Privacy Policy

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website located at https://www.chartero.ai (the "Website") and our artificial intelligence-powered trading advisory platform and related services (collectively, the "Services").

This Privacy Policy is incorporated by reference into our Terms and Conditions and forms an integral part of your agreement with us.

For the purposes of applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the data controller is:

Futy Tech LTD
Company Number: 16850504
Registered Office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
United Kingdom
Email: dpo@chartero.ai
ICO Registration Number: ZC040677

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy or our data practices, please contact our DPO at:

Email: dpo@chartero.ai
Postal Address: Data Protection Officer, Futy Tech LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom

This Privacy Policy applies to:

• All visitors to our Website, whether registered or unregistered
• All registered users of our Services
• Anyone who communicates with us via email, contact forms, or other channels
• Information collected through cookies and similar technologies

This Privacy Policy does not apply to third-party websites, services, or applications that may be linked from our Services, even if accessible through our platform.

By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein. If you do not agree with this Privacy Policy, you must not use our Services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other reasons. We will notify you of material changes by:

• Posting the updated Privacy Policy on the Website with a new "Last Updated" date
• Sending an email notification to the address associated with your account (where applicable)
• Displaying a prominent notice on the Website

Your continued use of the Services after changes are posted constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

We collect several types of information from and about users of our Services, including:

2.1.1 Account Information

When you register for an account, we collect:

• Full name
• Email address
• Username and password (password is stored in encrypted form)
• Date of birth or age verification information
• Country of residence
• Phone number (if provided)
• Payment information (processed by third-party payment processors)
• Account preferences and settings

2.1.2 Profile Information

You may choose to provide additional profile information, including:

• Profile picture or avatar
• Biography or description
• Trading experience level
• Investment interests and preferences
• Risk tolerance indicators
• Preferred trading strategies
• Social media links

2.1.3 Financial and Trading Information

When you use our Services, we may collect:

• Portfolio holdings and positions
• Trading history and transaction data
• Watchlists and favorite securities
• Market alerts and notifications preferences
• Investment goals and objectives
• Brokerage account connections (if you choose to link external accounts)
• Financial data imported from third-party services

Important Note: We do not collect or store your brokerage account credentials, trading passwords, or sensitive financial account information. Any integration with brokerage accounts is performed through secure, encrypted third-party APIs with your explicit authorization.

2.1.4 Usage and Interaction Data

We automatically collect information about how you use our Services:

• Pages visited and features accessed
• Time spent on different sections
• Interactions with AI advisors (questions asked, responses viewed)
• Charts and analysis tools used
• Search queries and filters applied
• Clicks, scrolls, and navigation patterns
• Session duration and frequency of visits
• Device information and browser type
• Operating system and screen resolution
• Referral source and exit pages

2.1.5 Technical and Device Information

We collect technical information, including:

• IP address and approximate geographic location (city/region level)
• Browser type and version
• Device type, model, and operating system
• Unique device identifiers
• Network information and connection type
• Time zone and language preferences
• Cookie identifiers
• Error logs and diagnostic data

2.1.6 Communications Data

When you communicate with us, we collect:

• Contents of emails, messages, and support tickets
• Chat transcripts and customer service interactions
• Feedback, surveys, and testimonials
• Phone call recordings (with your consent, where required)
• Social media interactions and messages

2.1.7 Marketing and Preferences Data

We collect information about your marketing preferences:

• Email subscription status
• Communication preferences (frequency, topics)
• Marketing consent records
• Response to marketing campaigns
• Referral program participation

To respect your privacy and comply with regulations, we do not collect the following unless you voluntarily provide it:

• Government-issued identification numbers (e.g., social security numbers, national insurance numbers, passport numbers)
• Banking credentials or login information for external accounts
• Credit card numbers (these are processed by third-party payment processors and never stored on our servers)
• Precise real-time geolocation (we only collect approximate location based on IP address)
• Biometric data
• Health information
• Religious or philosophical beliefs
• Political opinions or affiliations
• Trade union membership
• Genetic or biometric data
• Information about criminal convictions or offenses

2.3.1 Information You Provide Directly

• Registration and account setup forms
• Profile updates and settings changes
• User-generated content (watchlists, notes, charts)
• Contact forms and email communications
• Survey responses and feedback forms
• Subscription and payment processes

2.3.2 Automated Collection Technologies

• Cookies (see Section 8 for detailed information)
• Web beacons and pixel tags
• Session replay technology (with anonymization)
• Analytics tools (Google Analytics, etc.)
• Log files and server logs
• JavaScript and similar technologies

2.3.3 Third-Party Sources

We may receive information from:

• Authentication services (Google, Facebook, Apple Sign-In)
• Payment processors (Stripe, PayPal)
• Market data providers
• Fraud detection and prevention services
• Analytics providers
• Advertising networks
• Public databases and records
• Business partners and affiliates

2.3.4 Information from Linked Accounts

If you choose to link third-party accounts (e.g., brokerage accounts, financial platforms), we receive:

• Account balances and holdings
• Transaction history
• Performance metrics
• Account identifiers (not credentials)

Such information is only collected with your explicit authorization and in accordance with the third party's terms of service.

We use your personal information for the following purposes:

3.1.1 Service Provision and Account Management

• Create, maintain, and manage your account
• Authenticate your identity and secure your account
• Provide access to Services and features
• Process transactions and subscriptions
• Deliver AI-generated analysis and insights
• Provide customer support and respond to inquiries
• Send service-related notifications and updates
• Facilitate portfolio tracking and analysis
• Enable social features and user interactions

3.1.2 Service Improvement and Development

• Analyze usage patterns and trends
• Conduct research and development
• Test new features and functionalities
• Train and improve AI models and algorithms
• Optimize user interface and user experience
• Debug errors and resolve technical issues
• Perform quality assurance and testing
• Develop new products and services

3.1.3 Personalization and Customization

• Tailor content and recommendations to your interests
• Customize AI advisor responses based on your profile
• Remember your preferences and settings
• Provide personalized market insights
• Display relevant content and features
• Create customized dashboards and views

3.1.4 Communication and Marketing

• Send newsletters and educational content
• Deliver promotional offers and updates
• Conduct surveys and request feedback
• Send administrative notices and updates
• Announce new features and enhancements
• Invite participation in events or programs

You may opt out of marketing communications at any time (see Section 6.1).

3.1.5 Security and Fraud Prevention

• Detect and prevent fraud, abuse, and unauthorized access
• Monitor for suspicious activity and security threats
• Enforce our Terms and Conditions
• Protect the rights, property, and safety of Chartero.ai, users, and third parties
• Investigate and respond to security incidents
• Maintain audit trails and access logs
• Comply with legal obligations and court orders

3.1.6 Analytics and Aggregated Data

• Create aggregated, anonymized statistics
• Analyze market trends and user behavior
• Generate reports and insights
• Benchmark and performance analysis
• Research and academic purposes
• Share industry insights (in anonymized form)

3.1.7 Legal and Regulatory Compliance

• Comply with applicable laws and regulations
• Respond to legal requests and court orders
• Enforce our Terms and Conditions
• Resolve disputes and legal claims
• Maintain records as required by law
• Report to regulatory authorities when necessary

We rely on the following legal bases for processing your personal information:

3.2.1 Contractual Necessity

Processing is necessary to perform our contract with you (providing the Services as described in our Terms and Conditions).

3.2.2 Legitimate Interests

Processing is necessary for our legitimate business interests, including:

• Providing and improving our Services
• Ensuring security and preventing fraud
• Marketing our products and services
• Conducting research and development
• Operating our business efficiently

We balance these interests against your rights and will not process your data where your interests override ours.

3.2.3 Consent

For certain processing activities, we rely on your explicit consent, including:

• Marketing communications (where required)
• Cookies and tracking technologies (where required)
• Sharing data with specific third parties
• Processing special categories of data (if applicable)

You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

3.2.4 Legal Obligation

Processing is necessary to comply with legal obligations, such as:

• Tax and accounting requirements
• Responding to lawful requests from authorities
• Complying with court orders and legal proceedings

We may share your personal information with the following categories of recipients:

4.1.1 Service Providers and Processors

We engage third-party companies and individuals to perform functions on our behalf, including:

• Cloud Hosting Providers: Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform for hosting and storage
• Payment Processors: Stripe, PayPal, or other payment gateways for processing payments
• Email Service Providers: SendGrid, Mailchimp, or similar services for email delivery
• Analytics Providers: Google Analytics, Mixpanel, Amplitude for usage analytics
• Customer Support Tools: Zendesk, Intercom, or similar platforms
• Market Data Providers: Third-party financial data vendors
• Authentication Services: Auth0, Firebase Authentication
• Content Delivery Networks (CDNs): Cloudflare, Fastly
• Fraud Prevention Services: Anti-fraud and security vendors

These service providers have access to your personal information only to perform specific tasks on our behalf and are obligated not to disclose or use it for any other purpose. We have data processing agreements in place with these providers.

4.1.2 AI and Machine Learning Partners

We may share anonymized or pseudonymized data with:

• AI model training providers
• Machine learning infrastructure providers
• Natural language processing services
• Data labeling and annotation services

Personal information is anonymized or pseudonymized before sharing to protect your privacy.

4.1.3 Business Partners and Affiliates

• Affiliated companies within the Futy Tech LTD group
• Strategic partners with whom we jointly offer services
• Referral program partners
• Integration partners (with your consent)

4.1.4 Legal and Regulatory Authorities

We may disclose your information to:

• Law enforcement agencies
• Regulatory bodies (e.g., FCA, ICO)
• Courts and legal counsel
• Tax authorities
• Government agencies

When required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations
• Respond to lawful requests
• Protect our rights and property
• Prevent fraud or illegal activity
• Ensure the safety of users or the public

4.1.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred to the successor entity. We will notify you of any such change in ownership or control of your personal information.

4.1.6 Aggregated and Anonymized Data

We may share aggregated, de-identified, or anonymized data that cannot reasonably be used to identify you:

• With research partners and academic institutions
• In industry reports and publications
• With investors and stakeholders
• For marketing and promotional purposes
• With the general public

Our Services are operated from the United Kingdom. However, your personal information may be transferred to, stored, and processed in countries outside the UK and European Economic Area (EEA), including:

• United States (for cloud hosting and service providers)
• Other countries where our service providers are located

When we transfer personal information outside the UK/EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): Approved by the UK Information Commissioner's Office and European Commission
• Adequacy Decisions: Transferring to countries deemed to provide adequate data protection
• Binding Corporate Rules: For transfers within corporate groups
• Your Explicit Consent: Where required

You have the right to request information about the safeguards we use for international transfers by contacting our DPO.

We do not:

• Sell your personal information to third parties
• Rent or lease your personal information
• Share your information with advertisers for their direct marketing purposes without your consent
• Disclose your trading activity or portfolio holdings to unauthorized parties
• Share your information with competitors

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected and as required by law. Retention periods vary depending on the type of information:

5.1.1 Account Information

• Retained while your account is active
• Retained for up to 7 years after account closure for legal, tax, and accounting purposes
• Authentication logs retained for 12 months

5.1.2 Transaction and Payment Records

• Retained for at least 7 years to comply with tax and financial regulations
• Payment processor records subject to processor's retention policies

5.1.3 Usage and Analytics Data

• Raw log data retained for 12-24 months
• Aggregated analytics retained indefinitely (anonymized)

5.1.4 Communications and Support Records

• Customer support tickets retained for 5 years
• Email communications retained for 7 years
• Chat transcripts retained for 3 years

5.1.5 Marketing Data

• Retained until you unsubscribe or withdraw consent
• Suppression lists (to honor opt-outs) retained indefinitely

5.1.6 Legal and Compliance Records

• Retained as required by applicable laws (typically 7-10 years)
• Records related to legal claims retained until claim is resolved and applicable limitation periods expire

You may request deletion of your account and personal information at any time by:

• Accessing account settings and selecting "Delete Account"
• Contacting support@chartero.ai or dpo@chartero.ai

Upon account deletion:

• Your account will be deactivated immediately
• Personal information will be deleted within 30 days
• Some information may be retained for legal or legitimate business purposes as described in Section 5.1
• Anonymized data may be retained for analytics purposes

When we delete your information:

• Data is removed from active systems and production databases
• Backups containing your data are overwritten within 90 days
• Data is securely erased using industry-standard methods
• Deletion logs are maintained for audit purposes

We may retain certain information even after account deletion:

• Information required to be retained by law (e.g., financial records, tax documents)
• Information necessary to resolve disputes or enforce our Terms
• Information necessary to prevent fraud and ensure security
• Anonymized or aggregated data that cannot identify you
• Information contained in backup systems (deleted within 90 days)

Right to Opt Out: You have the right to opt out of receiving marketing communications from us at any time.

How to Opt Out:

• Click the "unsubscribe" link in any marketing email
• Log into your account and update your communication preferences
• Contact us at support@chartero.ai or dpo@chartero.ai

What Happens When You Opt Out:

• You will stop receiving promotional emails within 10 business days
• You will continue to receive essential service-related communications (e.g., security alerts, billing notices)
• Your opt-out preference is stored permanently to honor your choice

If you are located in the United Kingdom, you have the following rights under the UK GDPR:

6.2.1 Right of Access (Subject Access Request)

You have the right to obtain:

• Confirmation of whether we process your personal information
• A copy of your personal information
• Information about how we use and share your data

6.2.2 Right to Rectification

You have the right to:

• Correct inaccurate personal information
• Complete incomplete personal information

6.2.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal information when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw consent (where consent was the legal basis)
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

This right is not absolute and may be limited by legal retention requirements.

6.2.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal information when:

• You contest the accuracy of the data (during verification)
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data, but you need it for legal claims
• You have objected to processing (pending verification of legitimate grounds)

6.2.5 Right to Data Portability

You have the right to:

• Receive your personal information in a structured, commonly used, machine-readable format
• Transmit your data to another controller

This right applies when:

• Processing is based on consent or contract
• Processing is carried out by automated means

6.2.6 Right to Object

You have the right to object to processing of your personal information when:

• Processing is based on legitimate interests
• Processing is for direct marketing purposes (absolute right)
• Processing is for statistical or research purposes

6.2.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

Important Note: Our AI advisors provide informational content and do not make automated decisions that have legal effects or significantly affect you. You remain in control of all investment and trading decisions.

6.2.8 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of the above rights, please:

Email: dpo@chartero.ai

Subject Line: "Data Subject Rights Request - [Type of Request]"

Include:

• Your full name and email address associated with your account
• Description of the specific right you wish to exercise
• Any relevant details to help us locate your information

Response Time: We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the reasons for the delay.

Verification: We may require additional information to verify your identity before processing your request to ensure the security of your personal information.

Free of Charge: Exercising your rights is generally free of charge. However, we may charge a reasonable fee or refuse to act on a request if it is manifestly unfounded, excessive, or repetitive.

If you believe that we have not handled your personal information in accordance with the law, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: https://ico.org.uk
Online Reporting: https://ico.org.uk/make-a-complaint/

We encourage you to contact us first so that we can attempt to resolve your concerns directly.

We implement a range of technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction:

7.1.1 Technical Safeguards

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
• Encryption at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption
• Secure Authentication: Passwords are hashed using bcrypt or similar strong hashing algorithms
• Two-Factor Authentication (2FA): Available for enhanced account security
• Firewall Protection: Network firewalls protect our infrastructure from unauthorized access
• Intrusion Detection Systems: Automated monitoring for suspicious activity
• Regular Security Scanning: Vulnerability scans and penetration testing
• DDoS Protection: Mitigation measures against distributed denial-of-service attacks

7.1.2 Organizational Safeguards

• Access Controls: Strict role-based access controls limiting employee access to personal information
• Need-to-Know Basis: Employees only access data necessary for their job functions
• Employee Training: Regular security awareness and data protection training
• Background Checks: Screening of employees with access to sensitive data
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements
• Incident Response Plan: Documented procedures for responding to security incidents
• Data Minimization: We collect and retain only the data necessary for our purposes
• Regular Audits: Internal and external security audits

7.1.3 Infrastructure Security

• Secure Data Centers: Data hosted in reputable, certified data centers (ISO 27001, SOC 2)
• Physical Security: Data centers with 24/7 surveillance, access controls, and security personnel
• Redundancy and Backups: Regular encrypted backups stored in geographically distributed locations
• Disaster Recovery: Business continuity and disaster recovery plans in place

7.1.4 Third-Party Security

• Vendor Assessments: Due diligence on security practices of third-party service providers
• Data Processing Agreements: Contractual obligations requiring service providers to implement appropriate security measures
• Regular Reviews: Ongoing monitoring of third-party security compliance

While we implement robust security measures, you also play a critical role in protecting your information:

• Use Strong Passwords: Create unique, complex passwords for your account
• Enable Two-Factor Authentication: Activate 2FA for enhanced security
• Keep Credentials Confidential: Never share your password or account access
• Use Secure Networks: Avoid accessing your account on public or unsecured Wi-Fi
• Keep Software Updated: Ensure your device's operating system and browser are up to date
• Beware of Phishing: Be cautious of emails or messages requesting your credentials
• Log Out: Log out of your account when using shared or public devices
• Report Suspicious Activity: Notify us immediately if you suspect unauthorized access

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

• We will notify the ICO within 72 hours of becoming aware of the breach (as required by UK GDPR)
• We will notify affected users without undue delay

Notification will include:

• Description of the nature of the breach
• Categories and approximate number of affected users
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Contact details for further information

No Absolute Security: Despite our best efforts, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.

User Responsibility: You are responsible for maintaining the security of your account credentials. We are not liable for unauthorized access resulting from your failure to protect your password or enabling account access by others.

Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit a website. Cookies allow the website to recognize your device and store information about your preferences or actions.

8.2.1 Essential Cookies (Strictly Necessary)

These cookies are necessary for the Website to function and cannot be disabled. They include:

• Session Cookies: Maintain your session as you navigate the site
• Authentication Cookies: Remember that you are logged in
• Security Cookies: Detect authentication abuse and protect your account
• Load Balancing Cookies: Distribute traffic across servers

Legal Basis: These cookies are necessary to perform our contract with you (providing the Services).

8.2.2 Functional Cookies

These cookies enable enhanced functionality and personalization:

• Preference Cookies: Remember your settings (language, region, display preferences)
• Feature Cookies: Enable specific features you have activated
• Customization Cookies: Remember your customization choices

Legal Basis: These cookies are based on our legitimate interest in providing a personalized user experience. You can control these cookies through your browser settings.

8.2.3 Analytics and Performance Cookies

These cookies help us understand how visitors use the Website:

• Usage Analytics: Track pages visited, time spent, navigation patterns
• Performance Monitoring: Identify errors and loading times
• A/B Testing: Test different versions of features

Third-Party Analytics Providers:

• Google Analytics: Used to analyze website traffic and usage
• Mixpanel / Amplitude: Track user behavior and feature usage

Legal Basis: Legitimate interest in improving our Services. You can opt out through cookie settings or browser extensions.

8.2.4 Marketing and Advertising Cookies

These cookies are used for marketing purposes:

• Targeting Cookies: Deliver relevant advertisements
• Retargeting Cookies: Show ads to users who have visited our site
• Social Media Cookies: Enable social sharing and track ad performance

Legal Basis: Your consent (where required by law). You can manage these cookies through our cookie consent tool.

We may allow third-party service providers to place cookies on your device for the following purposes:

• Google Analytics: Website analytics
• Facebook Pixel: Ad targeting and measurement
• LinkedIn Insight Tag: Professional targeting
• Twitter Analytics: Social media integration
• Stripe / PayPal: Payment processing

These third parties have their own privacy policies governing their use of cookies. We do not control third-party cookies and recommend reviewing their privacy policies.

8.4.1 Web Beacons (Pixel Tags)

Small graphic images embedded in web pages or emails to track user actions, such as:

• Email open rates
• Click-through rates
• Page views

8.4.2 Local Storage

HTML5 local storage used to store data locally on your device, such as:

• Cached content for faster loading
• Draft messages or unsaved work
• User preferences

8.4.3 Session Replay Technology

We may use session replay tools (e.g., Hotjar, FullStory) to record anonymized user sessions for:

• Understanding user behavior
• Identifying usability issues
• Improving user experience

Privacy Protections: Sensitive information (passwords, payment details) is automatically masked and never recorded.

8.5.1 Cookie Consent Tool

When you first visit our Website, you will be presented with a cookie consent banner allowing you to:

• Accept all cookies
• Reject non-essential cookies
• Customize your cookie preferences

You can change your preferences at any time by clicking the "Cookie Settings" link in the footer of the Website.

8.5.2 Browser Settings

You can control cookies through your browser settings:

• Google Chrome: Settings > Privacy and security > Cookies and other site data
• Mozilla Firefox: Options > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and website data
• Microsoft Edge: Settings > Cookies and site permissions

8.5.3 Opt-Out Tools

• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative (NAI): https://optout.networkadvertising.org/
• European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/

8.5.4 Mobile Device Settings

• iOS: Settings > Privacy > Advertising > Limit Ad Tracking
• Android: Settings > Google > Ads > Opt out of Ads Personalization

If you disable or refuse cookies:

• Some features of the Website may not function properly
• You may need to re-enter information
• Personalization features will not work
• We may not be able to remember your preferences

Essential cookies cannot be disabled without preventing you from using the Services.

Some browsers have a "Do Not Track" (DNT) feature that signals websites that you do not want to be tracked. Currently, there is no universally accepted standard for how to respond to DNT signals. We do not currently respond to DNT browser signals.

Our Services are not intended for, and may not be used by, individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe that your child under 18 has provided us with personal information without your consent, please contact us immediately at dpo@chartero.ai. We will take steps to delete such information from our systems.

During account registration, users are required to confirm that they are at least 18 years of age. We may request additional verification if we have reason to believe a user is under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will:

• Immediately delete the account
• Erase all associated personal information
• Prevent future access to the Services

We reserve the right to modify this Privacy Policy at any time. When we make changes, we will:

• Update the "Last Updated" date at the top of this Privacy Policy
• Post the revised Privacy Policy on the Website
• Notify you of material changes via email (where we have your email address)
• Display a prominent notice on the Website for a reasonable period

For material changes that significantly affect how we use or share your personal information, we will:

• Provide at least 30 days' advance notice
• Request your consent where required by law
• Give you the opportunity to review the changes before they take effect

Your continued use of the Services after changes to this Privacy Policy are posted constitutes your acceptance of the revised Privacy Policy. If you do not agree to the changes, you must discontinue use of the Services and may request deletion of your account and personal information.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

Data Protection Officer
Email: dpo@chartero.ai
Subject: "Privacy Inquiry"

General Support
Email: support@chartero.ai
Subject: "Privacy Question"

Postal Address
Futy Tech LTD
Attention: Data Protection Officer
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
United Kingdom

ICO Registration
Registration Number: ZC040677
View our registration: https://ico.org.uk/ESDWebPages/Entry/ZC040677

We aim to respond to all privacy-related inquiries within:

• General inquiries: 5 business days
• Data subject rights requests: 30 days (may be extended by 60 days for complex requests)
• Security incident reports: 24 hours

If you are not satisfied with our response:

• Escalate within Chartero.ai: Request escalation to senior management at legal@chartero.ai
• Lodge a complaint with the ICO: Contact the Information Commissioner's Office as described in Section 6.4
• Seek legal advice: You have the right to seek independent legal counsel

If you are located in the United Kingdom or European Economic Area, you benefit from the rights and protections described throughout this Privacy Policy, including those under the UK GDPR and GDPR.

Supervisory Authority: Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113

If you are located in Turkey, you have rights under the Turkish Law on Protection of Personal Data (KVKK - Kişisel Verilerin Korunması Kanunu):

12.2.1 Additional Rights Under KVKK

• Right to be informed about the processing of your personal data
• Right to request information if your data has been processed
• Right to learn the purpose of processing and whether data is used accordingly
• Right to know third parties to whom your data has been transferred
• Right to request correction of incomplete or inaccurate data
• Right to request deletion or destruction of your data under certain conditions
• Right to request notification to third parties about correction, deletion, or destruction
• Right to object to adverse consequences from automated processing
• Right to claim compensation for damages arising from unlawful processing

12.2.2 Turkish Data Controller Contact

For Turkish residents, our local data controller contact information:

Contact Person: Futy Tech LTD
Email: dpo@chartero.ai
Language: Turkish and English supported

Personal Data Protection Authority (KVKK)
Website: https://www.kvkk.gov.tr
Application Portal: https://www.kvkk.gov.tr/Icerik/6649/Basvuru-Yap

12.2.3 Data Storage in Turkey

While our primary data processing occurs in the UK, we may use local service providers in Turkey. Data transfers comply with KVKK requirements.

12.2.4 Processing Under KVKK

We process your personal data in accordance with Article 5 of KVKK, which permits processing when:

• Explicitly provided for in laws
• Necessary for the establishment or performance of a contract
• Necessary to comply with legal obligations
• Made public by yourself
• Necessary for legitimate interests (not violating your fundamental rights)
• Explicit consent is obtained (where required)

If you are a resident of the United States, please note:

• We are not subject to U.S.-specific privacy laws (such as CCPA) as we are UK-based
• However, we respect privacy rights and will work with you to address concerns
• Some U.S. state laws may provide you with additional rights

If you are located outside the UK, EEA, or Turkey:

• Your personal information will be transferred to and processed in the UK
• We rely on appropriate safeguards for international transfers
• You may have rights under your local data protection laws
• Contact our DPO for information about your specific rights

When you interact with our AI advisors:

What We Collect:

• Questions and queries you ask
• AI-generated responses
• Conversation history and context
• Feedback on AI responses
• Time, date, and duration of interactions

How We Use It:

• Provide AI-generated insights and analysis
• Improve AI model accuracy and responses
• Train and refine our AI algorithms
• Analyze user intent and preferences
• Debug and resolve technical issues

Data Retention:

• Conversation logs: Retained for 12 months
• Training data (anonymized): Retained indefinitely
• Feedback data: Retained for 24 months

Your Rights:

• Request deletion of conversation history
• Opt out of data being used for AI training (contact DPO)
• Access your conversation data

When you use our portfolio tracking features:

What We Collect:

• Securities holdings and positions
• Transaction history
• Portfolio performance metrics
• Asset allocation data
• Cost basis and profit/loss information

How We Use It:

• Display portfolio performance and analytics
• Generate performance reports
• Provide personalized insights
• Compare against benchmarks
• Calculate tax implications (informational only)

Security Measures:

• Portfolio data encrypted at rest and in transit
• Access restricted to authorized personnel only
• Not shared with third parties without consent
• Regular security audits

Your Control:

• Disconnect brokerage integrations at any time
• Delete portfolio data from your account
• Export portfolio data (data portability)

When you access market data and charting tools:

What We Collect:

• Securities you search for and view
• Chart configurations and timeframes
• Technical indicators applied
• Drawing tools and annotations
• Watchlists and alerts

How We Use It:

• Provide real-time and historical market data
• Personalize content and recommendations
• Analyze popular securities and trends
• Improve charting features

Data Sources:

• Third-party market data providers
• Real-time and delayed data feeds
• Subject to exchange and provider terms

Disclaimer:

• Market data provided "as is" without warranties
• Data may be delayed or contain inaccuracies
• Not liable for trading decisions based on data

If we offer social or community features (forums, comments, profiles):

What We Collect:

• Public profile information
• Posts, comments, and interactions
• Followers and following lists
• Social connections

Visibility:

• Public profile information is visible to other users
• Posts and comments are publicly accessible
• You control what information is public

Moderation:

• Community content is subject to moderation
• We may remove content that violates Terms
• Repeat violators may have accounts suspended

Your Rights:

• Edit or delete your posts and comments
• Make your profile private
• Block or report other users

Version 1.0 - November 19, 2025

• Initial publication of Privacy Policy
• Comprehensive coverage of UK GDPR requirements
• Turkish KVKK compliance provisions
• ICO registration information included

This section will be updated to reflect material changes to this Privacy Policy. Previous versions may be requested by contacting our DPO.