Data Usage Policy

This Data Usage Policy ("Policy") describes how Stackorithm LLC ("Stackorithm," "we," "us," or "our") collects, processes, stores, and manages data submitted by our business clients ("Clients") through our B2B SaaS platform. Stackorithm provides AI-powered behavioral detection and risk-scoring analytics for trading businesses, including proprietary trading firms, forex brokerages, and CRM platforms.

This Policy applies to all trade data, account identifiers, and related information submitted to the Stackorithm platform via API integration, file upload, or any other data ingestion method. It is intended to provide Clients with transparency regarding our data handling practices and to establish the responsibilities of both parties with respect to data governance.

Stackorithm LLC is incorporated in Saint Vincent and the Grenadines. This Policy, and any disputes arising from or relating to it, shall be governed by and construed in accordance with the laws of England and Wales.

By submitting data to the Stackorithm platform, Clients acknowledge that they have read, understood, and agreed to the terms of this Policy. Clients accessing the platform on behalf of a business entity represent that they have the authority to bind that entity to this Policy.

Stackorithm collects and processes data submitted by Clients for the purpose of performing behavioral detection and risk-scoring analysis. The categories of data we collect include the following:

Trade Data: Order records, deal identifiers, trade volumes, instrument types, entry and exit timestamps, trade direction (buy/sell), position sizes, profit and loss figures, and other structured trading activity data.

Account-Level Identifiers: Pseudonymous or anonymized account identifiers, trader reference codes, and similar non-personal identifiers used by Clients to associate trade records with specific trading accounts within their systems.

Technical Metadata: Submission timestamps, API request identifiers, file checksums, data format specifications, and other metadata associated with data ingestion.

Data is submitted to Stackorithm exclusively by Clients through authorized channels. We do not collect trade data directly from individual traders, nor do we access Client systems to extract data without explicit Client authorization. Clients retain full control over what data is submitted and when.

Stackorithm does not require, request, or process personally identifiable information ("PII") such as names, addresses, national identification numbers, financial account numbers, or contact details of individual traders. Clients are solely responsible for ensuring that submitted data is appropriately anonymized or pseudonymized before transmission to our platform.

Stackorithm processes submitted trade data for the following purposes, as contracted with each Client:

Behavioral Detection: Identifying trading patterns and behaviors such as gambling-style trading, martingale strategies, high-frequency trading, news-event trading, copy trading, hedging patterns, and other behaviors defined in the Client's service agreement.

Risk Scoring: Generating confidence scores and risk assessments that indicate the likelihood of specific behaviors based on statistical analysis of trade patterns.

Pattern Analysis: Analyzing sequences of trades, timing correlations, and other structural characteristics to detect coordinated activity, anomalous patterns, or potential rule violations as defined by the Client.

Report Generation: Producing analytical reports, visualizations, and data exports that summarize detection results and risk assessments for Client review.

All processing is performed in accordance with the specific detection parameters and thresholds established in each Client's service agreement. Stackorithm does not use processed data to make autonomous decisions affecting individual traders. All analytical outputs are delivered to Clients for their own evaluation and decision-making.

Stackorithm maintains strict logical separation between Client data environments to prevent unauthorized access or data co-mingling.

Logical Segregation: Each Client's data is stored in logically isolated environments. Database schemas, access credentials, and processing pipelines are configured to ensure that one Client's data cannot be accessed by another Client or by any unauthorized party.

Access Controls: Access to Client data by Stackorithm personnel is restricted to authorized individuals with a documented operational need. All access is logged and subject to periodic review.

No Co-Mingling: Trade data submitted by one Client is never combined, merged, or aggregated with trade data from another Client for any purpose, including model training, except as part of the Cross-Firm Detection Service described in this Policy, where participating Clients have provided explicit written consent through a Cross-Firm Detection Agreement or addendum and subject to appropriate anonymization measures as described therein.

Environment Boundaries: Analytical processing for each Client is performed within that Client's isolated environment. Detection models and scoring algorithms may be shared across Clients as part of the platform's standard functionality, but the data inputs and outputs remain strictly segregated.

Clients may request documentation regarding our data isolation practices by contacting [email protected].

Cross-Firm Detection is an optional analytical service that identifies trading patterns, behaviors, or correlations that span multiple Client platforms. This section governs the terms under which Stackorithm may analyze anonymized trade data across participating Clients to deliver cross-firm detection outputs.

Participation: Cross-Firm Detection is available only to Clients who have provided explicit written consent to participate in the service through a separate Cross-Firm Detection Agreement or an addendum to their service agreement. Participation is voluntary and may be revoked at any time upon written notice to [email protected].

Anonymization Standards: All trade data used in cross-firm detection undergoes rigorous anonymization before comparison. Account identifiers, Client identifiers, and any fields that could be used to attribute patterns to specific Clients or trading accounts are removed or obfuscated. Stackorithm employs industry-standard anonymization techniques, including k-anonymity and differential privacy measures, to prevent re-identification of participating Clients or individual traders.

Cross-Firm Pattern Detection: When a trading pattern or behavior (such as hedging, copy trading, or multi-homing across platforms) is detected across the anonymized data of two or more participating Clients, Stackorithm generates a cross-firm detection output. These outputs identify the type of pattern detected and the number of participating firms exhibiting that pattern, but do not disclose the identity, raw trade data, or specific account information of any participating Client.

Bilateral Notification: When cross-firm activity is detected, Stackorithm will notify all affected participating Clients of the detection. Each affected Client receives only the detection output (pattern type and confidence assessment) and a notification that their anonymized data was included in the cross-firm analysis. No Client receives another Client's raw trade data, identifiers, or specific trade records.

Confidentiality of Cross-Firm Outputs: Cross-firm detection outputs are treated as confidential information of the affected Clients and of Stackorithm. Clients may not disclose cross-firm detection outputs to third parties, except as required by applicable law or regulation. Clients must implement appropriate safeguards to protect cross-firm detection outputs from unauthorized access or disclosure.

Non-Participating Clients: Trade data submitted by Clients who have not consented to Cross-Firm Detection is never included in cross-firm analysis, regardless of whether other participating Clients have submitted data that may relate to the same traders or trading patterns. The identity of participating Clients and the contents of their trade data remain confidential and are not disclosed to other participating or non-participating Clients.

Stackorithm retains submitted trade data and analytical outputs in accordance with the retention periods specified in each Client's service agreement. In the absence of a contractually specified retention period, the following default retention practices apply:

Active Accounts: Trade data and analytical outputs are retained for the duration of the active service agreement plus a transition period of ninety (90) days following termination to facilitate data export and transition.

Post-Termination: Following the transition period, submitted trade data is scheduled for secure deletion. Clients may request expedited deletion by providing written notice to [email protected].

Anonymization Option: Clients may request that their submitted trade data be anonymized rather than deleted. Anonymization removes all account-level identifiers and any fields that could be used to associate trade records with specific accounts, rendering the data non-attributable. Anonymized data may be retained for aggregate statistical purposes.

Legal Holds: Retention periods may be extended if required by applicable law, regulatory requirement, or to support ongoing litigation, audit, or dispute resolution. We will notify Clients of any such extension to the extent permitted by law.

Deletion Confirmation: Upon completion of a deletion request, Stackorithm will provide written confirmation to the Client specifying the categories of data deleted and the date of deletion.

Stackorithm implements technical and organizational security measures designed to protect Client data against unauthorized access, disclosure, alteration, or destruction.

Encryption in Transit: All data transmitted between Client systems and the Stackorithm platform is encrypted using Transport Layer Security (TLS). API endpoints require HTTPS connections; unencrypted connections are rejected.

Encryption at Rest: Trade data and analytical outputs stored on our infrastructure are encrypted at rest using industry-standard encryption algorithms.

Access Controls: Access to production systems and Client data is restricted through role-based access controls, multi-factor authentication for administrative access, and the principle of least privilege.

Infrastructure Security: Our data infrastructure is hosted in the EU region and is subject to the security policies and controls of our infrastructure provider. We conduct periodic security assessments and maintain documented incident response procedures.

Credential Security: API credentials and authentication tokens are generated using cryptographically secure methods. Clients are responsible for maintaining the confidentiality of their credentials and should rotate them periodically in accordance with security best practices.

While Stackorithm takes reasonable measures to protect Client data, no security system is impenetrable. Clients should promptly notify us at [email protected] if they suspect unauthorized access to their account or data.

Stackorithm continuously improves its detection algorithms and machine learning models to enhance the accuracy and effectiveness of our analytical services. Our approach to model improvement respects Client data ownership and confidentiality.

Opt-In Only: Client-submitted trade data is not used for model training or algorithm development unless the Client has provided explicit written consent through an opt-in mechanism in their service agreement or a separate data usage authorization.

Aggregation and Anonymization: When Clients opt in to model improvement programs, their data is aggregated with data from other participating Clients and anonymized before use. Anonymization removes account identifiers, Client identifiers, and any fields that could be used to attribute patterns to specific Clients or trading accounts.

No Reconstruction: Aggregated and anonymized data used for model improvement is processed in a manner that prevents reconstruction of Client-specific trade data or identification of individual trading patterns attributable to a specific Client.

Opt-Out: Clients who have previously opted in to model improvement programs may opt out at any time by providing written notice to [email protected]. Upon receiving an opt-out request, we will cease using that Client's data for model improvement within thirty (30) days.

Model improvement using aggregated, anonymized data benefits all platform users through enhanced detection accuracy and reduced false positive rates.

Clients are responsible for ensuring that data submitted to the Stackorithm platform meets the following requirements:

Data Accuracy: Clients warrant that submitted trade data accurately reflects the trading activity it purports to represent. Inaccurate or fabricated data may compromise the validity of analytical outputs.

Appropriate Anonymization: Clients are solely responsible for ensuring that submitted data does not contain PII or other sensitive personal information of individual traders, unless such submission is expressly authorized under applicable law and the Client's service agreement. Stackorithm is not designed to process PII and assumes no responsibility for PII submitted without authorization.

Lawful Submission: Clients warrant that they have the legal authority to submit the data they provide to Stackorithm and that such submission does not violate any applicable law, regulation, contractual obligation, or third-party rights.

Credential Security: Clients are responsible for maintaining the security of their API credentials, dashboard login credentials, and any access tokens issued by Stackorithm. Clients should implement appropriate access controls within their own organizations and promptly revoke credentials for departing personnel.

Compliance with Service Terms: Clients agree to use the Stackorithm platform in accordance with the terms of their service agreement and this Policy. Misuse of the platform, including submission of data for unauthorized purposes, may result in suspension or termination of service.

Clients may request export of their submitted trade data and analytical outputs at any time during the term of their service agreement and for ninety (90) days following termination.

Export Formats: Data exports are provided in structured, machine-readable formats such as CSV, JSON, or other formats as specified in the Client's service agreement.

Request Process: Export requests should be submitted to [email protected] and will be fulfilled within thirty (30) days of receipt, subject to verification of the requester's authority to access the requested data.

Scope of Export: Exports include submitted trade data, analytical outputs (behavioral scores, risk flags, detection results), and associated metadata. Exports do not include Stackorithm's proprietary algorithms, model weights, or internal processing logs.

Export Fees: Standard data exports are included in the Client's subscription. Exports requiring significant manual processing or custom formatting may be subject to additional fees as specified in the service agreement.

API Access: Clients with API access may retrieve their data programmatically through documented API endpoints, subject to rate limits and access controls.

Stackorithm processes all Client data using in-house infrastructure and personnel. As of the date of this Policy, we do not engage third-party sub-processors for the processing of Client trade data.

Infrastructure Location: Client data is stored and processed on infrastructure located in the EU region.

Internal Processing: All behavioral detection, risk scoring, and analytical processing is performed by Stackorithm's proprietary systems and personnel. We do not outsource data processing to third-party analytics providers or contractors.

Infrastructure Providers: While we utilize cloud infrastructure services for hosting and storage, these providers do not have access to unencrypted Client data and are not considered sub-processors for purposes of data protection.

Future Changes: If Stackorithm engages sub-processors for Client data processing in the future, we will update this Policy and notify affected Clients in advance, providing an opportunity to review the sub-processor's data handling practices.

Stackorithm may update this Policy from time to time to reflect changes in our data handling practices, platform capabilities, or applicable legal requirements.

Notification: When we make material changes to this Policy, we will notify Clients via email to the address associated with their account at least thirty (30) days before the changes take effect. We will also update the "Last Updated" date at the top of this Policy.

Non-Material Changes: Non-material changes, such as clarifications or corrections that do not affect Client rights or our data handling practices, may be made without advance notice.

Continued Use: Clients' continued use of the Stackorithm platform following the effective date of a Policy update constitutes acceptance of the updated terms. Clients who do not agree with material changes may terminate their service agreement in accordance with its terms.

Version History: Prior versions of this Policy are available upon request by contacting [email protected].

For questions, concerns, or requests regarding this Data Usage Policy or Stackorithm's data handling practices, please contact us at:

Stackorithm LLC Email: [email protected] Website: stackorithm.co

We are committed to responding to data-related inquiries within thirty (30) days and to working with Clients to address any concerns regarding the handling of their data.

For urgent security matters, including suspected data breaches or unauthorized access, please contact [email protected] immediately with "URGENT: Security" in the subject line.