🚀

We're almost there.  WaveTrendSignals is currently in final testing and will be fully operational within a few weeks. Get notified when we launch →

WaveTrendSignals

Privacy Policy

Last updated: 2026. This policy applies to wavetrendsignals.com and is compliant with the EU General Data Protection Regulation (GDPR).

Who we are (Data Controller)

WaveTrendSignals is operated as a sole trader / small business based in the Netherlands. For data-related inquiries, contact us via the contact page.

What personal data we collect

We collect the minimum data needed to operate the service:

  • Email address — required to create an account and log in. Used to send transactional emails (password reset, email verification) and, if you opt in, signal digest emails.
  • Password — stored as a one-way bcrypt hash. We cannot read your password.
  • Login logs — timestamp, IP address and browser type recorded on each login for security and fraud prevention.
  • Usage data — which signals you view or mark as favourite, stored to personalise your dashboard.
  • Payment data — handled entirely by our payment processor (Stripe). We do not store card numbers or payment details.

Legal basis for processing (GDPR)

  • Contract performance (Art. 6(1)(b)) — processing your email and account data is necessary to provide the service you subscribed to.
  • Legitimate interests (Art. 6(1)(f)) — login logging for security and fraud prevention.
  • Consent (Art. 6(1)(a)) — email digest notifications, only sent if you explicitly opt in.

Cookies

We use one strictly necessary cookie: wts_session — a secure, HTTP-only session token to keep you logged in. This cookie contains no personal data and expires automatically. We do not use analytics, advertising or third-party tracking cookies.

Third parties

We do not sell or share your personal data. The only third parties who may process your data are:

  • Email provider — used to deliver transactional emails. Your email address is shared only to the extent needed to send messages.
  • Stripe — payment processing. Governed by Stripe's privacy policy.

Data retention

Account data is retained for as long as your account is active. Login logs are retained for 12 months for security purposes. If you delete your account, all personal data is removed within 30 days, except where retention is required by law.

Your rights (GDPR)

As an EU/EEA resident you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Restriction — limit how we process your data
  • Data portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interests
  • Withdraw consent — opt out of email digests at any time from your account page

To exercise any right, contact us. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch data protection authority (Autoriteit Persoonsgegevens).

Changes to this policy

Material changes will be communicated by email or site notice. The current version is always at this URL.