Privacy Policy

The data controller is [LEGAL ENTITY], with registered office at [REGISTERED OFFICE], [VAT/REA], email privacy@blackswanfx.it. At present, the appointment of a Data Protection Officer (DPO) under Article 37 GDPR is not mandatory; this assessment is periodically reviewed.

Depending on the use of the Service, BlackSwan FX may process the following categories of personal data:

• Identification and contact data: first name, last name, email, country of residence, optionally phone number.
• Account data: username, password hash (never plaintext password), preferences, language, time zone.
• Payment and billing data: tax code or VAT number where required, Solana payout wallet address, transaction hashes, billing data necessary to comply with tax obligations.
• Trading data: MT5 account identifier (partially masked), broker, equity, performance metrics, drawdown and operational logs generated by the EA.
• Technical data: IP address, user agent, server logs, session identifiers, technical and analytical cookies.
• Communication data: messages sent through support channels, optionally Discord username when the User joins the community.

BlackSwan FX does not knowingly process special categories of personal data (Art. 9 GDPR) nor data relating to criminal convictions (Art. 10 GDPR). Users are asked not to share such data.

• Service provision (registration, EA licenses, dashboard, support, payout) — legal basis: performance of contract (Art. 6.1.b GDPR).
• Tax, accounting and anti-money laundering obligations — legal basis: legal obligation (Art. 6.1.c GDPR).
• Security, fraud prevention, anti-bot monitoring — legal basis: legitimate interest of the controller in protecting the Service and Users (Art. 6.1.f GDPR).
• Service communications (technical notices, Terms amendments, security notifications) — legal basis: performance of contract or legal obligation.
• Direct email marketing on products similar to those already used — legal basis: legitimate interest, with the right to object at any time.
• Marketing on different products, marketing profiling and non-technical cookies — legal basis: User’s explicit consent (Art. 6.1.a GDPR), revocable at any time.

Data may be shared with third parties appointed as data processors under Art. 28 GDPR for technical or operational needs, including:

• Hosting and CDN providers (e.g. Vercel Inc., Cloudflare Inc.) for the operation of the website and API.
• Database providers (e.g. Neon Inc.) for storing Account and trading data.
• Transactional email and support providers.
• Payment providers and blockchain gateways (for USDC payouts on Solana).
• Legal, tax and administrative advisors, bound by confidentiality obligations.
• Competent authorities, where required by law or order.

Data is not sold or transferred to third parties for marketing purposes.

Some providers (e.g. Vercel, Cloudflare) may process data outside the European Economic Area, including in the United States. In such cases, BlackSwan FX ensures the transfer takes place under appropriate safeguards, in particular: (i) EU Commission adequacy decision where applicable (including the EU-US Data Privacy Framework), (ii) Standard Contractual Clauses adopted by the EU Commission, (iii) additional measures where necessary.

A copy of the safeguards applied can be requested by writing to privacy@blackswanfx.it.

• Account data: for the duration of the relationship and up to 12 months after termination, save for diverging legal obligations.
• Trading data: up to 10 years from generation, in compliance with accounting and AML obligations.
• Billing data: 10 years pursuant to Art. 2220 of the Italian Civil Code.
• Security technical logs: up to 12 months.
• Data collected on the basis of consent (e.g. marketing): until consent is withdrawn or deletion is requested.

At any time the User may exercise the rights set out in Articles 15-22 GDPR, in particular:

• Access to their personal data and to receive a copy of it.
• Rectification of inaccurate data or completion of incomplete data.
• Erasure ("right to be forgotten") of data no longer necessary or unlawfully processed.
• Restriction of processing in the cases set out in Art. 18 GDPR.
• Data portability in a structured, commonly used, machine-readable format.
• Objection to processing for direct marketing or legitimate-interest based processing.
• Withdrawal of consent given, without affecting the lawfulness of processing before withdrawal.
• Complaint to the Italian Data Protection Authority (www.garanteprivacy.it) or to any other competent supervisory authority.

Requests may be sent to privacy@blackswanfx.it and will be addressed within 30 days from receipt, save for reasoned extensions under Art. 12 GDPR.

BlackSwan FX does not engage in automated decision-making with legal effects on the User within the meaning of Art. 22 GDPR. The EA operates solely on the User’s MT5 account to execute trading orders; such operations do not constitute automated decisions producing legal effects on the data subject as a natural person outside of the agreed contractual relationship.

BlackSwan FX applies technical and organizational measures appropriate to the risk, including: TLS transport, strong password hashing, environment segregation, role-based access, audit logs, periodic backups, recurring security reviews. No system is, however, immune to breaches, and Users are urged to adopt strong, unique passwords.

The website uses technical, functional and, subject to consent, analytics cookies. For details please refer to the Cookie Policy, which is an integral part of this notice.

The Service is not directed to individuals under 18. BlackSwan FX does not knowingly collect data from minors. Should a parent or guardian become aware of a minor’s registration, please contact privacy@blackswanfx.it for prompt deletion.

This notice may be updated at any time in light of regulatory, technological or organizational developments. The version in force is always available at blackswanfx.it/legal/privacy with the effective date indicated.