image

Privacy Policy

Last Updated: October 30, 2025

Overview

At TickHint, we respect your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, and safeguard your data when you use our algorithmic trading platform at www.tickhint.com.

We've designed our practices to collect only the minimal information necessary to provide you with our services. We do not sell your data, we don't show advertisements, and we employ industry-standard security measures to protect your information.

Who We Are

TickHint is operated by ALPITY LTD, a company registered in Cyprus. We are a technology provider specializing in algorithmic trading platforms. We are not a broker, financial advisor, investment manager, or exchange. We provide software tools that enable you to create, test, and deploy trading strategies through third-party broker integrations.

ALPITY LTD

Registration Number: [To be provided by legal team]

Registered Office: [Cyprus address to be provided]

Email: privacy@tickhint.com

Legal Inquiries: legal@tickhint.com

Consent Management

We respect your right to control how your data is processed. When you first visit TickHint, you'll be presented with a consent banner that allows you to:

  • Accept All: Enable all cookies (Essential, Analytics, Marketing, Functional) to help us improve our platform.
  • Reject All: Disable all non-essential cookies while keeping essential functionality.
  • Customize: Choose specific types of cookies you want to allow (4 categories available).

You can change your consent preferences at any time by visiting our Consent Settings page. Your preferences are stored locally on your device and will be respected across all your sessions.

Information We Collect

We collect and process the following limited information:

  • Account Information: When you register, we receive your email address and display name from Azure AD B2C, our authentication service provider. We do not store your passwords or any other authentication credentials.
  • Usage Data: We collect anonymized data about how you use our platform, such as features accessed, trading strategies created, and backtests run. This information helps us improve our services and troubleshoot issues.
  • Trading Strategies: The trading strategies, algorithms, and related code you create and store on our platform. You retain full ownership and copyright of your strategies.
  • Backtest Results: Data generated when you test your trading strategies against historical market data, including performance metrics, trade logs, and statistical analysis.
  • Trading Session Data (Live Trading): When you deploy strategies to live or paper trading, we collect:
    • Trading session metadata (start/stop times, trading mode, strategy version)
    • Performance metrics (P&L, returns, Sharpe ratio, drawdown)
    • Order history and execution data (for session analysis and debugging)
    • Position and portfolio data (for risk monitoring)
  • Broker Connection Credentials: API keys, OAuth tokens, and account identifiers for third-party broker integrations. These are encrypted using envelope encryption with Azure Key Vault and stored with military-grade security.
  • Consent Decisions (Audit Trail): Records of your consent decisions for live trading deployment, cookie preferences, and data processing agreements, including timestamps, IP addresses, and consent versions (retained for 7 years per regulatory requirements).
  • Communications: If you contact us, we may keep records of that correspondence for customer support purposes.

Live Trading and Broker Integrations

TickHint enables you to connect your strategies to third-party brokers (e.g., Alpaca Markets) for live and paper trading. This integration requires specific data handling practices:

Data Shared with Brokers

When you deploy a strategy to live or paper trading, the following data is transmitted to your connected broker:

  • Trading Orders: Buy/sell orders generated by your strategy (symbol, quantity, price, order type)
  • Account Queries: Requests for account balance, positions, and order status
  • Authentication Credentials: API keys or OAuth tokens you provide (transmitted securely via HTTPS)

Important: TickHint acts as a conduit between your strategy and the broker. We do not control how brokers process your data. Please review your broker's privacy policy (e.g., Alpaca Privacy Policy).

User Consent Requirements (MiFID II Compliance)

Before deploying any strategy to live or paper trading, you must explicitly consent to:

  • Reviewing the strategy code and understanding its logic
  • Backtesting the strategy and analyzing performance metrics
  • Paper trading the strategy (recommended minimum 30 days)
  • Understanding the risk of financial loss
  • Accepting sole responsibility for trading decisions (not TickHint's advice)
  • Acknowledging TickHint provides technology only (not financial advice)
  • Understanding you can pause or stop strategies anytime
  • Accepting the broker's terms of service

Your consent decisions are logged with timestamps, IP addresses, and consent policy versions for regulatory compliance (7-year retention). Consent expires after 24 hours for security purposes.

Broker Connection Security

We protect your broker credentials using:

  • Envelope Encryption: Credentials encrypted with master key stored in Azure Key Vault
  • Access Controls: Only your user account can decrypt your credentials
  • HTTPS Transmission: All broker API calls transmitted over TLS 1.3
  • Zero-Knowledge Architecture: TickHint staff cannot access your decrypted credentials

How We Use Your Information

We use your information for the following specific purposes:

  • To provide, maintain, and improve the TickHint platform and services
  • To process and complete transactions, and send related information including confirmations and notifications
  • To execute your trading strategies through broker integrations (when you deploy to live/paper trading)
  • To monitor trading sessions for technical issues and provide debugging support
  • To respond to your comments, questions, and customer service requests
  • To send technical notices, updates, security alerts, and administrative messages
  • To enforce our Terms of Service and prevent fraudulent or suspicious trading activity
  • To monitor and analyze usage trends to improve our website's functionality and user experience
  • To comply with legal obligations and regulatory requirements (e.g., MiFID II audit trails)

We will never: Use your data for automated decision-making that affects you financially without your explicit consent, sell your personal data to third parties, or use your trading strategies for our own trading activities.

Authentication & Security

TickHint uses Microsoft Azure AD B2C for authentication services. This means:

  • Your authentication credentials (passwords) are never stored by TickHint
  • Authentication is handled through Azure AD B2C's secure protocols (OAuth 2.0, OpenID Connect)
  • We only receive the minimal information needed to identify you (email and display name)
  • Multi-factor authentication (MFA) is available for enhanced security

For more information about how Azure AD B2C handles your authentication data, please refer to Microsoft's privacy policies.

Analytics & Cookies

With your consent, we use analytics services to understand how our users engage with TickHint and to improve our platform. We now support 4 cookie categories that you can manage independently:

1. Essential Cookies (Always Active)

These cookies are necessary for the website to function and cannot be disabled. They enable core functionality such as:

  • Authentication and session management
  • Security features and CSRF protection
  • Cookie consent preferences (stored locally)

2. Analytics Cookies (Optional)

With your consent, we use Google Analytics and Microsoft Clarity to understand website usage patterns.

Google Analytics helps us understand:

  • Pages visited and time spent on each page
  • Traffic sources and referral information
  • Browser and device information
  • Geographic location (country/city level only)

Microsoft Clarity provides user session insights through:

  • Mouse movements, clicks, and scroll behavior
  • Page interactions and user journey paths
  • Form interactions (without capturing sensitive data like passwords or API keys)
  • Page performance metrics

3. Marketing Cookies (Optional - NEW)

Enable us to provide you with relevant advertisements and marketing communications:

  • Email campaign optimization and engagement tracking
  • Promotional content personalization
  • Advertising platform integration (when enabled)

You can unsubscribe from marketing emails at any time using the unsubscribe link in each email.

4. Functional Cookies (Optional - NEW)

Enable enhanced functionality and personalization features:

  • Live chat widget and customer support integration
  • Personalized dashboard layouts and saved preferences
  • UI customizations (theme, language, display options)

Cookie Management

You have full control over all cookie categories:

  • Optional cookies (Analytics, Marketing, Functional) are only loaded after you provide explicit consent
  • You can withdraw consent at any time through our Consent Settings page
  • Essential cookies for core functionality cannot be disabled but do not track your behavior
  • Your consent preferences are stored locally (localStorage) and respected across all sessions
  • Consent decisions are versioned (current version: 2) - you may be asked to re-consent if our cookie policy changes

For more information about how these services handle data:

Data Storage and Security

We take data security seriously and implement appropriate technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

  • Encryption at Rest: All sensitive data encrypted using AES-256
  • Encryption in Transit: TLS 1.3 for all communications
  • Azure Key Vault: Centralized secret management with HSM-backed keys
  • Access Controls: Role-based access control (RBAC) and principle of least privilege
  • Audit Logging: Comprehensive activity logs for security monitoring
  • Regular Security Audits: Periodic penetration testing and vulnerability assessments

Your data is stored on Microsoft Azure secure servers in EU data centers (compliance with GDPR data residency requirements).

While we work hard to protect your information, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and broker API keys.

Data Sharing and Third Parties

TickHint does not sell, rent, or lease your personal information to third parties. We may share your information in the following limited circumstances:

  • Third-Party Brokers: When you deploy strategies to live/paper trading, order and authentication data is transmitted to your selected broker (e.g., Alpaca Markets). This is necessary to execute your trading strategies. We do not control how brokers process your data.
  • Service Providers: We may share information with third-party vendors who perform services on our behalf:
    • Microsoft Azure (cloud hosting, authentication, key management)
    • Azure Communication Services (transactional emails)
    • Google Analytics and Microsoft Clarity (analytics, with your consent)
    These providers are contractually obligated to protect your data and use it only for specified purposes.
  • Compliance with Laws: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order, regulatory investigation, or government agency request). This includes compliance with MiFID II, GDPR, and Cyprus law.
  • Business Transfers: If TickHint is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email and/or prominent notice on our website of any change in ownership or data handling practices.
  • With Your Consent: We may share your information for other purposes if we have obtained your explicit consent to do so.

Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal information:

  • Right to Access (Article 15): Request a copy of the personal information we hold about you
  • Right to Rectification (Article 16): Request correction of inaccurate personal information
  • Right to Erasure (Article 17): Request deletion of your personal information ("right to be forgotten")
  • Right to Restrict Processing (Article 18): Request restriction of how we process your data
  • Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
  • Right to Object (Article 21): Object to our processing of your personal information
  • Right to Withdraw Consent (Article 7): Withdraw consent for data processing at any time (cookie consent, analytics, marketing)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your rights

To exercise any of these rights, please contact us at privacy@tickhint.com. We will respond within 30 days as required by GDPR Article 12(3). For cookie preferences, use our Consent Settings page for immediate updates.

Note: Some rights may be limited by legal obligations (e.g., we must retain consent audit trails for 7 years per MiFID II).

Retention of Information

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Specific Retention Periods:

  • Account Data: Retained while your account is active, deleted within 30 days of account closure
  • Trading Strategies and Backtests: Retained while your account is active, deleted within 30 days of account closure
  • Trading Session Logs: 7 years (regulatory requirement per MiFID II Article 16)
  • Consent Records (Live Trading, Data Processing): 7 years (regulatory requirement per MiFID II and GDPR Article 7)
  • Cookie Consent Preferences: Stored locally on your device until you clear browser data or withdraw consent
  • Anonymized Analytics Data: Indefinitely (cannot be linked back to you personally)
  • Communication Records: 3 years for customer support purposes

If you delete your account, we will delete your personal information within 30 days, except where longer retention is required by law (e.g., trading session logs). Anonymized usage data may be retained indefinitely if you previously consented to analytics cookies.

Risk Disclosure

TickHint provides technology for algorithmic trading. Before using our live trading features, you must understand:

  • Past Performance Is Not Indicative of Future Results: Backtesting results do not guarantee future profitability. Market conditions change and strategies may fail in live trading.
  • Algorithmic Trading Involves Risk of Loss: You can lose part or all of your investment. Strategies may malfunction, lose internet connectivity, or encounter technical errors. Only trade with capital you can afford to lose.
  • No Financial Advice: TickHint does not provide investment advice, financial planning, or trading recommendations. We are a technology provider only. All trading decisions are your sole responsibility.
  • Independent Decision Making: You should seek independent financial advice from a qualified advisor before trading. You are responsible for understanding the risks and ensuring strategies operate as intended.
  • No Broker Relationship: TickHint is not a broker, exchange, custodian, or investment manager. We facilitate connections to third-party brokers (e.g., Alpaca Markets) but do not execute trades directly.
  • Monitoring Responsibility: You are responsible for monitoring your strategies and pausing/stopping them if needed. We provide emergency stop mechanisms but cannot guarantee instant execution.

For full terms, see our Risk Disclosure Statement and Terms of Service.

Children's Privacy

TickHint is not intended for use by children under the age of 18. Algorithmic trading involves financial risk and requires legal capacity to enter contracts. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@tickhint.com so that we can take appropriate action to remove that information.

International Transfers

TickHint is based in Cyprus (European Union) and processes data primarily within the EU/EEA region. Your information may be transferred to and processed in countries other than your own, including:

  • United States: When using third-party brokers (e.g., Alpaca Markets) or analytics services (Google Analytics, Microsoft Clarity)
  • Other Azure Regions: For redundancy and disaster recovery purposes

We ensure that such transfers are conducted in accordance with applicable data protection laws (GDPR Chapter V) and provide appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements (DPAs) with all third-party processors
  • Adequacy decisions (e.g., EU-US Data Privacy Framework where applicable)

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post the revised policy on this page with an updated "Last Updated" date.

Notification of Material Changes:

  • If we make material changes to how we treat your personal information, we will notify you via email or prominent notice on the website
  • Changes to cookie categories or consent requirements may require you to review and update your preferences
  • You will be asked to re-consent to the updated policy when logging in after material changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ALPITY LTD

Data Protection Officer: [To be designated]

Email: privacy@tickhint.com

Legal Inquiries: legal@tickhint.com

Registered Office: [Cyprus address to be provided by legal team]

For specific inquiries:

Cookie Preferences: Consent Settings Page

Data Subject Rights Requests: privacy@tickhint.com

Security Issues: security@tickhint.com

Response Time: We will respond to all privacy inquiries within 30 days as required by GDPR Article 12(3). For urgent security issues, please use the security email for faster response.

Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

  • Contract Performance (Article 6(1)(b)): To provide trading platform services, execute strategies, and fulfill our Terms of Service
  • Consent (Article 6(1)(a)): For analytics cookies, marketing communications, and non-essential data processing (you can withdraw anytime)
  • Legal Obligation (Article 6(1)(c)): To comply with MiFID II, anti-money laundering (AML), and regulatory reporting requirements
  • Legitimate Interests (Article 6(1)(f)): To improve our services, prevent fraud, and ensure platform security (where not overridden by your rights)