Who is responsible
GEX Levels is operated by the editor identified in the Mentions légales. For any privacy request, contact support@gex-levels.com. Processing is governed by French and EU data-protection law.
Draft privacy page
Privacy policy
is being finalized.
This page is a release-version draft while final privacy copy is reviewed. It has not been validated by a lawyer. It describes the current implementation without adding claims beyond it. The Education Library and the GEX Levels Indicator are separate products.
What we process
Your data, point by point.
Account & sign-in data
If you create an account, we process your email address, a securely hashed password, an opaque session reference, and a device hash used to bind an Indicator license to your device. This data exists to sign you in, protect your session, and verify access. We do not sell it.
Manual access requests
If you request access manually, basic contact information such as email address and request context may be collected to respond and manage access.
Private Trading Journal data
If you use the optional private Trading Journal, it stores only the trade entries you choose to record (your own inputs). Summary figures are computed from those entries. The data is private and scoped to your account; you can export it (CSV/JSON) or permanently delete your trades and account at any time. It is not shared and is not used for advice or signals.
Future payment provider
When payment automation is added, payment data will be handled by the payment provider. No payment automation is active on this website yet.
Protected files
No public paid files are exposed on the site. Protected library delivery will be handled through access checks, with download audit logs, when implemented.
Cookies & browser storage
The site uses only strictly-necessary first-party cookies and browser storage to sign you in and protect your session: an HttpOnly session cookie, a CSRF-protection cookie, and local storage for a device hash and your session/account state. These are essential — not advertising or cross-site tracking. Cloudflare Turnstile (human verification) may set its own anti-abuse storage on the sign-up, password-reset and access-request forms. No third-party advertising or analytics tracking cookies are used.
Legal bases
We rely on these legal bases under the GDPR: performance of a contract (creating and running your account, and verifying access to a product you obtained); our legitimate interest (securing sessions, and preventing abuse and fraud, including Cloudflare Turnstile human verification); your consent where it applies (optional features you choose to enable); and compliance with legal obligations (for example accounting records). You can object to processing based on legitimate interest at any time by contacting support@gex-levels.com.
International data transfers
Our website hosting (Netlify, Inc.) and our API, edge, database and file storage (Cloudflare, Inc.) are operated by US-based providers, so some data may be processed outside the EU/EEA. These transfers rely on appropriate safeguards — the EU–US Data Privacy Framework and/or the European Commission's Standard Contractual Clauses. A future payment provider will document its own transfer safeguards.
Your rights
Subject to applicable law, you can request access to, rectification of, erasure of, a portable copy of, or object to the processing of your personal data, and you may lodge a complaint with the competent supervisory authority. To exercise these rights, contact support@gex-levels.com. Journal data and your account can also be deleted directly from your account.
Retention
We keep personal data only as long as needed for the purpose it was collected. Concretely: account data is kept while your account is active and deleted within 30 days of account closure; an access request that does not lead to an account is kept up to 12 months; Trading Journal entries are kept until you delete them or your account; support records are kept up to 24 months to handle follow-up. Where the law requires a longer period (for example accounting and invoicing records), that obligation prevails.
Final privacy terms should fully document license verification, session handling, device hashes, support records, Trading Journal data, payment-provider processing if added later, and protected-download audit logs before public checkout launch. GEX Levels remains educational and informational only, not financial advice.
Related