1. Who we are
COPIERA is a cloud-hosted futures trade copier, risk manager, and journaling platform operated by Copiera Oy. For the purposes of this policy, "COPIERA," "we," "us," and "our" refer to Copiera Oy, which is the data controller for personal data processed through the COPIERA service (the "Service"), unless stated otherwise.
Questions about this policy can be sent to info@copiera.io.
2. Scope of this policy
This policy applies to data we collect through our marketing site, the authenticated application (account, dashboard, journal, risk page, connections, affiliate portal), our transactional emails, and any signal-ingress endpoints used by your trading platforms or webhook providers.
It does not apply to third-party services you connect — your broker, your payment provider, or any data your trading platform sends us at your direction. Those services have their own privacy notices.
3. Data we collect
We collect only what is needed to run the Service. Specifically:
- Identifiers: name, email address, hashed password (bcrypt cost factor 12), and an internal user ID.
- Subscription data: plan tier, billing cycle (monthly or yearly), trial status, Stripe customer ID, last four digits of card, and invoice history. We never store full card numbers, CVV codes, or banking details — Stripe handles that.
- Broker connection data: broker name, account name, and broker account ID (where applicable). Detailed treatment of API keys/passwords appears in Section 4.
- Trading data: every copied fill, including symbol, side, quantity, price, and realized copied-trade P&L; open and closed positions; risk-lockout state; and an audit row per routed signal.
- Journal content: any notes you attach to trades.
- Affiliate / referral data: discount codes used at signup, affiliate accounts (if you operate one), and revenue-share calculations.
- Communications: support emails and any feedback you submit through the Service.
- Technical data: IP address (received during requests and hashed before first-party analytics storage), user-agent string, approximate location derived from IP where available, server logs, and rate-limiting telemetry.
4. Broker credentials
When you connect a broker account (Tradovate, Rithmic, CQG, TopstepX/ProjectX API, DXtrade, Volumetrica, or DxFeed), we store the credentials needed to place orders on your behalf. We treat these as the most sensitive data we hold, and they are protected as follows:
- Encrypted at rest with AES-256-GCM. The encryption key is 32 bytes (64 hex chars) and is loaded into the engine at startup; if the key is missing or invalid, the engine refuses to start.
- Decrypted only in memory when the engine is placing or canceling an order, validating a connection, or refreshing a broker auth token.
- Never written to logs, never printed in error messages, and never transmitted off our infrastructure except as part of an authenticated request to the broker that owns the account.
- Inaccessible to support staff during ordinary operation. Engineering staff with production access cannot retrieve plaintext credentials without the encryption key — and that key never appears in our codebase, source control, or backups.
- Broker OAuth tokens, when required for refresh (for example Tradovate), are stored encrypted at rest and decrypted only when the platform needs to refresh or use that broker session.
You can delete a connection at any time from /dashboard/connections. Deletion removes the encrypted credential from our live database immediately, subject to short-lived backup retention described in Section 9.
5. How we use your data
- Provide the Service: authenticate you, route copy-trade signals to your follower accounts, calculate realized copied-trade P&L, enforce risk lockouts, render your journal and dashboard.
- Process subscriptions: create and manage Stripe customers, charge for plans, apply affiliate discounts, deliver receipts.
- Communicate with you: account emails (welcome, password reset, billing notifications) and, with consent, occasional product updates.
- Operate and improve the Service: monitor performance, debug failed broker calls, detect abuse, and tune our engine and rate limits.
- Detect fraud and abuse: identify patterns of credential stuffing, payment fraud, free-trial abuse, and any attempt to overload our infrastructure.
- Comply with law: respond to lawful requests, meet tax and accounting obligations, and respond to data-subject requests.
We do not use your data for automated decision-making with legal or similarly significant effects. Risk lockouts are deterministic threshold checks based on your own configured limits and are reversible — they are not profiling.
6. Legal bases for processing (GDPR)
If you are in the EU/EEA or UK, we rely on the following legal bases under Articles 6 and 9 of the GDPR/UK GDPR:
- Performance of a contract — to provide the Service you have signed up for.
- Legitimate interests — to operate, secure, debug, and improve the Service; to detect fraud and abuse; and to communicate with affiliates.
- Legal obligation — to maintain tax records, respond to lawful requests, and comply with consumer-protection law.
- Consent — for optional marketing emails and any non-essential analytics; you can withdraw consent at any time.
8. International data transfers
Our infrastructure may process data in the United States and other regions. Where data collected from the EU/EEA or UK is transferred to a country without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant), supplemented by technical measures such as encryption in transit and at rest. You can request a summary of the safeguards in place by emailing info@copiera.io.
9. Data retention
- Account profile (name, email, hashed password): kept while the account exists; deleted from the live database when you delete your account, except where retention is required by law.
- Broker credentials: deleted from the live database immediately on connection deletion or account deletion. May persist in encrypted backups for up to 30 days, then are purged.
- Trades, copy positions, and execution audit log: kept for the life of the account so you can retrieve historical performance from your journal. On account deletion, deleted with the account.
- Subscription and invoice records: retained for at least 7 years to meet tax and accounting obligations, even after account deletion.
- Support emails and in-app feedback: retained while needed to support the Service. Closed support requests are normally retained for up to 24 months, unless deleted earlier through an account deletion or verified erasure request.
- Server access logs: retained for up to 90 days for security and debugging, then rotated out.
- Optional analytics: retained for up to 24 months in aggregate-friendly form after you accept analytics cookies. We store page path, click/event labels, referrer/UTM fields, user-agent, a session cookie, and a salted hash of IP address; we do not store raw IP addresses in the analytics tables. If Microsoft Clarity is configured, it may also collect heatmaps and session recordings after analytics consent.
- Database backups: rolling retention, typically up to 30 days. Backups are encrypted at rest and age out automatically.
10. Security measures
Specific technical and organizational controls in place include:
- Encryption at rest: broker credentials with AES-256-GCM (per-record IV + auth tag). Database backups encrypted at rest by the storage provider.
- Encryption in transit: TLS 1.2+ on all public endpoints, terminated by Caddy with automatic certificate rotation. The trading engine is not exposed to the public internet.
- Authentication: passwords hashed with bcrypt (cost factor 12). Password reset tokens are SHA-256 hashed in the database and expire after 60 minutes; the raw token is sent only via email.
- Rate limiting: per-IP and per-account limits on login, registration, password reset, checkout, and signal-ingress endpoints, backed by Redis.
- Webhook secrets and internal-token gating on engine endpoints, compared in constant time to prevent timing attacks.
- Stripe webhook signature verification; idempotent handling of every webhook event.
- Audit logging on every routed copy signal, including idempotency keys to prevent double-fills on broker retries.
- Network isolation: the engine accepts only authenticated requests from the frontend and from configured webhook sources.
- Principle of least privilege for staff access; production database credentials and the master encryption key are not stored in source control.
No system is impenetrable. We work to keep ours secure but cannot guarantee absolute security; users share responsibility by using strong passwords and protecting their email account, since email is the recovery channel.
12. Children's privacy
The Service is intended for adults at least 18 years old. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected data from someone under 18, we will delete it. Parents or guardians who believe their child has signed up can email info@copiera.io.
13. Your rights — EU/EEA / UK
If you are in the EU, EEA, or UK, you have the following rights under the GDPR/UK GDPR:
- Access — receive a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — request deletion of your data, subject to legal retention obligations.
- Restriction — restrict processing while a request is investigated.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests, including direct marketing.
- Withdraw consent — for any processing based on consent, at any time, without affecting prior lawful processing.
- Lodge a complaint — with your local supervisory authority.
You can download a machine-readable export and delete your account from /dashboard/account. You can also exercise any of these rights by emailing info@copiera.io. We respond within 30 days; complex requests may be extended by up to 60 additional days, with notice to you.
14. Your rights — California / US states
If you are a California resident, the CCPA/CPRA gives you the right to:
- Know what personal information we collect, the sources, the purposes, and the categories of recipients.
- Request deletion of personal information we have collected from you, subject to legal retention.
- Correct inaccurate personal information.
- Opt out of the sale or sharing of personal information (we do not sell or share for cross-context behavioral advertising).
- Limit the use and disclosure of sensitive personal information to what is necessary to provide the Service.
- Receive non-discriminatory treatment for exercising any of these rights.
We honor Global Privacy Control (GPC) browser signals as a valid opt-out. To submit a request, use the controls at /dashboard/account or email info@copiera.io from the email associated with your account; we will verify your identity before processing. We respond within 45 days, with one 45-day extension available for complex requests.
Residents of other US states with comprehensive privacy laws (Colorado, Connecticut, Virginia, Utah, Texas, Oregon, and others as enacted) have substantially similar rights, which we honor through the same process.
15. Do not sell or share
We do not sell personal information for money or other valuable consideration, and we do not share personal information for cross-context behavioral advertising. If this changes, we will post a clear notice and offer a working opt-out before the change takes effect.
16. Breach notification
If we discover a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours of becoming aware of it, in line with Article 33 of the GDPR. Where the breach is likely to result in a high risk to you specifically, we will notify you directly without undue delay, by email to the address on your account, with a description of the breach, the data involved, the measures we have taken, and what you should do.
17. Changes to this policy
We may update this policy as the Service evolves. When we make material changes — for example, adding a new third-party processor that handles personal data, or expanding our retention windows — we will email registered users at least 30 days before the change takes effect, and we will update the "Last updated" date above. Continued use of the Service after the effective date constitutes acceptance of the revised policy.
18. Contact
For privacy questions, data-subject requests, or breach reports, contact info@copiera.io. For general support, email info@copiera.io.