Skip to content

Legal

Privacy Policy

Last updated: 2026-05-04

1. Who we are

Etradewind ("we", "us", "our") is a marketing platform and digital services provider operated by a solo founder. Contact: hello@etradewind.com. This Privacy Policy explains how we collect, use, store, and disclose Personal Data when you use the etradewind.com website, our SaaS platform, or our done-for-you services.

2. Personal Data we collect

We collect the following categories of Personal Data:

  • Identity data: name, email address, company name, role.
  • Contact data: phone, billing address, postal address.
  • Account data: login credentials, account preferences, role assignments.
  • Usage data: pages visited, features used, log timestamps, IP address, browser fingerprint.
  • Content data: briefs, prompts, drafts, approval logs, audit trail entries that you submit through the platform.
  • Marketing data: communication preferences and consent records.

3. How we use Personal Data

We use Personal Data to: (a) provide and operate the platform and services, (b) authenticate users and enforce access controls, (c) send service communications and respond to inquiries, (d) improve the platform through aggregated analytics, (e) comply with legal obligations, (f) detect and prevent fraud or abuse.

4. AI data-use clauses

The etradewind platform processes content you submit (briefs, prompts, source materials) through AI providers (Anthropic Claude, Google Gemini, Mistral, or Ollama if you bring your own provider). We disclose:

  • Inputs to AI providers: when you submit a brief, your input is sent to the AI provider you have configured. Provider terms apply to that processing.
  • Training data: we do not use your inputs or outputs to train our models. We instruct AI providers to disable training on your data where the provider supports it (Anthropic supports this by default; we configure other providers accordingly).
  • Retention: AI inputs and outputs are retained in your account audit log for the active life of your engagement plus 90 days, then deleted. Operators can request earlier deletion via the contact email above.
  • BYO provider: if you bring your own AI provider key, that provider becomes a sub-processor under your direct contractual relationship. We do not see or store your provider API key.

5. Legal bases for processing (GDPR)

For users in the European Economic Area, United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR:

  • Performance of a contract: to provide the platform and services you have signed up for.
  • Legitimate interest: to operate, secure, and improve the platform; balanced against your privacy rights.
  • Consent: for non-essential cookies and marketing communications, where required by law.
  • Legal obligation: to comply with applicable laws and respond to valid legal process.

6. Your rights under GDPR

You have the right to: (a) access your Personal Data, (b) rectify inaccurate data, (c) erase data ("right to be forgotten"), (d) restrict processing, (e) data portability, (f) object to processing, (g) withdraw consent at any time, (h) lodge a complaint with your supervisory authority. To exercise any right, email hello@etradewind.com. We respond within 30 days.

7. CCPA rights (California residents)

California residents have the right to: (a) know what Personal Information we collect, (b) request deletion of Personal Information, (c) opt out of the sale or sharing of Personal Information, (d) non-discrimination for exercising rights. We do not sell or share Personal Information for cross-context behavioral advertising. To exercise CCPA rights, email hello@etradewind.com.

8. Sub-processors

We use the following sub-processors to operate the platform: Linode (infrastructure hosting, US), Anthropic (AI inference, US), Resend (email delivery, US), Stripe (payments, US), Cloudflare (CDN/DNS, US). A current list with processing locations is maintained and updated within 30 days of changes.

9. International data transfers

If you are located outside the United States, your Personal Data will be transferred to and processed in the United States. For transfers from the EEA, UK, and Switzerland, we rely on Standard Contractual Clauses (SCCs) with our sub-processors and on adequacy decisions where applicable.

10. Data retention

We retain Personal Data for the duration of your account or engagement plus the periods required by law (typically 7 years for financial records, 90 days for AI input/output logs after closure). After the retention period, we delete or anonymize Personal Data.

11. Security

We implement technical and organizational measures including TLS encryption in transit, encryption at rest, principle-of-least-privilege access controls, audit logging, and SAGA-pattern rollback for all consequential agent actions. No system is 100% secure; we promptly notify affected users in the event of a data breach as required by applicable law.

12. Cookies

We use a minimal set of first-party cookies for authentication (HttpOnly Secure SameSite=Strict session cookies) and a privacy-respecting analytics tool (Umami, self-hosted, no cross-site tracking). We do not use advertising cookies or third-party trackers.

13. Children's privacy

The platform is not directed to children under 16. We do not knowingly collect Personal Data from children under 16.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and a notice on the platform at least 30 days before the change takes effect.

15. Contact

For privacy questions, data subject requests, or complaints, email hello@etradewind.com.