1. Introduction

Welcome to Dr. Grand Trading. We are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

By accessing or using our services, you agree to this Privacy Policy. If you do not agree with our policies and practices, do not use our services.

2. Information We Collect

Personal Information

We collect personal information that you provide directly, including your name, email address, and authentication data when you create an account via Google OAuth. For payments, we process transaction details through NOWPayments for cryptocurrency payments, though we do not store your wallet addresses or private keys. We also collect information you provide when contacting us via Telegram or email, and your email address when you subscribe to our newsletter or competition notifications.

Automatically Collected Information

When you access our website, we automatically collect certain information including device type, operating system, browser type, and device fingerprint for security purposes. We also collect usage data such as pages visited, time spent on pages, click patterns, and navigation paths. Your IP address is collected for security, rate limiting, and fraud prevention. For details about cookies and tracking, please see our Cookie Policy.

3. Google API Services Usage Disclosure

Dr. Grand Trading uses Google OAuth for user authentication. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we limit our use of Google user data (name and email address) to providing authentication and account management features. We do not use Google user data for advertising purposes, and we do not transfer this data to third parties except as necessary to provide our services or as required by law.

4. Third-Party Services

We use the following third-party services that may collect data to provide and improve our services:

4a. AI Support Chat

Our support chat widget is powered by Claude, an AI assistant provided by Anthropic, PBC (a data subprocessor). When you send a message, the text of that message is transmitted to Anthropic's API so the model can generate a response. Anthropic processes this data under its own privacy and data-use terms.

Before any message leaves our servers, we automatically redact common personal identifiers. Email addresses, phone numbers, and payment-card numbers. And replace them with placeholders. We retain a server-side copy of the (redacted) conversation along with timestamps and token usage metrics for the purposes of abuse prevention, quality review, and cost monitoring. We do not use chat content to train AI models.

The chat assistant is not a human and cannot give personalised financial, investment, or tax advice. For anything account-specific or decision-making, please contact a Dr Grand mentor. If you are a registered user and want your chat history deleted, you can submit a GDPR Article 17 erasure request and we will remove your conversations and associated metadata.

5. How We Use Your Information

We use your information to provide and maintain our mentorship services, process payments and manage your subscription, and send you important updates about your account. With your consent, we send newsletters and competition notifications. We also use your data to prevent fraud and ensure platform security, enforce access controls and device limits, improve our services based on usage analytics, respond to your inquiries and support requests, and comply with legal obligations.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with third-party vendors who assist in operating our services (as listed above), when required by law or to protect our rights, in connection with a merger, acquisition, or sale of assets, and when you explicitly agree to share your information.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encrypted data transmission (HTTPS/TLS), secure authentication via Clerk with Google OAuth and 2FA for admins, Row Level Security on database tables, webhook signature verification for payment processing, rate limiting to prevent abuse, and regular security audits and monitoring via Sentry.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the right to access and request a copy of your personal data, rectify inaccurate or incomplete data, request erasure of your data (right to be forgotten), restrict how we use your data, receive your data in a portable format, object to processing based on legitimate interests, and withdraw consent at any time for consent-based processing.

To exercise these rights, contact us on Telegram. We will respond within 30 days.

9. Data Retention & International Transfers

We retain your personal data for as long as necessary to provide our services (lifetime access for purchased plans), comply with legal obligations, resolve disputes and enforce agreements, and maintain security and prevent fraud. Newsletter subscribers' data is retained until they unsubscribe.

Your data may be transferred to and processed in countries outside your residence. Our service providers (Clerk, Supabase, Vercel) may store data in the United States or other jurisdictions. We ensure appropriate safeguards are in place for such transfers.

10. Children's Privacy & Policy Changes

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.