GDPR Notice

01.Overview

This notice describes how SMRT Algo collects, uses, and protects personal data belonging to individuals located in the European Economic Area (EEA), the United Kingdom, and Switzerland under the General Data Protection Regulation (EU 2016/679) and the UK Data Protection Act 2018 (collectively, the "GDPR").

This notice supplements — and should be read alongside — our standard Privacy Policy. Where there is any conflict between the two for users covered by the GDPR, this notice prevails.

02.Data Controller

SMRT Algo acts as the "data controller" for the personal information described in this notice. That means we decide what personal data is collected and how it is used.

03.Personal Data We Process

We process the following categories of personal data:

• Account information — your name, email address, and password (hashed) used to create and access your member account
• Order information — billing address, payment method details (tokenised by our payment processor), and purchase history
• TradingView identifiers — the TradingView username you provide so we can grant access to our indicators
• Device & usage data — IP address, browser type, time zone, pages visited, and interaction events captured via cookies and similar technologies
• Support correspondence — messages you send us via email or any contact form, including any attachments

04.Legal Basis For Processing

Under GDPR we must have a lawful basis to process your personal data. The basis we rely on depends on the activity:

• Contract — to deliver the services you have purchased (account creation, indicator access, billing, customer support)
• Legitimate interest — to operate, secure, and improve our service; to prevent fraud; to send product-related updates to existing customers
• Consent — for optional marketing communications and non-essential cookies, where consent has been given
• Legal obligation — to retain records required by tax, accounting, and other applicable laws

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

05.Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights over the personal data we hold about you:

06.How To Exercise Your Rights

To exercise any of the rights above, please email support@smrtalgo.com from the email address associated with your account. Include the specific right you wish to exercise so we can route your request correctly.

We will respond to your request within 30 days. In some cases — particularly with complex requests — we may extend this period by an additional 60 days and will notify you of the extension and the reason for it. There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.

To protect your data, we may need to verify your identity before fulfilling certain requests. This typically involves confirming details that only the account holder would know.

07.International Data Transfers

SMRT Algo is operated outside the EEA and UK, and processes data using third-party service providers (including TradingView, our payment processor, our email infrastructure, and our hosting provider) that may also be located outside the EEA or UK — primarily in the United States and Canada.

Where personal data is transferred outside the EEA or UK, we rely on appropriate safeguards, including the European Commission's Standard Contractual Clauses or the UK International Data Transfer Addendum, to ensure your data is protected to the standard required by GDPR.

08.Data Retention

We retain personal data only for as long as it is necessary for the purposes outlined in this notice and our Privacy Policy, or as required by law. As a general rule:

• Account data is retained while your account is active and for up to 12 months after closure to handle support follow-ups and refund eligibility
• Order and billing records are retained for up to 7 years to meet tax and accounting obligations
• Marketing data is deleted promptly upon withdrawal of consent
• Support correspondence is retained for 2 years to assist with recurring issues

You can request earlier deletion at any time via your right to erasure — subject to any legal retention obligations we are required to meet.

09.Cookies & Tracking

For users in the EEA and UK, we only set non-essential cookies (analytics, marketing) after you have given consent through our cookie banner. Essential cookies — those required for the site to function, log you in, or process payments — are set without consent because they are strictly necessary to deliver the service you requested.

You can review or change your cookie preferences at any time via the cookie settings link in our site footer.

10.Supervisory Authorities

You have the right to lodge a complaint with a supervisory authority in the EU member state where you live or work, or where the alleged infringement of GDPR occurred. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, you can find your local data protection authority via the European Data Protection Board at edpb.europa.eu.

We would, however, appreciate the chance to address your concerns directly first — please email us before lodging a formal complaint and we will do our best to resolve any issue.

11.Changes To This Notice

We may update this GDPR notice from time to time to reflect changes to our practices, regulatory updates, or operational requirements. The updated version will be marked with a new "Last updated" date and becomes effective the moment it is posted. We will notify affected users by email when material changes are made.

12.Contact

For all GDPR-related requests, questions, or concerns, please email support@smrtalgo.com. To help us respond quickly, please include the specific right you are exercising and any account details we will need to verify your identity.