Privacy Policy

This Privacy Policy ("Policy") describes how AuditZK Inc. ("AuditZK," "we," "us," or "our") collects, uses, discloses, and protects your personal information when you use our platform and services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with this Policy, please do not use our Services.

This Policy is designed to comply with applicable data protection laws, including the European Union General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), and other applicable privacy regulations.

1. Data Controller

For the purposes of applicable data protection laws, the data controller responsible for your personal information is:

As the data controller, we determine the purposes and means of processing your personal data and are responsible for ensuring that such processing complies with applicable law.

2. Definitions

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name (optional), and authentication credentials managed through our identity provider (Clerk).
• Exchange API Credentials: Read-only API keys and secrets for connecting your exchange accounts. These are encrypted using AES-256-GCM and processed exclusively within TEE enclaves.
• User Preferences: Display settings, timezone, preferred currency, and notification preferences.
• Communications: Information you provide when contacting our support team.

3.2 Information Collected Automatically

• Trading Data: Portfolio balances, historical snapshots, and aggregated performance metrics retrieved from your connected exchanges.
• Usage Data: Pages visited, features used, session duration, and interaction patterns.
• Device Information: IP address, browser type and version, operating system, and device identifiers.
• Log Data: Server logs including access times, error reports, and diagnostic information.

3.3 Information We Do Not Collect

• We do not collect or store individual trade details, order history, or trading strategies.
• We do not request or store withdrawal-enabled API keys.
• We do not collect sensitive personal data as defined under GDPR Article 9 (racial origin, political opinions, health data, etc.).

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

5. How We Use Your Data

• Service Delivery: To provide, maintain, and improve our performance analytics platform, including generating verified track records and performance reports.
• Account Management: To create and manage your account, process subscriptions, and provide customer support.
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats.
• Communications: To send service updates, security alerts, and (with your consent) promotional communications.
• Analytics: To understand how users interact with our platform and to improve user experience (with your consent).
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

6.2 Managing Cookie Preferences

You can manage your cookie preferences through our cookie consent banner displayed when you first visit our website. You can also modify your preferences at any time through your browser settings or by clearing your cookies and revisiting our site.

6.3 Analytics Services

With your consent, we use Google Analytics 4 (GA4) to analyze website traffic and usage patterns. Google Analytics uses cookies to collect anonymized data about your interactions with our website. You can opt out of Google Analytics by declining analytics cookies or by installing the Google Analytics Opt-out Browser Add-on.

7. Third-Party Services and Data Sharing

We share your data with the following categories of third-party service providers:

We require all third-party service providers to process your data in accordance with applicable data protection laws and to implement appropriate security measures. We do not sell your personal data to third parties.

8. International Data Transfers

Your personal data may be transferred to and processed in countries outside your country of residence, including the United States, where our infrastructure providers (Vercel, Clerk, Neon) operate. These countries may have data protection laws that differ from your jurisdiction.

Our service providers maintain their own data protection practices and compliance certifications. By using our Services, you consent to these international transfers.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law.

10. Your Rights

10.1 Rights Under GDPR (EU/EEA Residents)

• Right of Access (Art. 15): Request a copy of your personal data and information about how we process it.
• Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.
• Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
• Right to Restriction (Art. 18): Request limitation of processing in certain circumstances.
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (Art. 21): Object to processing based on legitimate interests.
• Right to Withdraw Consent (Art. 7): Withdraw consent at any time for consent-based processing.

10.2 Rights Under CCPA (California Residents)

• Right to Know: Request disclosure of the categories and specific pieces of personal information we collect.
• Right to Delete: Request deletion of your personal information.
• Right to Opt-Out: Opt out of the "sale" of personal information. Note: We do not sell personal information.
• Right to Non-Discrimination: Exercise your rights without discriminatory treatment.
• Right to Correct: Request correction of inaccurate personal information.

10.3 Exercising Your Rights

To exercise any of these rights, please contact us at support@auditzk.com. We will respond to your request within 30 days (or 45 days for CCPA requests). We may need to verify your identity before processing your request.

11. Data Security

We implement technical measures to protect your personal data:

11.1 Encryption

• AES-256-GCM encryption for API credentials at rest
• TLS encryption for all data in transit (HTTPS)

11.2 Trusted Execution Environments (TEE)

• AMD SEV-SNP hardware-based isolation for credential processing
• API credentials are decrypted only within isolated enclaves
• Memory encryption prevents unauthorized access during processing

11.3 Incident Response

In the event of a data breach affecting your personal data, we will notify you as soon as reasonably possible and take appropriate steps to mitigate any harm.

12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at support@auditzk.com, and we will take steps to delete such information.

13. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this Policy
• Notify you via email or prominent notice on our platform
• Obtain your consent where required by applicable law

14. Contact Information & Complaints

14.1 Contact Us

For privacy-related inquiries, data subject requests, or questions about this Policy:

14.2 Supervisory Authority

If you are located in the EU/EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU data protection authorities is available at:https://edpb.europa.eu/about-edpb/about-edpb/members_en