Back

Privacy & Cookies Policy

How Wealth AI Software GmbH collects, uses, and protects your personal data

1. Introduction & Scope
Wealth AI Software GmbH is committed to transparent processing of personal data and, therefore, provides the following information in accordance with applicable data protection law. This Privacy Policy ("Policy") explains how Wealth AI Software GmbH ("Wealth AI", "we", "us", "our") collects, uses, discloses, and protects personal data when individuals ("you", "your") access or use the Platform. The purpose of this Policy is to provide clear and transparent information about:
  • what personal data we process,
  • for which purposes and on which legal bases we process such data,
  • with whom we share data and under what safeguards,
  • how long we retain personal data,
  • what your rights are under applicable data protection laws, and
  • how you can exercise those rights.
Wealth AI:
  • does not provide investment advice or any form of regulated advice, does not assess suitability or appropriateness, and does not take into account your individual financial situation, objectives, or risk profiles;
  • does not engage in trading activities, and does not execute, transmit, route, forward, modify or cancel orders;
  • does not manage portfolios, and does not hold or safeguard client funds or assets.
The implementation or execution of any strategy template occurs solely within an external account of the user held with a third-party provider ("Linked Account") and is subject to the sole responsibility of you and/or the respective third-party provider. This Policy is public-facing and does not limit any rights you may have under mandatory law.
1.1. Contact Details
Wealth AI Software GmbH, FN 669857 i
Kartäuserweg 3
2500 Baden
Austria

E-Mail: contact@wealthai.trade
Phone: +43 650 5695265
1.2. Definitions
For the purpose of this Privacy Policy:
  • "Account" means a unique account created for you to access our Service or parts of our Service.
  • "API Key" refers to credentials (including public key, secret key, session token, OAuth token or similar authentication mechanisms) provided by an external broker or exchange that allow the user to connect a "Linked Account" to the Platform for data access purposes. Where API keys are used, they are stored securely and encrypted, and are handled with the minimum permissions required for the intended functionality.
  • "Cookies" are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.
  • "Controller" refers to Wealth AI as the legal person which alone (or jointly with others) determines the purposes and means of the processing of Personal Data.
  • "Processor" refers to the entity that processes Personal Data on behalf of the Controller according to documented instructions. Wealth AI generally acts as the data controller for the data processing described in this Policy. Certain vendors, hosting providers, analytics service providers, and infrastructure partners may act as data processors.
  • "Data Subjects" have the rights granted under applicable data protection laws, including the right of access, rectification, erasure, restriction of processing, data portability and the right to object.
  • "Device" means any device that can access the Service such as a computer, a cell phone or a digital tablet.
  • "Linked Account" refers to an external account that the user maintains with an external broker, an exchange, or a comparable service provider. All trading activities take place exclusively within this Linked Account.
  • "Personal Data" means any information relating to an identified or identifiable natural person. A person is identifiable if they can be identified directly or indirectly, for example by name, identification number, online identifier, account ID, trading activities or one or more characteristics specific to their physical, economic, cultural or digital identity.
  • "Platform" refers to the websites, applications, and related services operated by Wealth AI, including informational and analytical features.
  • "Processing" means any operation or set of operations which is performed on personal data, whether or not by automated means.
  • "Profiling" means any automated processing of Personal Data used to evaluate certain personal aspects relating to a natural person. Wealth AI does not perform profiling for the purpose of providing personalized investment advice, suitability or appropriateness assessments, creditworthiness assessments, or other decision-making that produces legal effect or similarly significantly affects Users.
  • "Sensitive Data" or "Special Categories of Personal Data" (Art. 9 GDPR) includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning health, or data concerning a person's sex life or sexual orientation. Wealth AI does not intend to process sensitive data and advises users not to enter such information on the platform or in the AI Assistant.
  • "Service" refers to the Website and the Platform, including its dashboards, analytics features, and the feature for displaying Strategy Templates and related informational content.
  • "Service Provider" means any natural or legal person who processes the data on behalf of Wealth AI. For the purpose of the GDPR, Service Providers are considered Data Processors.
  • "Strategies" means non-binding, generic strategy templates and rule sets relating to crypto-assets that are provided for informational and educational purposes only. Strategies are not personalized recommendations and do not constitute investment advice, portfolio management, or any other regulated financial service.
  • "Strategy Template" means a predefined, generic and non-personalized representation of a strategy concept, expressed as a structured set of parameters, rules or illustrative configurations, which is displayed on the Platform solely for informational purposes. They do not constitute investment advice, a recommendation, a solicitation or an assessment of suitability or appropriateness.
  • "You" or "User" means the individual accessing or using the Service, or the legal entity on behalf of which such individual is accessing or using the Service, as applicable.
1.3. Scope
This Policy applies to Personal Data processed in connection with the provision of the Website, in particular the following services:
  • "Website": The Website https://wealthai.trade/ operated by Wealth AI, and associated subdomains.
  • "Platform": The online Platform, dashboards, analytics environments, mobile applications and associated user interfaces.
  • "Linked Accounts": Integration of external broker or exchange accounts via API keys, OAuth tokens or similar mechanisms.
  • "Customer Support and Communication": Any interaction with Wealth AI via e-mail, chat, support tickets, social media channels under the control of Wealth AI Software GmbH, or other means of communication.
This Policy does not apply to: Websites, platforms, brokers, exchanges, wallets, or third-party services, even if accessed via Wealth AI integrations; data processing activities where Wealth AI acts solely as a data processor on behalf of another controller; or situations where third parties independently determine the purposes and means of processing.
2. Categories of Data We Process
2.1. Account, Identity Data
When users create an account on the Platform, Wealth AI processes certain account- and identity-related data necessary to register users, secure their accounts, and provide access to the Platform. This may include first name, last name, email address, and country or region of residence. Users may optionally provide additional profile information to personalise their experience. Account and identity data are processed exclusively for Platform operation, security, user authentication, and compliance purposes.
2.2. Linked Account Data
Where users choose to link an external brokerage or exchange account, Wealth AI may process certain data retrieved from such Linked Accounts for informational, display, and analytical purposes only. Linked Account Data may include asset balances, current positions, and historical transaction records. Wealth AI does not execute trades, transmit orders, route orders, modify or cancel transactions, or otherwise interact with Linked Accounts for execution purposes.
2.3. Technical & Usage Data
To ensure the security, stability and functionality of the Platform, Wealth AI processes certain technical and usage-related data automatically generated during User interactions. This may include IP addresses, device identifiers, browser and operating system information, session identifiers, login timestamps, and feature usage metrics. Such data is processed only for the minimum duration necessary, and solely for operational, security and service improvement purposes.
3. Purposes and Legal Bases for Processing
Wealth AI processes Personal Data exclusively for clearly defined, lawful and proportionate purposes, in accordance with Articles 5 and 6 GDPR and the principles of data minimisation, purpose limitation and transparency.
3.1. Platform Access, Account Management and Security
Personal Data is processed to enable user registration, authentication, secure login, session management, and access to Platform features. This processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR) and for maintaining the security and integrity of the Platform, representing legitimate interests pursued by Wealth AI (Art. 6(1)(f) GDPR).
3.2. Provision of Informational and Strategy-Related Content
Personal data is processed to provide users with informational content, educational explanations, market-related context, and non-binding Strategy Templates through the Platform. The following data will be processed:
Category Data Types
Identity and Contact Details Email address; Country of residence
Account Data Internal user ID (unique identification number generated by the system); Registration timestamp (date and exact time of account creation)
Security and Authentication Data Hashed password; Cryptographic keys for two-factor authentication (OTP secret); Google sub-ID (for identification with linked Google accounts)
Contract, Billing and Usage Data Selected subscription plan; Subscription start date; Stripe Customer ID; Stripe Subscription ID; Usage data (e.g., views and interactions with specific strategy templates on the platform)
Technical Data IP address
This processing is necessary for the performance of the contract (Art. 6(1)(b) GDPR). Wealth AI does not execute trades, transmit orders, manage portfolios or make investment decisions on behalf of users.
3.3. Technical Operation, Stability and Security
Personal data is further processed to ensure the technical operation, stability, performance and security of the Platform, including error detection, system monitoring and protection against misuse or unauthorized access. This processing is based on Wealth AI's legitimate interest in maintaining a secure and reliable service (Art. 6(1)(f) GDPR).
3.4. Legal Obligations and Compliance
Where required, Personal Data is processed to comply with applicable legal obligations, including record-keeping, security requirements and cooperation with competent authorities. This includes fulfilling corporate, accounting and tax law retention obligations, ensuring compliance with applicable IT and data security requirements, and complying with relevant financial-market, anti-money laundering, sanctions and supervisory obligations where applicable. Personal Data may also be processed for the establishment, exercise or defence of legal claims.
3.5. Optional Communications
Where users have explicitly consented, Personal Data may be processed for optional communications, such as product updates or newsletters, based on consent (Art. 6(1)(a) GDPR). Consent may be withdrawn at any time. Withdrawal of consent does not affect the legality of previous communications and applies only to future communications.
3.6. Backup and Archiving
Backup copies of Personal Data may be retained for limited periods as part of routine system backups and archiving processes. Backup data is not actively processed, and is deleted or overwritten in accordance with Wealth AI's backup and retention policies once retention periods expire.
4. Data Recipients and Transfers
4.1. Internal Access
Personal Data is accessed internally only by authorized employees of Wealth AI on a strict need-to-know basis and solely for the purposes described in this Policy.
4.2. External Service Providers
Wealth AI may share Personal Data with selected external service providers acting as processors within the meaning of Article 28 GDPR. Such processors process Personal Data exclusively on the basis of Wealth AI's documented instructions, and are subject to appropriate contractual, technical and organizational safeguards.
Name Purpose Role Location Transfer Mechanism
Hetzner Online GmbH Hosting of platform, servers, databases Processor Germany (European Union) No third-country transfer
Cloudflare Inc. Platform security, DDoS protection, Web Application Firewall, Routing, Caching Processor USA EU-U.S. Data Privacy Framework adequacy decision (Art. 45 GDPR)
Proton AG E-Mail communication / Support services Processor Switzerland Adequacy decision of the European Commission for Switzerland
Mailgun Technologies Inc. Automated transactional e-mail delivery (e.g. password reset, system notifications) Processor USA EU-U.S. Data Privacy Framework adequacy decision (Art. 45 GDPR)
Google LLC (Google Analytics) Website analytics — measuring user interactions, visits, session duration, and user behavior on the Platform Processor / Independent Controller USA EU-U.S. Data Privacy Framework adequacy decision (Art. 45 GDPR)
4.3. Third Parties and Legal Disclosures
Personal data may be disclosed to third parties acting as independent controllers where such disclosure is required by applicable law, regulatory obligations, court orders, or where necessary to establish, exercise, or defend legal claims.
Name Purpose Role Location Transfer Mechanism
Stripe Payments Europe Ltd. Processing of payments, subscriptions, fees Independent Controller Ireland, European Union Possible data transfers to Stripe Inc. (USA) on the basis of the EU-U.S. Data Privacy Framework adequacy decision (Art. 45 GDPR)
4.4. International Data Transfers
Where Personal Data is transferred to a third country outside the European Economic Area, the respective recipients are listed above in Sections 4.2 and 4.3 of this Policy. Wealth AI ensures that such transfers take place only where appropriate safeguards are in place, in accordance with the applicable law, including where applicable the use of standard contractual clauses approved by the European Commission.
5. Data Retention and Deletion
5.1. Retention Principles
Wealth AI retains personal data only for as long as necessary to fulfil the purposes for which the data was collected, and in accordance with applicable legal and regulatory requirements.
Processing Purpose Criteria Storage Period
Provision of the Platform, Account Management, and Customer Support (Contractual Fulfillment) Duration of the active contractual relationship with Wealth AI For the duration of the active account. Upon account deletion, personal data is deleted or anonymized within 30 days, unless a legal retention obligation applies.
Processing of payments, subscriptions, and any applicable fees, as well as compliance with accounting and tax laws Statutory retention obligations Up to 7 years after the end of the respective financial year
Ensuring technical operation, stability, and security of the Platform (Legitimate Interest) Minimum duration necessary to detect technical errors, prevent misuse, or investigate security incidents 30 days, after which technical logs are automatically deleted or fully anonymized
5.2. Deletion & Anonymization Criteria
Personal Data shall be deleted or anonymized without undue delay once it is no longer required for the relevant processing purposes, unless further retention is required or permitted by applicable law. Deletion requests are handled in accordance with applicable data protection laws, and do not affect statutory retention obligations.
5.3. Statutory & Legal Retention Obligations
In certain cases, Personal Data may be retained for longer periods where this is necessary to comply with legal, regulatory or contractual retention obligations, or to establish, exercise or defend legal claims. In such cases, data is restricted from active use and retained only for the duration required by law.
6. Data Subject Rights
6.1. Right of Access and Rectification
Data Subjects have the right to obtain confirmation as to whether Personal Data concerning them is being processed, and, where applicable, to request access to such data and the rectification of inaccurate or incomplete Personal Data, subject to the conditions set out in applicable law.
6.2. Right to Erasure and Restriction
Under the conditions set out in applicable law, Data Subjects may request the erasure of their Personal Data, or the restriction of its processing. Requests are assessed on a case-by-case basis and may be subject to statutory retention obligations.
6.3. Right to Data Portability
Where applicable, data subjects have the right to receive Personal Data they have provided in a structured, commonly used and machine-readable format, and to transmit such data to another controller, subject to the requirements of applicable law.
6.4. Right to Object
Data subjects have the right to object to the processing of Personal Data based on legitimate interests, for reasons arising from their particular situation, in accordance with applicable law.
6.5. Exercise of Rights
Requests to exercise the rights of data subjects can be submitted using the contact details provided in Section 1.1 of this Policy.
7. Data Protection regarding Children and Minors
The Platform is not directed at children or minors, and is intended for use by adults only. Wealth AI does not knowingly process Personal Data of children. If Wealth AI becomes aware that Personal Data of a child has been processed without a valid legal basis, such data will be deleted without undue delay. Parents or legal guardians who believe that Personal Data relating to a child has been provided to Wealth AI are encouraged to contact Wealth AI using the contact details set out in this Policy.
8. Cookies Policy
8.1. Definition and Types of Cookies
Cookies are small text files stored on the device by a website or application through your browser. They contain technical information, such as a session ID, settings, or a unique identifier, which allows the browser to provide certain functions or recognize preferences during future visits.
When you visit our platform, our server may set cookies through your device's browser. Your browser stores these cookies and sends them back to our platform during subsequent visits. In this way, it is not the device itself but exclusively the browser used that can be recognized.
Wealth AI distinguishes between technically necessary cookies, which are required for the operation of our platform, and those used for analysis, statistics, or marketing purposes. Technically unnecessary cookies are only set if you have previously given your explicit consent. The processing of Personal Data in connection with cookies is carried out in accordance with the GDPR and the ePrivacy Directive.
8.2. Areas of Application of the Platform
8.2.1. Session Cookies
Session cookies are temporary cookies that are only stored for the duration of your current visit to our platform and are automatically deleted when you close your browser. These cookies contain only technically necessary information, such as a session identifier. Session cookies serve exclusively for the technical provision and stability of our platform and are not used for analysis, tracking, or marketing purposes.
8.2.2. Persistent Cookies
Persistent cookies remain stored on your device beyond the duration of a single session and are not automatically deleted when you close your browser. Each persistent cookie contains a programmed expiration date. Persistent cookies that are not technically necessary are used exclusively based on your explicit consent, which you can withdraw or adjust at any time through the cookie settings.
8.2.3. Third-Party Cookies
Third-party cookies are cookies that are not set by our platform itself but by a third party whose services are integrated into our Platform (e.g., analytics providers, advertising networks, or social media providers). These cookies are stored via the domain of the respective third party and allow them to collect information about your use of our Platform.
Where third-party cookies are used, both Wealth AI and the respective third-party provider may jointly determine the purposes and means of the processing. In such cases, Wealth AI and the respective provider may act as joint controllers within the meaning of Article 26 GDPR. The processing is carried out on the basis of your explicit consent in accordance with applicable law, which can be withdrawn or adjusted at any time via the cookie settings.
8.3. Essential Cookies
Essential cookies are cookies that are strictly necessary for the use of our platform and its core functions. These include, for example, access to secure areas, maintaining sessions, providing navigation elements, storing language preferences, or conducting authorization and form processes. Without these cookies, our platform cannot function properly. Essential cookies are generally set as first-party cookies and are often session cookies.
8.3.1. Functionality Cookies
Functionality cookies allow our platform to save the settings and decisions you have made in order to provide you with a more comfortable and personalized experience. This includes, for example, preferred language settings, regional preferences, or specific configuration options.
8.3.2. Performance Cookies
Performance cookies collect information about how users interact with our platform, for example, which pages are visited, which links are clicked, or how visitors navigate within the platform. These cookies are used solely to improve the performance, stability, and user-friendliness of our platform. When using performance cookies, analytics tools may collect technical log data, including IP address (usually shortened or anonymized), browser and device information, operating system, approximate geographic information, date and time of the visit, and referring and exit pages.
8.3.3. Marketing Cookies
Marketing cookies are used to track users' online behavior across different websites and to create interest profiles. Since marketing cookies process personal data and often allow cross-platform tracking, they are set exclusively based on your explicit consent in accordance with applicable law. Without your consent, no marketing cookies will be activated.
8.4. Google Analytics
Wealth AI uses Google Analytics to measure and analyze users' interactions with the content on our Platform. We collect information such as the number of unique visits, repeat visits, the duration of individual sessions, and user behavior on our platform.
The information collected through Google Analytics is transmitted to and processed by Google LLC ("Google"). Google acts either as an independent controller or as a processor, depending on the specific configuration of the service. The data may also be transferred to the United States. Such transfers are carried out on the basis of the EU-U.S. Data Privacy Framework adequacy decision. Further information on Google's data processing can be found in Google's Privacy Policy at policies.google.com/privacy.
The use of Google Analytics is based on your explicit consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via the cookie settings on our platform, or by using browser-based opt-out tools provided by Google.
8.5. Options for Managing Cookies
The User has the right to decide whether to allow or reject cookies on the used device. The user can set and adjust cookie preferences at any time by using the Cookie Consent Manager on our platform.
Please note that essential cookies (technically necessary cookies) cannot be disabled, as they are strictly required for the operation of our platform and the provision of our services. The access and usability of the platform will not be impaired by the decision to reject non-essential cookies. However, some functions may be limited, or certain areas of the platform may not operate as intended.
8.6. Overview of Used Cookies
Below you will find a list of the cookies used by Wealth AI.
8.6.1. Strictly Necessary Cookies
Name Provider Purpose Maximum Storage Period Type
session (Flask Session-Cookie) Wealth AI (wealthai.trade) Essential for the core operation of the Platform. Contains encrypted data for authentication status, CSRF protection, 2FA flow, onboarding flags, and AI-Chatbot state. Without this cookie, logins, forms, and basic platform security cannot function. Duration of Browser Session First-Party Cookie
cf_clearance Cloudflare (cloudflare.com) Deployed by Cloudflare for bot mitigation. Set during Turnstile challenges on login or registration to ensure the platform is accessed by humans and protected against malicious bots. 1 Year Third-Party Cookie
cf_bm Cloudflare (cloudflare.com) Deployed by Cloudflare for bot management. Strictly necessary to detect automated traffic and ensure platform security. 30 Minutes Third-Party Cookie
cookie_consent Wealth AI (wealthai.trade) Stores the user's cookie consent preferences to ensure compliance with legal requirements. 12 Months First-Party Cookie
8.6.2. Performance Cookies
Name Provider Purpose Maximum Storage Period Type
_ga Google LLC (google.com) Used by Google Analytics to distinguish users. Registers a unique ID that is used to generate statistical data on how the visitor uses the website. 2 Years Third-Party Cookie
_ga_* Google LLC (google.com) Used by Google Analytics to persist session state across page requests. 2 Years Third-Party Cookie
These cookies are set only with your explicit consent. See Section 8.4 for further information about Google Analytics.
8.6.3. Functional Cookies
Name Provider Purpose Maximum Storage Period Type
remember_token Wealth AI (wealthai.trade) Keeps the user securely logged in across browser restarts. This cookie is only set if the user explicitly utilizes the "Remember Me" function or logs in via Google OAuth. 30 Days First-Party Cookie
user_language Wealth AI (wealthai.trade) Stores the language preference (e.g., EN, DE) for non-logged-in visitors so the website is automatically displayed in the correct language upon return visits. 1 Year First-Party Cookie
8.6.4. Targeting Cookies
Currently, no targeting, retargeting, or advertising cookies are deployed on the Platform.
9. Privacy Rights Information
You have the right to:
  • inspect whether and what personal data we have stored about you and to receive copies of this data (right to information and data portability);
  • request the correction, supplementation, or, in certain cases, deletion of your personal data that is incorrect or not processed in accordance with the law (right to rectification);
  • in certain cases, request that we restrict the processing of your personal data (right to restriction of processing); and
  • under certain circumstances, object to the processing of your personal data (right to object).
If the processing of your personal data is based on consent, you have the right to withdraw this consent at any time, with effect for the future. You can exercise the aforementioned rights at any time by contacting us using the contact details provided in Section 1.1.
In addition, you have the right to lodge a complaint with a competent data protection supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna (www.dsb.gv.at), telephone +43 1 521520, email dsb@dsb.gv.at.
10. Amendments, Effective Date
Wealth AI may amend, supplement, or update this Policy from time to time in order to reflect changes in applicable law, regulatory requirements, processing activities, or operational practices. Where such changes materially affect the processing of Personal Data, or require user consent under applicable law, Wealth AI will inform users accordingly and, where required, obtain renewed consent.
This Policy is effective as of 9 March 2026.