At Whaleer OÜ ("Company", "we" or "Whaleer"), we take the privacy and security of your personal data very seriously.

This Privacy Policy explains how your personal data is collected, processed, stored and protected when you use the whaleer.com platform ("Platform").

Our Company is registered in the Republic of Estonia and is subject to the European Union General Data Protection Regulation (GDPR) and Estonian data protection legislation.

We may collect the following categories of personal data when you use our Platform:

Identity Information:

• Name, surname and email address

• Username and profile information

• Phone number (optional)

Account and Transaction Information:

• Exchange API keys (stored encrypted)

• Transaction history and bot activity logs

• Strategy and indicator data

• Subscription and payment information

Technical Data:

• IP address and geographic location

• Browser type and version

• Device information and operating system

• Platform usage statistics and session durations

We use the personal data we collect for the following purposes:

• Creating and managing your account

• Providing and improving automated trading services

• Processing Bot Market transactions

• Executing payment transactions

• Providing customer support services

• Ensuring platform security and preventing fraud

• Fulfilling our legal obligations

• Analyzing and improving our services

• Sending important updates and notifications

We process your personal data under the following legal bases within the scope of GDPR:

• Performance of Contract: Data processing activities necessary to provide our services (GDPR Article 6(1)(b))

• Legitimate Interest: Platform security, fraud prevention and service improvement (GDPR Article 6(1)(f))

• Legal Obligation: Meeting tax, accounting and regulatory requirements (GDPR Article 6(1)(c))

• Explicit Consent: Marketing communications and optional data processing activities (GDPR Article 6(1)(a))

We implement industry-standard security measures to protect your personal data:

• API keys are stored with AES-256 encryption

• All data communication is protected with SSL/TLS encryption

• Regular security audits and penetration testing are conducted

• Access control mechanisms prevent unauthorized access

• Databases are protected with daily backups

In the event of a security breach, we will notify the relevant supervisory authority within 72 hours and affected users in accordance with GDPR requirements.

We may share your personal data with third parties only in the following situations:

• Payment Processors: With secure payment infrastructure providers for processing your subscription payments

• Exchange API Connections: With exchanges for transmitting automated trade orders (transaction data only)

• Legal Requirements: In case of court order, legal regulation or competent authority request

• Service Providers: For server hosting, analytics and email delivery services (under data processing agreements)

When your personal data needs to be transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards (Standard Contractual Clauses, etc.) as required by GDPR are in place.

Our Platform uses cookies to improve your experience and provide our services:

Essential Cookies:

• Session management and authentication

• Security settings and language preferences

Analytics Cookies:

• Platform usage statistics

• Performance measurements and error tracking

You can disable cookies through your browser settings, but this may cause some features of the Platform to not function properly.

We retain your personal data for the duration required by the purpose of collection or within the scope of our legal obligations:

• Account information: As long as your account is active and 30 days after account closure

• Transaction history: 5 years in accordance with legal and regulatory requirements

• Technical logs: 12 months

• Payment records: 7 years in accordance with tax legislation

Data whose retention period has expired is securely deleted or anonymized.

Under GDPR, you have the following rights:

• Right of Access: You can request access to personal data processed about you.

• Right to Rectification: You can request correction of inaccurate or incomplete personal data.

• Right to Erasure (Right to be Forgotten): You can request deletion of your personal data under certain conditions.

• Right to Restriction of Processing: You can restrict the processing of your data in certain situations.

• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used and machine-readable format.

• Right to Object: You can object to data processing activities based on legitimate interest.

To exercise these rights, contact us at whaleertrading@gmail.com. Your requests will be responded to within 30 days at the latest.

Our Platform is not intended for individuals under the age of 18.

We do not knowingly collect personal data from individuals under the age of 18. If we become aware that we have collected personal data from a child under 18, we will delete this data immediately.

If you believe that a child's personal data has been collected, please contact us.

We may update this Privacy Policy from time to time.

• Significant changes will be communicated via email and/or through the Platform at least 30 days before they take effect.

• The effective date of the updated policy will be stated at the top of the page.

• Continuing to use the Platform after changes constitutes acceptance of the updated Privacy Policy.

Data Controller: Whaleer OÜ

Headquarters: Tallinn, Estonia

For your questions and requests regarding privacy:

• Email: whaleertrading@gmail.com

• Phone: +90 552 285 34 67

Additionally, if you have concerns about the processing of your data, you have the right to file a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).