FlowTrader AI
Sign In
Legal

Privacy Policy

Information on the processing of personal data

Last updated: 18.05.2026

1. Data Controller

Stefan Hertweck
FlowTrader AI
Ooser Waldstrasse 5
76532 Baden-Baden, Deutschland
E-Mail: info@flowtraderai.de
Phone: +49 157 35705939

2. Principles of Data Processing

Personal data is only collected when necessary for providing a functional website and our content and services.

The processing of personal data only occurs with the user's consent or when a legal basis exists pursuant to Art. 6 GDPR.

3. Hosting (Hostinger)

This website is hosted by Hostinger International Ltd. The servers are located in the EU.

When visiting the website, the following data is automatically collected in server log files:

  • IP address (anonymized after 7 days)
  • Date and time of access
  • Accessed files and pages
  • Browser and operating system
  • Referrer URL (previously visited page)

Legal basis: Legitimate interest pursuant to Art. 6(1)(f) GDPR.

4. Fonts

This website uses fonts that are served locally from our own server. No connection is made to Google servers, and IP addresses are not transmitted to Google.

5. Newsletter (Brevo)

We use Brevo (formerly Sendinblue) for sending newsletters. The following data is collected upon registration:

  • Email address (required)
  • First name (optional)
  • Time of registration
  • IP address

Registration uses a double opt-in process. Your data is not shared with third parties. You can unsubscribe at any time via the link in every email or by emailing info@flowtraderai.de.

6. Contact Form / Email

When you contact us via the contact form or email, your information is stored to process the inquiry. Data is deleted once the inquiry has been fully processed, unless legal retention obligations apply.

7. Cookies

This website uses technically necessary cookies (e.g. to store the cookie consent itself), for which no consent is required (Art. 6 (1) lit. f GDPR in conjunction with § 25 (2) No. 2 TTDSG). With your explicit consent (Art. 6 (1) lit. a GDPR, § 25 (1) TTDSG) we additionally use the following services: (a) Google Analytics 4 (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) with anonymised IP for reach measurement and (b) Google Ads including conversion tracking and remarketing for measuring and optimising our advertising. Data is transferred to the USA; Google LLC is certified under the EU-US Data Privacy Framework (Adequacy Decision of the EU Commission of 10 July 2023). You can withdraw your consent at any time via the “Cookie settings” link in the footer. Maximum cookie lifetime is 12 months; Google Ads conversion cookies expire after 90 days.

8. FlowTrader AI App

A separate privacy policy applies to the FlowTrader AI app at flowtraderai.com (available at https://flowtraderai.com/privacy). The app uses the following services as data processors pursuant to Art. 28 GDPR:

  • Firebase (Google Ireland Ltd.) – Authentication, database, and data storage. Data transfers to the US may occur; Google LLC is certified under the EU-US Data Privacy Framework. Legal basis: Art. 6(1)(b) GDPR (performance of contract).
  • Google Gemini AI (Google Ireland Ltd.) – AI-powered analysis of trade data and journal entries. Inputs are not used to train the models (Workspace/Enterprise API). Legal basis: Art. 6(1)(b) GDPR.
  • Stripe Payments Europe, Ltd. – Payment processing (credit card, SEPA). Stripe processes payment data as an independent controller. Legal basis: Art. 6(1)(b) GDPR. Details: https://stripe.com/privacy.
  • Brevo (Sendinblue SAS, 7 rue de Madrid, 75008 Paris, France) – transactional emails (welcome mail, password reset, renewal reminders) and optional newsletter. Servers in the EU. Legal basis: Art. 6 (1) lit. b GDPR (performance of contract) or Art. 6 (1) lit. a GDPR (consent for newsletter).
  • Web push notifications (VAPID protocol, RFC 8030) – if you explicitly opt in to in-app notifications, we store your push subscription (endpoint, public key, auth secret) to remind you of coaching tasks, trade reviews or journey letters. Delivery is via the respective browser vendor (Mozilla, Google, Apple, Microsoft). Legal basis: Art. 6 (1) lit. a GDPR. You can withdraw consent at any time in your browser settings or the app's notification settings.

Trading data is stored encrypted (AES-256 at-rest, TLS 1.3 in-transit) and is not shared with third parties beyond the processors listed above. Data processing agreements (DPAs) are in place with all service providers. You have the right to access, rectification, erasure, and portability at any time – write to info@flowtraderai.de.

Cross-domain tracking between flowtraderai.de and flowtraderai.com: when you click an app link, the GA4 client ID is passed via a Google Ads linker parameter (query parameter “_gl”) so that the conversion path between the marketing site and the app is not broken. No personal data is passed, only pseudonymous tracking IDs. The mechanism is only active if you have given consent to analytics.

Coach-client data flow: when, as a trader, you connect a trading coach in the app, you explicitly grant that coach access rights per data category (trades, journal, mood, commitments etc.). You can revoke these permissions at any time. FlowTrader AI remains the sole processor within the meaning of Art. 28 GDPR vis-à-vis the client; no separate processing agreement between coach and client exists. Upon termination of the coach-client relationship, the coach's access rights expire automatically.

Marketing emails and push notifications on behalf of your coach: if you are a trader connected to a coach and that coach has activated the marketing service, FlowTrader AI sends pre-built standard messages to you on the coach's behalf (e.g. reminders about the end of a coaching package, welcome message, re-engagement message after the end of the coaching relationship). The sender is “[coach name] via FlowTrader AI”; the technical reply-to address is the coach's email – your replies go exclusively to the coach. FlowTrader AI is content-responsible for the standard templates (see GTC § 16 (9)); the coach merely commissions the dispatch. Legal basis: Art. 6 (1) lit. b GDPR (performance of the coaching agreement you concluded with the coach) and, for push notifications, Art. 6 (1) lit. a GDPR (your consent to browser notifications, revocable at any time). You can stop receiving these messages at any time via the unsubscribe link in every email or via your app notification settings, without affecting your coaching agreement.

9. Your Rights (GDPR)

You have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)
  • Right to withdraw consent (Art. 7(3) GDPR)
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

10. Social Media

We maintain presences on Instagram, Facebook, YouTube and TikTok. No platform tracking pixels are embedded on flowtraderai.de. Data is only transmitted to the platform operators when you click on the respective profile links.

11. Data Security

This website uses SSL/TLS encryption (identifiable by https:// in the address bar). This means all data is transmitted encrypted between your browser and our server.

12. Currency

This privacy policy is currently valid. Changes will be published on this page.

Ready to transform your trading?

Start free today and discover what's really holding you back.

7 days free · Payment only after trial ends · Cancel anytime

Start for FreeSign In