monitoring, DDoS protection, or software development tools that require limited access to systems containing personal data. Any such provider is carefully vetted and bound by strict data protection obligations. They cannot use your data for anything other than supporting our Platform as instructed by us.
All our service providers are given only the data necessary to perform their functions, and they are contractually required to protect it. If any service provider is located outside of certain jurisdictions (e.g. outside the EEA), we implement appropriate safeguards (see International Data Transfers below). Data Processing Agreements under GDPR Article 28 are in place where applicable to ensure your data remains secure.
Affiliates: If Enaria Technology LLC has affiliate entities or subsidiaries in the future, we may share your information within our corporate group for business and operational purposes. For example, if we establish an affiliate to provide a portion of the service or for internal administration, your data might be accessed by that affiliate. Any such affiliate will uphold the same privacy protections and use limitations as described in this Policy. (Currently, Enaria’s services are provided directly by Enaria Technology LLC, so sharing with affiliates is limited or not applicable if we have no affiliated entities.)
Business Partners: From time to time, Enaria might engage in joint offerings or partnerships with other organizations (for instance, co-hosting a webinar or a special promotion with a trading educator or broker). If you choose to participate or sign up for these joint offerings, we might share relevant information (like your name, email or user ID) with the partner to coordinate the service or promotion. We will do this only as necessary and typically with your knowledge and consent (e.g. if you register through a co-branded page that clearly states the partner’s involvement). The partner would be required to protect your data and use it only for the agreed purpose.
Legal Compliance and Protection: We may disclose personal data when required by law or when we in good faith believe it is necessary to comply with a legal obligation, protect our rights or the safety of our users or others, or respond to a government request. Examples include: responding to subpoenas, court orders, or lawful requests by authorities; sharing information with regulators or law enforcement for compliance (such as providing KYC information if formally requested by a financial regulator or investigative agency); or using data to investigate and defend against legal claims. If we receive a request for your data from a government or law enforcement agency, our policy is to review it carefully and only comply if it’s legally valid and necessary. Where allowed, we would inform you of such requests. We may also use or disclose data to enforce our Terms of Service or other agreements, or to detect and prevent fraud or security issues.
Corporate Transactions: If Enaria undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, your personal data may be transferred as part of that transaction. We would transfer only relevant data and will ensure that the recipient (the succeeding entity) honors your privacy rights in line with this Policy. If such a change in ownership or use of your personal data occurs, we will notify you (for example, via email or notice on our website) and outline any choices you may have.
With Your Consent or At Your Direction: Aside from the cases above, we will share your personal data with third parties if you request it or explicitly consent to it. For instance, if you integrate a third-party tool with Enaria or ask us to share data with another platform (perhaps exporting your data to another service), we will do so as directed. Similarly, if in the future our Platform offers social media integrations and you choose to share something on social media, we will share data with that platform per your action. In any such case, we will make it clear to you and will only proceed with your knowledge.
We ensure that any third party receiving personal data is subject to obligations to keep it confidential and to use it only for the purposes we’ve specified. Wherever feasible, we also share data in aggregated or anonymized form (so it cannot be linked back to you individually). If you have questions about third parties that may have access to your data, feel free to contact us for more information.
Cookies are small text files placed on your device when you visit a website. Like most online services, Enaria uses cookies and similar tracking technologies (such as web beacons or pixels) to enhance your experience, analyze usage, and for marketing purposes. We are mindful of your privacy and comply with applicable laws (GDPR, ePrivacy Directive, etc.) regarding cookies.
Types of Cookies We Use:
Essential Cookies: These are necessary for our website and services to function properly. They enable core features such as security, network management, and accessibility. For example, when you log in, we use session cookies to keep you logged in as you navigate the site. These cookies do not require consent as they are needed to provide the service you requested.
Analytics Cookies: These cookies collect information about how visitors use our site, such as which pages are most visited or whether users encounter errors. We use this data in aggregate form to improve the Platform’s performance and design. For instance, we use Google Analytics cookies to gather insights on user behavior. These cookies may track things like how long you stay on a page, what links you click, and general location information of visitors. The information is generally aggregated and does not directly identify you.
Advertising/Marketing Cookies: We may use cookies or pixels to deliver and measure advertising or promotional content. For example, the Meta (Facebook) Pixel on our site helps us understand the effectiveness of our Facebook ads by seeing if users who saw an ad then took an action on our site. These cookies can track when you visit certain pages or interact with our ads, and help us reach people who are likely to be interested in our services. We do not serve third-party banner ads, but we might use these trackers for our own marketing analytics.
Preference Cookies: These cookies remember your preferences (like language or region, or other settings) to provide a more personalized experience. They may be set when you change settings or fill in forms on our site.
Cookie Consent: In jurisdictions where it’s required, we will obtain your consent before setting any non-essential cookies or trackers on your device. When you first visit our site, you will see a cookie banner that allows you to opt-in to different categories of cookies. You can choose to accept all, or only certain types (e.g. just analytics but not marketing). No non-essential cookies will be activated unless you affirmatively consent (for example, by clicking “Accept” on the banner or selecting your preferences and confirming). We do not use pre-ticked boxes or assume consent from inactivity or mere continued use of the site, in accordance with GDPR requirements. You have the right to withdraw your consent or change your cookie settings at any time.
If you opt out of certain cookies, our site will honor your choice. Essential cookies (which are required for service) will remain, but analytics and marketing cookies will be disabled unless you consent to them.
Managing Cookies: You can manage or delete cookies through your browser settings as well. Most web browsers allow you to refuse new cookies, delete existing ones, or notify you when new cookies are set. Please note that if you disable all cookies (including essential cookies) via your browser, some features of our Platform may not function properly (for example, you might not be able to log in or use the service smoothly).
For more detailed information about our use of cookies and similar technologies, and the specific cookies we use, we will provide a detailed Cookie notice in the future. (At this time, this Privacy Policy includes the relevant information about cookies, and a separate Cookie Policy may be integrated later.)
Analytics and Tracking by Third Parties: As mentioned, we use Google Analytics, which may transfer some data to Google’s servers (we have configured it to anonymize IP addresses where applicable). We also use Meta Pixel which sends hashed data to Facebook’s servers. These third parties may set and read their own cookies on your device. The information generated by Google Analytics cookies about your use of the site is typically transmitted to Google servers (which could be outside your country). We have settings in place to respect Do Not Track signals and cookie consent choices for these tools. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on, and you can adjust your ad settings on social platforms to control personalized ads.
Do Not Track: At this time, our website does not respond to “Do Not Track” browser signals explicitly, because there is no uniform standard for DNT. However, we treat all users’ data with care and we let you fully opt out of tracking cookies via the consent banner.
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. This means we consider the type and sensitivity of the data, the purposes for which it is processed, and any legal or regulatory obligations to determine how long to keep it.
In general:
Account Data: We keep your account information and profile as long as you have an active account with us. You can see and update much of this information in your profile. If you choose to close your account, we will deactivate it and eventually delete or anonymize personal data associated with your account after the retention period (see below).
KYC and Compliance Data: Information collected for KYC/AML verification and transaction records may be retained for a certain period even after you close your account, due to legal obligations. For example, anti-money laundering laws in many jurisdictions require that customer identification records be kept for a minimum of five (5) years after the end of the customer relationship. Enaria adheres to such requirements, meaning that if you close your account or your service is terminated, we will retain necessary KYC data and related records for up to five years, or longer if required by law, to comply with these regulations.
Transaction & Payment Records: Similarly, we may retain records of payments, invoices, and transaction history for a certain time for tax, audit, and financial reporting obligations. Typically, financial records are kept for at least 5-7 years as required by accounting laws.
Communications and Support Records: We may keep communications you’ve had with us (such as support emails or chat logs) for a period of time after your account is closed, in case needed for dispute resolution or to improve our services. These would generally not be kept longer than necessary (commonly 2-3 years, unless still relevant to an ongoing issue).
Analytics Data: Usage Data that is collected via cookies/analytics may be retained in aggregate form after you use the site for statistical purposes. If we do store raw analytics logs, they are typically retained for a shorter period (e.g. 14 months by Google Analytics default) and/or anonymized.
When your personal data is no longer needed for the purpose it was collected, and we have no legal requirement to keep it, we will either securely delete or anonymize the data. For example, if you delete certain information from your profile, we remove it from active systems. When you delete your account or it is closed, we initiate the process of deleting or anonymizing data that is no longer required. If complete deletion is not immediately feasible (for instance, because the data is stored in a secure backup archive), we will isolate that data from any further processing and ensure it remains protected until the point it can be purged.
Please note, in specific cases we may retain data longer than the periods mentioned: (a) if there is an unresolved issue, dispute, or legal claim that requires us to keep the data (in which case, we’ll retain it until the issue is resolved), or (b) if a law or regulation requires us to keep data for a longer period. Once the retention period expires, we will delete or anonymize the data as appropriate.
Enaria takes the security of your personal data very seriously. We employ a variety of technical and organizational measures to protect your information from unauthorized access, loss, misuse, or alteration. These measures include:
Encryption: We protect data in transit and at rest with encryption. All communication between your browser/app and our servers is encrypted using industry-standard protocols like TLS/SSL (HTTPS). This means personal data is encrypted while it’s being sent to us. Additionally, we encrypt sensitive data at rest in our databases and storage, whenever feasible. For example, passwords are stored in hashed/encrypted form, and other sensitive fields may also be encrypted on disk. Encryption helps ensure that even if data were intercepted or accessed improperly, it would not be easily readable.
Access Control: Access to personal data is tightly restricted to only those personnel and service providers who have a “need to know” to perform their duties. Within our organization, only authorized staff (such as team members in charge of user support, compliance, or system administration) can access user personal data, and even then, only what they need. They are bound by confidentiality obligations and undergo training on data protection. Our third-party processors who handle data (like the KYC provider or hosting provider) are also contractually required to limit access and maintain confidentiality. We employ role-based access controls and authentication mechanisms to ensure that each employee or system accessing data is verified and permitted.
Network Security: We maintain firewalls and network segregation to protect our infrastructure. Firewalls help ensure that only legitimate traffic reaches our servers. We also use intrusion detection and prevention systems to monitor for suspicious activities or unauthorized access attempts. Our servers and databases are configured with security in mind, with up-to-date patches and hardened configurations to reduce vulnerabilities.
Threat Detection and Prevention: Enaria’s systems employ anti-virus and anti-malware solutions, as well as continuous security monitoring. We use tools to detect potential threats such as unauthorized logins, malware injections, or abnormal usage patterns. If an anomaly is detected, our security team is alerted to investigate and respond. We also utilize secure coding practices in our software development to minimize security bugs, and regularly update our software dependencies to patch known issues.
Regular Audits and Testing: We conduct periodic security audits, assessments, and penetration testing of our systems. This means we or independent security experts test our infrastructure and applications for vulnerabilities. Any identified issues are addressed promptly. We also review our compliance with security standards and best practices regularly. Enaria is committed to continuous improvement in security, including undergoing periodic compliance audits of our data protection practices and monitoring adherence to this Privacy Policy.
Incident Response: We have an incident/breach response plan in place. In the event of a data breach or any security incident affecting personal data, we will immediately act to contain and remedy the situation. We will also notify affected users and relevant authorities as required by law. Our plan outlines steps for communication, mitigation, and preventing future incidents. For example, if we discover a breach, we might prompt all users to reset passwords and will provide guidance on protective measures.
Physical Security: Although we are a cloud-based platform, any physical facilities (offices or data centers) where personal data may be stored are protected with appropriate access controls. Data centers used by our hosting providers have strict security (guard patrols, access badges, surveillance, etc.), and our own devices that may contain personal data (e.g., employee laptops) are encrypted and secured.
Organizational Policies: We maintain internal policies to safeguard data. This includes data handling procedures, incident management procedures, and regular training for our staff on cybersecurity and data privacy. We limit the printing or local storing of personal data and encourage a culture of security (e.g., using 2FA for internal systems, strong password policies, etc.). We also monitor our systems for compliance with these policies.
Despite our robust measures, it’s important to note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your personal data using commercially acceptable means, we cannot guarantee absolute security. Users also play a crucial role in keeping data safe. We urge you to use a strong, unique password for your Enaria account and to keep your login credentials confidential. Do not share your password or account access with others. If you believe your account has been compromised or detect any unusual activity, please notify us immediately so we can help secure your account.
Enaria is based in the British Virgin Islands (BVI) and our users may be located around the world. In order to provide our services, your personal data may be transferred to and stored in countries other than your own, including jurisdictions that may not have the same level of data protection laws as your home country. For example, our primary servers or service providers might be located in the European Union or other regions. Whenever we transfer personal data across international borders, we take steps to ensure it remains protected in line with this Policy and applicable law.
No Transfers to the United States: At this time, Enaria does not transfer personal data to the United States. We have structured our operations such that user data is stored and processed on servers outside the US, and we avoid using service providers that would require sending personal data to the US. (This is due to regulatory considerations and our commitment to user privacy given the legal climate around EU-US data transfers.) If in the future we consider engaging any US-based service providers or transferring data to the US, we will ensure appropriate safeguards are in place and update this Policy accordingly.
Transfers from EU/EEA or UK: If you are in the European Union (EU), European Economic Area (EEA), or the UK, and your data is transferred out of those regions (for example, to the BVI or any other country not deemed to have “adequate” data protection by the European Commission), we will implement appropriate safeguards as required by GDPR. These may include:
Standard Contractual Clauses (SCCs): We include the European Commission’s approved Standard Contractual Clauses in our contracts with non-EEA service providers or partners to ensure your data receives EU-level protection. The SCCs impose contractual obligations on the recipient to protect personal data.
Adequacy Decisions: Where we transfer data to a country that has been officially recognized by the EU as providing adequate data protection (for example, countries in the EU’s adequacy list), we rely on that decision as the transfer mechanism.
Additional Safeguards: We may apply encryption, pseudonymization, or other technical measures to data before transferring it, as needed, to ensure its security during transit and in the recipient country. We also carefully vet our international partners’ security practices.
Contractual and Organizational Measures: Our contracts with processors outside the EU/UK bind them to GDPR-level standards of data protection. We also perform periodic assessments of the risk of the data transfer and stay updated on any regulatory changes (such as new guidance on international transfers). If necessary, we will adopt supplementary measures recommended by authorities.
If you would like more information about international data transfers or copies of the SCCs or other safeguards we implement, you can contact us. We will provide information in accordance with legal requirements (some details may be redacted for confidentiality).
By using our Platform or submitting information to us, you acknowledge that your personal data may be transferred to, and stored in, countries other than your own as described above. Rest assured that all such transfers will be done in compliance with applicable privacy laws and with appropriate safeguards in place so that your data remains protected.
(Note: In addition to privacy considerations, please be aware that Enaria may restrict access to the Platform from certain jurisdictions for legal and regulatory reasons. If you are in a country that is sanctioned or otherwise restricted by our policies or by law, we cannot offer you the services. We do not knowingly collect data from individuals in any such prohibited regions. If we detect that an account is operating from a restricted country, we may have to suspend service and remove data in accordance with legal requirements. Currently, Enaria does not offer services to U.S. persons or to any jurisdiction where our operations would violate trade sanctions or local regulations.)
As a user of Enaria and as a data subject, you have certain rights regarding your personal data under GDPR and other data protection laws. We respect and uphold these rights. You can manage many aspects of your data through your account dashboard (for example, updating your profile or deleting certain information), and you can always contact us to exercise your rights. These rights include:
Right of Access: You have the right to ask if we are processing your personal data, and if so, to request a copy of the data we hold about you. This enables you to know and verify the lawfulness of our processing. We will provide a copy of your data in a commonly used electronic format (unless doing so would adversely affect the rights of others). For instance, you can request a report of all your personal info we maintain. In your Enaria dashboard, you may have a feature to view basic personal info; for a full export, you can contact us. We will provide this information free of charge, within a reasonable time (see below for timing).
Right to Rectification: You have the right to have inaccurate personal data corrected and incomplete data completed. If any of your information with us is outdated or incorrect (e.g. you’ve changed your phone number or there’s a typo in your name), please update it in your profile or ask us to update it. We encourage you to keep your profile information current. If there are details you cannot change through the platform, contact us and we will correct them as needed.
Right to Erasure (Right to be “Forgotten”): You have the right to request deletion of your personal data in certain circumstances. For example, if the data is no longer necessary for the purposes it was collected, or if you withdraw consent (for data that was based on consent) and we have no other legal basis to keep it, or if you object to processing and we have no overriding legitimate interest, you can request that we erase that data. You can also request deletion if you believe we are processing your data unlawfully or if a law requires erasure. Where applicable, you may have a self-service option to delete your account or specific content (which triggers deletion of related personal data). Important: This right is not absolute. We may not be able to delete data that we are legally required to keep (for example, KYC records we must retain for anti-money laundering laws) or data needed to establish or defend legal claims. If you request erasure, we will inform you if any data must be retained and why. Otherwise, we will comply and delete your data. Closing your account will put your data into a suppression state and we will delete applicable personal data after any required retention period.
Right to Restrict Processing: You have the right to request that we limit the processing of your data in certain scenarios. This means we can store the data but not actively use it until the restriction is lifted. You can request restriction if: (a) you contest the accuracy of your data (we’ll restrict processing while verifying accuracy); (b) the processing is unlawful and you oppose erasure and prefer restriction instead; (c) we no longer need the data but you need it for a legal claim; or (d) you have objected to processing (see right to object below) and we’re verifying whether our legitimate grounds override yours. When processing is restricted, we will mark the data and ensure it’s only used for those limited reasons (e.g. with your consent or for legal claims). We will inform you before lifting a restriction.
Right to Object: You have the right to object to our processing of your personal data when it is based on legitimate interests or public interest. If you object, you should explain your situation and why you believe our processing impacts your rights. We will then re-evaluate our reasons for processing and may either stop processing or let you know our compelling grounds that allow us to continue (if applicable). Importantly, you have an unconditional right to object to your data being used for direct marketing. If you opt out or object to marketing, we will stop using your data for that purpose immediately, with no exceptions. Objecting to analytics/processing based on legitimate interest (like certain analytics cookies) can be done via the cookie settings or by contacting us.
Right to Data Portability: Where we rely on your consent or a contract as the legal basis for processing, and the processing is carried out by automated means, you have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format, and to transmit it to another controller. In plain terms, this allows you to take your data (that you gave us) and move it elsewhere. We support data portability. In fact, from your “My Profile” dashboard, you can export certain data (for example, your profile info, transaction history, etc.) in formats like CSV or PDF for your own reuse. If you need assistance or a specialized export, let us know and we will provide your data in a suitable electronic format. If technically feasible, you can also request that we transfer the data directly to another company that you designate (this is subject to technical capability on both sides). Data portability rights apply to personal data you provided to us, not to data we generated internally.
Right to Withdraw Consent: If we are processing any of your data based on consent, you have the right to withdraw that consent at any time. This will not affect processing that has already occurred, but it will stop any future processing of the data for which consent was required. For example, if you gave consent for receiving our newsletter, you can unsubscribe at any time (or toggle off the consent in your profile settings), and we will cease sending you newsletters. Similarly, you can withdraw consent for non-essential cookies by updating your cookie preferences. Withdrawing consent may mean we can’t provide certain features (if they relied on consent), but there will be no penalty or effect on the core service.
Right to Lodge a Complaint: If you believe we have infringed your data protection rights or failed to comply with data protection laws, you have the right to file a complaint with a supervisory authority. If you are in the EEA, this would typically be your country’s Data Protection Authority; if in the UK, the ICO; if in BVI, the relevant privacy commissioner, etc. We ask that before you lodge a formal complaint, you consider reaching out to us first. We greatly value your privacy and would appreciate the opportunity to address your concerns directly and promptly. We will do our best to resolve any issue to your satisfaction. If you are not satisfied with our response, you can then approach the appropriate authority.
Exercising Your Rights: You can exercise many rights through your account settings (e.g. editing your data, opting out of marketing, downloading a copy of data, or deleting your account). For any rights that you cannot self-serve, please contact us at privacy@enaria.io with your request. For security, we may need to verify your identity before acting on certain requests, especially for access, portability, or deletion, to ensure we don’t disclose or modify your data at the request of someone else. Verification might involve confirming information we already have on file or asking for additional identification.
We will respond to your request as soon as possible and at least within one month as required by GDPR. If your request is complex or if you have made multiple requests, we are allowed to extend this period by up to two further months, but we will inform you within the first month if an extension is needed. In general, we will not charge a fee for fulfilling your rights. However, if a request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse to act on it, as permitted by law. We will of course explain our reasoning in such cases.
Also note that these rights are subject to certain legal limitations. For instance, if your request involves another person’s data, we might not be able to provide it without their consent. Or if you ask us to delete data that we are legally required to keep, we may have to deny that request but will do so only to the extent necessary and will inform you. We are committed to fulfilling your requests to the fullest extent possible and will communicate with you transparently throughout the process.
For clarity, we reiterate that Enaria provides a technology platform for AI-driven trading strategies and computational services only. We do not provide financial, investment, or brokerage services. Nothing on our Platform is intended as investment advice. Users retain their own brokers and trading accounts and make their own trading decisions (whether manually or by using our AI tools). Enaria does not hold, manage, or control your trading funds at any point – you connect your accounts to our software, and trading executions happen through those third-party accounts by your own authorization. This distinction means that any financial data related to your trading accounts is not collected by Enaria, beyond what is necessary for integration (such as an account ID or API key if you provide it). We do not see your account balance, and we cannot initiate withdrawals or transfers. Because we do not custody client assets, data about your actual funds or financial holdings is largely outside the scope of our Platform (and thus of this Privacy Policy). We only handle data about your usage of our service and your membership with us. Always use Enaria responsibly and be aware that trading involves risk that you solely bear. (This section is provided for transparency and does not modify the Privacy Policy’s core terms, but rather highlights the limited scope of our role regarding financial data.)
We may update or modify this Privacy Policy from time to time, especially as our services evolve or as laws and regulations change. If we make any material changes to how we collect, use, or share your personal data, we will notify you by appropriate means. For example, we might send an email to the address associated with your account or display a prominent notice on our website or user dashboard. We will also update the “Effective Date” at the top of the Policy to indicate when the latest changes took effect.
For minor changes that do not significantly affect your rights (such as clarifications or grammatical updates), we may update the Policy by posting the new version on our site with a new date, and those changes will become effective upon posting. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
If you do not agree with a new or revised Privacy Policy, you should stop using the Platform and may request that we delete your personal data (as per your rights described above). Continuing to use the Platform after the updated Policy has been made available will signify your acceptance of the changes, to the extent permitted by law.
If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:
Enaria Technology LLC (Data Controller)
Address: Palm Rd, Road Town, Tortola, British Virgin Islands
Email: privacy@enaria.io
We will do our best to address your inquiry promptly and transparently. Your privacy is important to us, and we welcome feedback or concerns about our data practices.
By using Enaria’s Platform, you acknowledge that you have read and understood this Privacy Policy. We thank you for trusting Enaria with your personal data and will continually work to keep that trust.