Privacy Policy

Effective date: June 1, 2026 Last updated: July 7, 2026

This Privacy Policy explains how MRV Software SRL ("we", "us", "our") collects, uses, and protects your personal data when you visit our website kelixtrade.com or use the Kelix Trade web application. Kelix Trade is the trading-name of the service operated by MRV Software SRL. Together, the website and the application are referred to as the "Service".

This Privacy Policy should be read together with our Terms of Service and Cookie Policy, which are incorporated by reference.

We are committed to protecting your privacy. We collect the minimum data necessary to operate the Service, we do not sell your data, and we do not use advertising trackers.


1. Data Controller

The data controller responsible for your personal data is:

MRV Software SRL (operating the Kelix Trade service) Romanian unique tax identification code (CUI): 54696336 Registered office: Str. Județului nr. 8, Sector 2, București, România Email: legal@kelixtrade.com

For any privacy-related questions, requests, or to exercise your rights under GDPR, contact us at the email above.


2. What Data We Collect

2.1 Account data

When you create an account, we collect: - Email address - Password (stored hashed, never in plaintext) - Display name or username (if provided) - Account creation date and authentication metadata

2.2 Authentication data

2.3 Trading and product data

When you use the App, we store data that you generate, including: - Paper trading positions, orders, and trade history - Watchlists, alerts, and saved settings - Backtest configurations and results - Strategies you build or import - Journal entries and notes - AI Assistant conversation history (so you can revisit past sessions)

This data is generated by simulated/paper trading only. We do not have access to your real broker accounts or real money.

2.4 Subscription and billing data

Payments are processed by Stripe (Stripe Payments Europe, Ltd. and its affiliates). MRV Software SRL is the seller (merchant) of record for all sales of Kelix Trade subscriptions: we contract with you for the purchase, issue the invoice/receipt, and are responsible for collecting and remitting applicable VAT and sales taxes. Stripe collects your payment-card details directly through Stripe-hosted checkout; we never see or store your full card number, CVC, or banking credentials (PCI-DSS scope is borne entirely by Stripe).

From Stripe we receive and store for our records: - Subscription status (active, cancelled, past due, trialing) - Plan tier (FREE, PRO, ULTRA) and billing interval - Billing country, postal code, and currency (used for VAT/tax calculation and invoicing) - Last four digits of the card and card brand - Transaction IDs, invoice numbers, renewal and cancellation dates - Your billing email if different from your account email

We use this data to manage your subscription, issue invoices, enforce tier entitlements, and comply with Romanian tax and accounting law.

2.5 Content you submit to AI features

When you use AI-powered features (AI Assistant, Candle Scanner, Strategy Builder, AI Trading Journal), the inputs you submit — including chat messages, chart screenshots you upload, strategy parameters, and trade data — are transmitted to our AI providers (Anthropic and/or Google) for real-time processing.

Chart screenshots and AI inputs are not permanently stored by the AI providers (they are processed in-memory and discarded by the provider after the response is returned). We may store the outputs of these AI features (e.g. the analysis text, the generated journal entry) in your account so that you can revisit them — these outputs are tied to your account and are deleted when you delete the account.

2.6 Technical and security logs

For security, abuse prevention, and debugging we keep limited server logs containing: - IP address - User agent / browser type - Timestamps of requests - Endpoint accessed and HTTP status - AI usage logs (model, token count, cost) for the purpose of enforcing usage limits and detecting abuse

Logs are retained for a maximum of 90 days unless required longer for legal or security investigations.

2.7 What we do NOT collect


3. How We Use Your Data

Purpose Legal basis (GDPR Art. 6)
Provide and maintain the Service Performance of a contract (Art. 6(1)(b))
Process subscriptions, billing, invoicing, and tier management Performance of a contract (Art. 6(1)(b))
Send account-related and transactional emails Performance of a contract (Art. 6(1)(b))
AI-powered analysis (Assistant, Scanner, Strategy Builder, Journal) Performance of a contract (Art. 6(1)(b))
Prevent abuse, fraud, and enforce usage limits Legitimate interest (Art. 6(1)(f))
Maintain security of the Service Legitimate interest (Art. 6(1)(f))
Improve the Service through aggregated, non-identifying usage statistics Legitimate interest (Art. 6(1)(f))
Send product updates and feature announcements Legitimate interest (Art. 6(1)(f)) — opt-out anytime
VAT calculation, invoicing, and tax reporting Legal obligation (Art. 6(1)(c))
Comply with other legal obligations (accounting, regulatory) Legal obligation (Art. 6(1)(c))

We do NOT: - Sell your personal data - Use your data for targeted or behavioural advertising - Use your trading data, AI conversations, or strategies to train AI models - Make automated decisions that produce legal effects on you


4. Third-Party Service Providers (Sub-processors)

We share data with the following service providers only as necessary to operate the Service. Each has its own privacy policy and security commitments, and we have entered into a Data Processing Agreement (DPA) with every provider that processes personal data on our behalf.

4.1 Infrastructure

4.2 AI processing

We have Data Processing Agreements (DPAs) in place with all AI providers. Under these agreements, the providers are contractually prohibited from using your inputs or outputs to train their models, and they process your data solely as our sub-processors to provide the AI features.

Inputs sent to AI providers may include: chart screenshots you upload, chat messages, strategy parameters, and trade data. These inputs are processed in real-time and are not retained by the providers after the response is returned.

4.3 Market data

No personal data is shared with market-data providers. We only fetch public price/volume data.

4.4 Payments

4.5 Identity providers (optional)

4.6 Email delivery


5. International Data Transfers

Some service providers process your data outside the European Economic Area (EEA), primarily in the United States. We rely on the following transfer mechanisms under GDPR Chapter V:

Provider Primary processing region(s) Transfer mechanism
Supabase Inc. EU and/or US (depending on region) EU Standard Contractual Clauses (SCCs) + supplementary measures
Cloudflare, Inc. Global edge network EU SCCs + EU–US Data Privacy Framework (Cloudflare is DPF-certified)
Anthropic, PBC US EU SCCs
Google LLC (Gemini API) US EU SCCs + EU–US Data Privacy Framework (Google is DPF-certified)
Stripe (Stripe Payments Europe, Ltd. and affiliates) Ireland / EU (primary), US (group affiliates) SCCs and the EU–US Data Privacy Framework for any US transfers

These mechanisms are supplemented by the providers' own GDPR-compliance commitments, encryption in transit and at rest, and access-control measures.


6. Data Retention

Data category Retention
Account data (email, profile) While your account is active; deleted within 30 days of account closure
Trading and strategy data While your account is active; deleted within 30 days of account closure
AI conversation history and outputs While your account is active; you can delete individual conversations at any time
Billing and tax records (invoices) Up to 10 years, as required by Romanian tax and accounting law (Law 227/2015 and Law 82/1991)
Security and access logs Up to 90 days
Email marketing data Until you unsubscribe
Backups Rolling backups retained up to 30 days after primary deletion

You can request deletion of your account at any time by emailing legal@kelixtrade.com or using the in-app account deletion option (where available). Note that billing records linked to your invoices must be retained for the legal period above even after account deletion, but they are stored in a restricted form for compliance purposes only.


7. Your Rights Under GDPR

If you are in the EEA, UK, or Switzerland, you have the following rights:

To exercise any of these rights, email legal@kelixtrade.com. We will respond within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with: - The Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP)www.dataprotection.ro - Or the supervisory authority in your EU member state of residence.


8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

While we take reasonable precautions, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.


9. Cookies and Similar Technologies

We use only strictly necessary cookies and equivalent technologies (such as localStorage for UI preferences). We do not use advertising, analytics, or behavioural tracking cookies.

For full details, please see our separate Cookie Policy.


10. Children's Privacy

The Service is not intended for anyone under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from someone under 18, we will delete it promptly. If you believe a minor has provided us with personal data, please contact legal@kelixtrade.com.


11. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated by email or in-app notification at least 14 days before they take effect.


12. Contact

For any privacy-related questions, requests, or complaints:

MRV Software SRL (operating the Kelix Trade service) CUI: 54696336 Email: legal@kelixtrade.com Str. Județului nr. 8, Sector 2, București, România