Privacy Policy
As of: 30 June 2026
1. Controller
Investment Coins UG (haftungsbeschränkt)
Hiesfelderstr. 103 A, 46147 Oberhausen, Deutschland
Email: info@investment-coins.de
Phone: 0208 62 189 535
Where „we", „us" or „TriaTex" is used, this refers to Investment Coins UG (haftungsbeschränkt).
2. Data Protection Contact and Data Protection Officer
For data protection enquiries, please contact: info@investment-coins.de. Based on the information available to us, no Data Protection Officer has been appointed. Should one be appointed in the future, this Privacy Policy will be updated accordingly.
3. General Information on Data Processing
We process personal data only to the extent necessary for the operation of the TriaTex platform, the performance of the contract, the security of the system, payment processing, communication with users, or compliance with legal obligations.
The platform is used in particular for recording and analysing trading data, storing trading journals, uploading chart screenshots, using MT5-related trading data, and providing reports and features depending on the chosen plan.
We do not use third-party analytics, tracking or marketing cookies.
4. Categories of Personal Data
| Area | Data Categories | Legal Basis / Purpose |
|---|---|---|
| Registration and user account | Name, email address, password hash, user ID, subscription status, registration and login timestamps | Art. 6(1)(b) GDPR: account creation and management; Art. 6(1)(f) GDPR: security and abuse prevention |
| Phone number verification | Mobile number, verification status, timestamp, technical delivery information via Twilio Verify | Art. 6(1)(b) GDPR: account security; Art. 6(1)(f) GDPR: abuse and fraud prevention |
| Trading journal and MT5 data | Trades, sessions, notes, account number, balance, open positions, technical import data | Art. 6(1)(b) GDPR: provision of platform features |
| Screenshots | Chart screenshots uploaded by the user and metadata | Art. 6(1)(b) GDPR: storage and display in the trading journal |
| Payment and subscription | Stripe customer ID, payment status, billing data, plan, term; no full card data stored | Art. 6(1)(b) GDPR: payment processing; Art. 6(1)(c) GDPR: retention obligations |
| Contact form and email | Name, email address, message content, timestamp, technical delivery data | Art. 6(1)(f) GDPR; Art. 6(1)(b) GDPR where contract-relevant |
| Newsletter | Email address, sign-up timestamp, consent record | Art. 6(1)(a) GDPR: consent |
| Server logs | IP address, date and time, URL accessed, status code, browser information | Art. 6(1)(f) GDPR: operational security |
5. Registration, User Account and Password Storage
A user account is required to use the platform. Passwords are not stored in plain text but as a cryptographic hash. Password resets use a time-limited token.
Legal basis: Art. 6(1)(b) GDPR; security-related logging: Art. 6(1)(f) GDPR.
6. Phone Number Verification with Twilio Verify
To verify mobile phone numbers, we use Twilio Verify (Twilio Ireland Limited / Twilio Group). Your mobile number is transmitted to Twilio to provide a verification code by SMS.
Purpose: securing the registration, preventing multiple fraudulent accounts. Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR.
Twilio may process data in third countries (in particular the USA). Twilio provides a Data Protection Addendum and appropriate transfer mechanisms for this purpose.
7. MT5 Connection and Trading Data
When using the MT5 connection or an Expert Advisor, technical trading data (trades, sessions, account numbers, balance, open positions) is transmitted and stored. Names, broker data or other personal information should not be processed via MT5.
Legal basis: Art. 6(1)(b) GDPR. You are responsible for not uploading third-party data in notes, screenshots or free-text fields.
8. Uploading Chart Screenshots
Screenshots are associated with your user account and stored for display, analysis and documentation in the trading journal. Please ensure that screenshots do not contain unnecessary personal data, credentials, full account numbers, email addresses, third-party names or other confidential information.
Legal basis: Art. 6(1)(b) GDPR.
9. Pre-Market Scan Report and Twelve Data
For the pre-market scan report we use the API of Twelve Data Inc. The API call is made server-side without transmitting personal user data. Only market data (prices, OHLCV data) is retrieved. The results are temporarily stored on our servers and displayed to authorised users.
10. Payment Processing with Stripe
For paid subscriptions we use Stripe. Stripe processes payment data; we do not store complete credit card or bank data on our servers. We receive payment confirmations, status information, customer ID, subscription information and technical events.
Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(c) GDPR. Stripe may process data in third countries (in particular the USA); Stripe relies on standard contractual clauses.
11. Hosting, Server Operations and Database at IONOS
The platform is operated at IONOS on servers in Germany (Apache, MariaDB, no CDN). When accessed, the server processes IP address, date/time, URL accessed, status code, browser and device information and referrer information. Server logs are stored for a maximum of 7 days.
Legal basis: Art. 6(1)(f) GDPR. IONOS processes personal data on our behalf on the basis of a data processing agreement pursuant to Art. 28 GDPR.
12. Backups
Backups are stored exclusively on the same server and deleted after one month. Backups may contain personal data from user accounts, trading data, screenshots, payment status information and technical data. Restoration only takes place for system security, troubleshooting or recovery purposes.
Legal basis: Art. 6(1)(f) GDPR.
13. Contact Form and Email Communication
We process the submitted information (name, email address, message text, timestamp). The contact form is processed via PHP; emails are sent via our own SMTP server.
Legal basis: Art. 6(1)(f) GDPR; where contract-relevant also Art. 6(1)(b) GDPR. Requests are deleted after final processing.
14. Newsletter
We only send newsletters with consent. Legal basis: Art. 6(1)(a) GDPR. You may withdraw your consent at any time, in particular via the unsubscribe link or by email to info@investment-coins.de. After unsubscribing, the email address is removed from the active mailing list.
15. Cookies, Sessions and CSRF Protection
We use only technically necessary cookies: session cookies to maintain the login and CSRF tokens to protect forms. No third-party tracking, analytics or marketing cookies.
A cookie banner is generally not required based on this description. Legal basis: Art. 6(1)(b) GDPR; Art. 6(1)(f) GDPR.
16. Own Landing Page Analytics
Analytics are carried out internally only, without external tracking providers. Where data is analysed in anonymised or aggregated form, no personal data is involved. Where pseudonymous data is used: legal basis Art. 6(1)(f) GDPR. Legitimate interest: improving the platform without sharing data with external tracking providers.
17. Recipients and Processors
Data is shared only to the extent necessary. Recipients:
- IONOS (hosting)
- Stripe (payment processing)
- Twilio Verify (verification)
- Own SMTP server (email delivery)
- Twelve Data (market data, without personal user data)
- Authorities, courts or advisors (where legally required)
Data processing agreements pursuant to Art. 28 GDPR are concluded with service providers as required.
18. Transfers to Third Countries
Processing outside the EU/EEA takes place in particular with Stripe and Twilio. An adequate level of data protection is ensured through EU standard contractual clauses, data processing addenda or other appropriate transfer mechanisms. The specific legal basis depends on the respective contractual arrangement and provider account.
19. Retention Periods
- Account data: for the duration of the user account
- After account deletion: deletion within 30 days
- Invoice/payment data: up to 10 years (statutory retention obligation)
- Server logs: maximum 7 days
- Backups: 1 month
- Password reset tokens: after use or expiry
- Newsletter data: until withdrawal of consent
- Contact requests: after final processing
20. Obligation to Provide Personal Data
Without an email address, user account and password, the platform cannot be used. Phone number verification is a prerequisite for registration. Payment data is required for paid plans. Trading data, screenshots and notes are voluntary but required for the corresponding features.
21. Automated Decision-Making and Profiling
Automated decision-making including profiling within the meaning of Art. 22 GDPR does not take place. We do not provide automated investment decisions, financial advice or individual trading recommendations.
22. Security of Processing
Technical and organisational measures: TLS-encrypted data transmission, password hashing, access restrictions, backups, server-side security measures, protection mechanisms against abusive requests. Absolute security for internet-based transmissions cannot be guaranteed.
23. Your Rights as a Data Subject
You have the following rights against us:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection (Art. 21 GDPR)
- Withdrawal of consent
To exercise your rights, please contact: info@investment-coins.de
24. Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. The competent authority may be that of your place of residence, workplace or the place of the alleged infringement.
For NRW: State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
www.ldi.nrw.de
25. Changes to this Privacy Policy
We may amend this Privacy Policy if the platform, the service providers used, the legal situation or the actual data processing changes. The current version will always be available on the website.