GDPR as a trading coach.
What matters – and what we take off your plate.
WhatsApp voice messages with client trades, Excel files by email, Notion on US servers – all GDPR-tricky. Here's what you really must comply with as a coach, and what FlowTrader's defaults already solve correctly.
- EU servers, no US transfer
- Art. 28 GDPR data processing agreement
- Client owns their data
GDPR isn't a sticker. It's substance.
In trading coaching you see sensitive data: account balances, personal journal entries, emotional states, coaching agreements. As soon as you process this outside the EU or store it without a clear legal basis, you're in the duty zone.
The most common pitfall: coach saves WhatsApp audio locally, mails Excel files with client trades, uses Notion databases on US servers. In a dispute – client files a complaint with the data protection authority – it gets unpleasant fast.
FlowTrader takes six of the most important duties off your plate by default. Four things remain on you – those you can't delegate.
Six duties – and who fulfils them
This must be in place as a trading coach. With FlowTrader defaults it's already correctly set.
Legal basis for processing
Every processing needs a clear legal basis (Art. 6 GDPR). Contract performance, legitimate interest or explicit consent – depending on data type.
EU servers / no US transfer
Client data must not flow uncontrolled into US cloud services. Concretely: no WhatsApp archive, no Notion database with real data, no Discord client channel.
Granular client consent
The client must be able to consent per data category: trades, journal, mood, commitments. Not one tick for everything.
Audit trail / proof
Who saw, commented, released what when? In a dispute it must be traceable – otherwise the burden of proof is on you.
Legally sound agreements
A coaching agreement with service and data protection clauses, accepted by explicit client confirmation, with version history for changes.
Access, correction, deletion
The client has the right to access (Art. 15), correction (Art. 16), deletion (Art. 17), portability (Art. 20) at any time. You must be able to fulfil this within 30 days.
Four duties you cannot delegate
FlowTrader takes the infrastructure off your plate. But these four things you have to handle yourself as a coach – regardless of platform.
- Your own privacy policy for your coachingIf you have your own website or run your own email communication outside FlowTrader, you need your own privacy policy. A template from a lawyer or eRecht24 will do at first.
- Tax-compliant bookkeepingGDPR and tax law are separate topics. Invoices, payment records, GoBD-compliant retention – that's your job as a freelancer, independent of the coaching tool.
- Clear delimitation: no investment adviceTrading coaching must not be a concrete investment recommendation – otherwise it's regulated. Write into your agreement explicitly: “no financial advice, no investment brokering, no performance guarantee”.
- Mandatory data breach reportingIf you lose client data (laptop gone, cloud account hacked), you're under a 72-hour reporting duty to the data protection authority. That applies to YOUR devices, not FlowTrader servers.
More on data protection
FlowTrader privacy policy
Who processes which data on what basis, with which sub-processors – fully broken down.
Read moreTerms §16 Coach subscription
Contractual separation coach/client, Art. 28 GDPR provisions, duties on both sides.
Read morePrivacy in the coach area
The compact overview of data separation client/coach in FlowTrader.
Read more