Share MarketAlpha and Get Rewarded!
We are Squadron Technologies Ltd ("Squadron Technologies," "we," "our" or "us"). We respect your privacy and are committed to protecting the confidentiality of the information you provide to us. This Privacy Policy outlines how we handle your Personal data when you use our services on our MarketAlpha.ai websites and the MarketAlpha platform ("Website" and "Platform"). It is intended to help you understand your rights and how we use your data.
Squadron Technologies Ltd is the data controller responsible for your Personal data. We are the sole owner of the MarketAlpha.ai website ("Website"). This Privacy Policy applies to the Personal data we collect when you visit our Website, create an account, or use our applications or services ("you" or "your"). This policy details the types of Personal Data we collect, the reasons for collecting it, the lawful basis for processing your Personal Data, how we use and store it, and the ways in which we share this information.
EU representative (Article 27): We assess that we are not required to appoint an EU representative because our processing of personal data of individuals in the EEA is occasional, not on a large scale, does not include special-category data, and does not involve regular or systematic monitoring of data subjects’ behavior in the Union. We do not target the EEA with localized offerings (e.g., no EEA-specific pricing, currencies, or marketing campaigns) and any EEA interactions occur on an ad-hoc basis when individuals visit our public site or contact us. We keep this assessment under review and will appoint a representative if our circumstances change.
"Personal data" refers to any information that relates to you and can directly or indirectly identify you.
By using our Website or submitting your Personal data, you agree to the terms of this Privacy Policy. Please read it carefully. If you disagree with any part of this Privacy Policy, you should stop using our Website and, if applicable, delete your user account.
We may update this Privacy Policy from time to time at our discretion by posting an updated version on our Website. We encourage you to review this page periodically for any changes. If required by applicable law, we will notify you of any significant changes through email notifications with a clear subject line such as 'Important Update to MarketAlpha Privacy Policy,' and include a summary of the changes made.
We collect Personal data from you when you interact with our Platform, including but not limited to:
Sign Up Request: When you request beta access to the platform, you will be asked to provide your full name and email address.Account Information: When you create an account, you will be asked to provide a username and password.Profile Information: If you choose to provide additional information, such as a profile picture or additional contact details, this data will also be collected and stored.Marketing sign-up: If you join our mailing list, we collect your email address and your marketing permission via Mailchimp (double opt-in).Payment Information: For Paid User accounts, our third-party payment processor collects and processes payment details. We do not store full card or bank account numbers or security codes (e.g., CVV/CVC) on our systems. In Stripe, we can view limited payment-method metadata to administer billing, provide support, and prevent fraud.Community access (Discord): If you choose to join our Discord server, we collect your Discord username and ID. To enable access to subscriber-only channels, you may optionally send us—via Discord direct message—the email address you used for your MarketAlpha account so we can verify your subscription and assign roles. We do not share your email with Discord; we use it only to match your account.Cookies and other technologies: On the MarketAlpha platform we use strictly necessary cookies for secure sign-in, session continuity, and fraud prevention. On the public marketing site we set only a preference/consent-receipt cookie to remember your choice. Analytics cookies from Google Analytics (GA4) and Mouseflow are used only with your consent, are disabled by default, and can be changed at any time via “Cookie Settings” in the footer. We do not use cookies for advertising, remarketing, or cross-site behavioral targeting. See our Cookie Policy.Log Files: Like most websites, we collect log files, which may include your IP address, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, and date/time stamps. We use this data to administer the site, analyze trends, and gather broad demographic information. Retention: general web/application logs (non-WAF) are retained for 30 days, then deleted.Device Information: We collect information about the devices you use to access our services, including IP addresses, device type, operating system, browser version, and application version. This helps us prevent fraud, abuse, and ensure the security of our services.Analytics: With your consent, we use analytics tools (Google Analytics 4 and Mouseflow) to understand how our Website and Platform are used. We collect pseudonymous usage data such as pages viewed, interactions, approximate location (derived from IP by the provider), device/browser type, and performance/crash events. Analytics is disabled by default and can be changed at any time via “Cookie Settings.”Account security and access logs: At sign-up we record a signup timestamp and IP address; on login we record the last login time and IP address. We use these solely for security, abuse and fraud-prevention, not for marketing. IP addresses in these account audit entries are stored in full; by contrast, our separate consent records store only a pseudonymised IP network prefix.Analytics runs only if you consent. When enabled, we collect pseudonymous usage and performance data (not tied to your account and not used for advertising or profile building). We also implement consent controls (including Google Consent Mode and our own blocking/unloading logic) so analytics is off when you select Essential or Reject All. We collect only pseudonymous Personal data, ensuring that no PII is included in our analytics reports. This data is used to analyse and enhance our services and applications, as well as for ongoing development and testing. We utilize both internal analytics tools and third-party service providers to achieve these purposes.
We use Google Analytics (GA4) and Mouseflow. If you choose Essential or Reject All, we disable Google Analytics (no cookies, no hits) and block or unload Mouseflow and delete its cookies. When enabled, analytics is pseudonymous and is not linked to your account or used for targeted advertising or profile building.
Mouseflow is a website analytics tool that provides session replay, heatmaps, funnels, form analytics, feedback surveys, and similar features/functionality. Mouseflow may record your clicks, mouse movements, scrolling, form fills (keystrokes) in non-excluded fields, pages visited and content, time on site, browser, operating system, device type (desktop/tablet/phone), screen resolution, visitor type (first time/returning), referrer, anonymized IP address, location (city/country), language, and similar meta data. Mouseflow does not collect any information on pages where it is not installed, nor does it track or collect information outside your web browser. We mask keystrokes and exclude fields that may contain personal data (e.g., passwords, payment details, email bodies). If you'd like to opt-out, you can do so at https://mouseflow.com/opt-out. If you'd like to obtain a copy of your data, make a correction, or have it erased, please contact us first or, as a secondary option, contact Mouseflow at privacy@mouseflow.com.
More information on Mouseflow's Privacy Policy.More information on Mouseflow and GDPR.More information on Mouseflow and CCPA/VCDPA.Mouseflow only runs if you consent to analytics in our cookie banner; switching to Essential or Reject All stops/unloads Mouseflow and removes its cookies.
We use AWS CloudFront and AWS Web Application Firewall (WAF) to protect our services from malicious activity. These services process network data such as IP address, request time, URLs, user-agent and other request headers solely for security and fraud-prevention purposes.
Lawful basis: our legitimate interests in keeping the service secure and available (Art. 6(1)(f) GDPR/UK GDPR). Retention: security and WAF logs are retained for 30 days, and for logs linked to a specific incident, up to 12 months to investigate and prevent abuse, after which they are deleted. Location and safeguards: logs are stored with AWS under appropriate transfer safeguards (e.g., Standard Contractual Clauses / Data Privacy Framework where applicable), access-restricted, and never used for marketing or profiling.
When you make or change a cookie choice, we create a server-side record to demonstrate compliance and troubleshoot consent issues. This record includes: a consent receipt ID (ccid), your choice (Reject All / Essential / Accept All), banner and policy versions, MarketAlpha site, whether the small or main box was used, browser/OS, derived country, client and server timestamps, and a pseudonymised IP network prefix. The raw IP is discarded immediately. These records are stored separately from security/WAF logs, are encrypted and access-restricted, and are retained for up to 6 months before deletion.
When you proceed past the Terms screen, we create a server-side record to evidence contract formation. This record includes a timestamp, your email, internal and authentication identifiers, the policy/version shown, site context, and a truncated IP address (network prefix). Raw IPs are not stored in this record (though they may appear temporarily in security/WAF logs described above). Where you have a paid relationship, we also store your payment customer reference (e.g., Stripe customer ID). We do not store payment card details.
In hosted checkout flows, our record includes the timestamp, your email (or billing reference), and the policy/version shown. Stripe processes network data under its own privacy policy.
We process your Personal data for the following purposes:
Provision of Services: To provide you with the services you have requested, such as access to our platform components, account management, and customer support.Contract formation and administration: To record your acceptance of the Terms of Use/EULA and manage related account records.Fraud prevention and abuse detection: To use signup/login timestamps and IPs to protect accounts and our service.Account Security: To authenticate and secure your user account, prevent fraud, and monitor for suspicious activity.Improvement of Services: To analyse usage patterns and feedback, allowing us to improve the Platform and develop new features.Marketing Communications: With your consent (double opt-in), we send newsletters, product insights, updates and occasional offers via Mailchimp. You can unsubscribe at any time using the link in those emails.Service communications: We send transactional/service emails (e.g., registration/verification, password reset, login alerts, billing receipts, security notices, account deletion/closure confirmations). These are sent via our email provider (Amazon SES) and, for billing, via Stripe. They are not marketing and are necessary to operate your account.Referral program administration: To attribute successful referrals and apply account credits, we store a referral code and track redemptions in Stripe metadata. We do not store payment card details.Community administration (Discord): To verify subscriber status, assign roles, and moderate our Discord community. We keep a minimal internal audit record (Discord user ID, role granted, verification timestamp).Legal Obligations: To comply with legal obligations, such as tax laws, audits, and regulatory requirements.We process your Personal data under the following lawful bases as defined by the UK GDPR:
Contractual Necessity: Processing is necessary to fulfil our contractual obligations to you, such as providing access to our Platform.Legitimate Interests: Processing is necessary for our legitimate business interests, such as improving our services, marketing, and ensuring security, provided that these interests do not override your rights and freedoms.Legal Obligation: Processing is necessary to comply with legal requirements.Consent: Where required, we will obtain your consent before processing your Personal data, such as for certain marketing communications. You can withdraw your consent at any time.How this applies here: platform essential cookies and security/WAF logging rely on contractual necessity and our legitimate interests in security and service integrity; analytics cookies rely on your consent; preference and consent-receipt records rely on our legitimate interests in demonstrating and managing consent (Art. 7(1) accountability). For direct electronic marketing, we rely on your consent and use double opt-in; unsubscribing from marketing does not affect transactional/service emails. Discord role verification and community moderation rely on contractual necessity (delivering subscriber benefits) and our legitimate interests in community administration and safety.
In addition, maintaining a minimal audit trail of your Terms acceptance (timestamp, user IDs, version shown, and pseudonymised IP prefix) relies on our legitimate interests in establishing, exercising or defending legal claims and in service integrity.
In the hosted checkout flow (Stripe Checkout), our evidence record may not include an IP address; maintaining a non-IP audit trail that references Stripe’s records relies on our legitimate interests in establishing, exercising or defending legal claims.
For billing administration using Stripe dashboard records (contact, billing address, subscription/invoice activity and limited payment-method metadata), we rely on contractual necessity and our legitimate interests in accurate billing and fraud-prevention; Stripe processes certain data under its own lawful bases as an independent controller.
We share your Personal data with third parties only under the following circumstances:
We engage third-party service providers to support our operations, including:
Payment Processors: For processing payment information (refer to "Payment Information" above).IT and Cloud Service Providers: For hosting our data and providing IT support.Analytics Providers: For tracking and analysing usage of our Platform.Email Delivery (Transactional): Amazon Simple Email Service (SES) to send service emails (e.g., verification, password reset, alerts).Email Marketing: Intuit Mailchimp to manage subscriptions and send newsletters, updates and offers (double opt-in; unsubscribe in every message).Payments and Billing: Stripe for subscriptions, invoices and receipts (we may store your Stripe customer ID to link billing to your account; we do not store card/bank details). Card/bank details are handled by Stripe. Stripe also maintains customer/billing records and processes certain data as an independent controller for anti-fraud and regulatory compliance. See Stripe’s Privacy Policy.These third parties are only permitted to process your personal data according to our instructions and are subject to strict confidentiality and data privacy obligations.
We may share your Personal data with affiliated businesses within our corporate group for administrative purposes, marketing, and the provision of services you have requested. These affiliates are bound by the same data protection standards as outlined in this Privacy Policy.
We may disclose your Personal data:
To comply with legal obligations, court orders, or regulatory requirements.To enforce our Terms of Use or other agreements.In the event of a merger, acquisition, or sale of all or a portion of our assets, your Personal data may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your Personal data.If we are involved in a merger, acquisition, reorganization, or sale of assets, your Personal data may be transferred as part of that transaction. We will notify you of any material change in ownership and of any choices you may have regarding your Personal data.
We share pseudonymous analytics data with third-party service providers to analyse how our Platform is used, enhance our services, and support ongoing development. These providers are subject to strict confidentiality obligations and are only permitted to use this data according to our instructions and for the purposes outlined in this Privacy Policy.
We do not sell your Personal data and we do not share it for cross-context behavioral advertising.
We host our community on Discord. If you join, Discord, Inc. processes your data as an independent controller under its own privacy policy and terms. We do not upload your MarketAlpha account data to Discord.
To enable subscriber-only access, you may optionally send us the email used for your MarketAlpha account so we can verify your subscription and assign the correct role. We use it solely for verification and do not share it with Discord. We keep a minimal internal record (Discord user ID, role, verification timestamp).
Please do not post or send sensitive Personal data on Discord. If you prefer not to use Discord DMs, you can request access by emailing support@marketalpha.ai.
We implement robust technical and organizational measures to protect your Personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
Encryption: We use Transport Layer Security (TLS) to encrypt data during transmission.Access Controls: We restrict access to your Personal data to authorized personnel only.Physical Security: We maintain physical security measures to protect our data storage facilities.Ongoing Security Enhancements: We regularly update our security practices to address emerging threats.Despite our efforts, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security, but we continuously work to ensure that your Personal data is protected to the highest possible standard.
Our services are not intended for children under 18 years of age, and we do not knowingly collect Personal data from children. If you believe we have inadvertently collected such data, please contact us immediately. We do not process sensitive Personal data as defined by UK GDPR Article 9, such as data concerning health, race, religion, or sexual orientation. If such data is inadvertently collected, please contact us and we will take immediate steps to delete it.
Our Platform may contain links to third-party websites. These sites operate independently of us and have their own privacy policies. We are not responsible for the content or privacy practices of these linked sites. We recommend that you review the privacy policies of any third-party sites you visit.
You have the option to stop using our Platform and request the deletion of your account through the Account Settings page. Upon your confirmation, your account will be permanently deleted. This process includes the removal of any Personal data you have provided to us. However, certain content, such as published ideas/scripts and messages sent to other users, will be retained as they are integral to the platform's operation and integrity. For legitimate business purposes and to comply with legal obligations, including tax laws, audits, and security requirements, certain data may need to be retained for a longer period.
If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you have certain rights regarding your Personal data under applicable data protection laws:
Access: You can request a copy of the Personal data we hold about you and relevant details of how we process it.Correction: You have the right to request the correction of inaccurate or incomplete Personal data.Deletion: You can request the deletion of your Personal data, subject to certain exceptions, such as where retention is required by law.Restriction: You have the right to request the restriction of processing your Personal data under certain circumstances.Objection: You can object to the processing of your Personal data where we rely on legitimate interests or for direct marketing purposes.Data Portability: You have the right to receive your Personal data in a structured, commonly used, and machine-readable format and request its transmission to another controller.Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.You may request a copy of your cookie consent record and Terms/EULA acceptance record; we will provide the timestamp, version, and identifiers stored with the record. To exercise your rights, please contact us at support@marketalpha.ai. We may need to verify your identity before processing your request. We aim to respond to all legitimate requests within one month, but it may take longer if your request is complex or if you have made multiple requests.
For payment data Stripe controls (e.g., card details and fraud signals), you may also exercise your rights directly with Stripe via its privacy policy; if you contact us, we will help route your request.
If you remain unhappy, you can lodge a complaint with the UK Information Commissioner’s Office (ICO). See the ICO’s guidance on how to complain. If you are in the EEA, you may also complain to your local supervisory authority.
We retain your Personal data only for as long as necessary to fulfil the purposes for which it was collected, including:
Service Provision: For the duration of your use of our Platform and services.Legal Compliance: As required by applicable laws and regulations, including retention periods for tax and financial reporting.Dispute Resolution: To resolve disputes, enforce agreements, and prevent fraud or abuse.Once your data is no longer needed, we will either delete it or anonymize it, ensuring it cannot be linked back to you.
Additional retention details: consent preference and receipt cookies are kept for up to 6 months; security/WAF logs are retained for 30 days. Analytics retention: Google Analytics (GA4) user and event data retention is set to 2 months. Session analytics (Mouseflow) session data is retained for 3 months. Aggregated, non-personal reports may be retained longer for trend analysis.
Terms acceptance records are retained for the life of your account and up to 6 years after closure to establish or defend legal claims. Account security entries (signup/login timestamps and IPs): retained for the life of your account and up to 12 months after closure to investigate fraud and security issues, then deleted.
We keep references to your billing profile (e.g., Stripe customer ID and default payment-method identifier) for the life of your account and up to 6 years thereafter for accounting; Stripe retains payment-method metadata and billing records under its own retention policy.
Referral attribution metadata (referral codes and reward redemptions recorded in Stripe) is retained for the life of your account and up to 6 years thereafter for accounting and fraud-prevention purposes.
Transactional email delivery logs (SES) retained for 30 days (up to 90 days in case of delivery troubleshooting), then deleted. Marketing subscription, unsubscribe and consent records are retained by Mailchimp for as long as we maintain our mailing list to demonstrate consent; we keep suppressed/unsubscribed addresses to honor opt-out requests.
Discord verification DMs: reviewed and deleted within 30 days of role assignment. Internal Discord access/audit records (Discord user ID, role, timestamps) are retained for the life of your subscription and up to 12 months after closure to investigate abuse, then deleted.
Unless stated otherwise above, operational logs that may include IP addresses are retained for 30 days (extendable up to 12 months if tied to a security investigation) and are then deleted.
Your Personal data may be transferred to, and stored in, countries outside the European Economic Area (EEA) or the United Kingdom (UK), including the United States. These countries may have different data protection standards compared to your home country.
We ensure that all international transfers of your Personal data are protected by appropriate safeguards, such as:
Standard Contractual Clauses (SCCs): We implement the up to date SCCs approved by the European Commission (Commission Implementing Decision 2021/914 on standard contractual clauses for the transfer of personal data to third countries dated 4th June 2021), or other lawful mechanisms that ensure adequate protection of your data.The UK's International Data Transfer Agreement (IDTAs): The international data transfer addendum to the European Commission's standard contractual clauses for international data transfers (Addendum).US Personal Data Transfer: For any transfer of Personal Data to the US we ensure that such transfers are subject to similar safeguards or rely on lawful transfer mechanisms such as the US-EU Data Privacy Framework or the US-UK data bridge. Where we transfer personal data internationally, we do so under appropriate safeguards (e.g., SCCs, UK IDTA, and where applicable the UK–US data bridge/Data Privacy Framework).Our key processors for the services described here include Amazon Web Services (infrastructure and WAF), Google (Analytics), Mouseflow (session analytics), Intuit Mailchimp (email marketing) and Stripe (payments/billing). Where data is transferred outside the UK/EEA, we rely on the SCCs/UK IDTA or applicable Data Privacy Framework arrangements, together with technical and organizational measures. Our Discord community is hosted by Discord, Inc. (US). Participation there involves international transfers governed by Discord’s own safeguards and privacy policy.
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):
Right to Know: You can request information about the categories and specific pieces of Personal data we have collected about you over the past 12 months, the categories of sources from which the Personal data is collected, the purpose for collecting the Personal data, and the categories of third parties with whom we share it.Right to Deletion: You can request that we delete any Personal data we have collected from you, subject to certain exceptions.Right to Opt-Out: You have the right to opt-out of the sale of your Personal data. We do not sell your Personal data.Right to Correct: You have the right to request correction of inaccurate personal information we hold about you.Right to Limit Sensitive PI: We don’t use sensitive personal information in a way that requires this right, but you may request limits if that changes.Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. This means we will not deny you services, charge you different prices, or provide a different quality of services based solely on your exercise of these rights. To exercise your rights under the CCPA, please contact us at support@marketalpha.ai. We will verify your request by confirming your identity and residency before processing your request.Full name of legal entity:
Squadron Technologies Ltd, Company Number 15443211Questions? Email support@marketalpha.ai or write to: Harben House Harben Parade, Finchley Road, London, United Kingdom, NW3 6LH.
If you have any questions or concerns about how we handle your personal data, we would really appreciate the opportunity to resolve them directly. Please do not hesitate to get in touch with us and we will do our best to help.