Privacy Policy

Last Updated: January 31, 2025

This Privacy Policy outlines how {legalEntity} ("we," "us," or "our") collects, uses, processes, and protects your personal data. As a fintech company based in Spain, we are committed to complying with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data privacy laws.

Our platform offers two distinct services: (1) a Data Intelligence platform for analyzing Congressional trading activity, and (2) Automated Strategy services that execute investment strategies via third-party brokerage integrations (e.g., eToro, Darwinex). By accessing our website, using our analytics tools, or connecting your brokerage account for automated strategies, you consent to the data practices described in this policy.

1. Data Controller

The entity responsible for the processing of your personal data is:

Potentia Finance SL

Registered Office: Barcelona, Spain

Tax Identification Number (NIF): B696969696

Email: privacy@potentia.finance

We act as the Data Controller for your account information and usage data. For the execution of trades via third-party brokers, we act as an intermediary, transmitting signals based on your authorized strategies.

2. Information We Collect

We collect data to provide, improve, and secure our services. The types of data we collect depend on whether you use our Data-only tier or our Automated Strategies.

A. Identity & Account Data

  • Registration Details: Name, email address, and encrypted password created during sign-up.
  • Subscription Data: Billing information (processed via secure payment providers like Stripe; we do not store full credit card numbers) and subscription tier status (Free, Plus, Pro).

B. Financial Integration Data (Strategy Users)

  • Brokerage Connection: To enable automated strategies, we may collect authentication tokens (OAuth) or encrypted API keys linking your Potentia account with third-party brokers (e.g., eToro, Darwinex).
  • Strategy Logs: We record the performance of our strategies in your account (e.g., "Trade Executed", "PnL").
  • Data Minimization: We never access or store your brokerage login credentials (username/password) or have the ability to withdraw funds. Our access is strictly limited to reading portfolio status and executing trade signals based on your selected strategy.

C. Technical & Usage Data

  • Device Information: IP address, browser type, operating system, and device identifiers.
  • Platform Activity: Pages visited, politicians tracked, time spent on charts, and interaction with our "Spy Them" or "Join Them" modules.

D. Community Data

If you join our exclusive channels (e.g., Telegram, Discord), we may process your username and any public interactions within those communities to manage access and moderation.

3. How We Collect Data

  • Direct Interactions: When you fill out forms, subscribe to a plan, or contact support.
  • Automated Technologies: Via cookies, server logs, and analytics tools that track user navigation.
  • Third-Party Integrations: When you authorize a connection with a brokerage platform, we receive technical confirmation of the connection status and trade execution success/failure logs.

4. Legal Basis for Processing

Under the GDPR, we process your data based on the following legal grounds:

1. Contractual Necessity: To provide the services you subscribed to (e.g., delivering real-time Congressional data or executing strategy signals).

2. Legitimate Interests: To detect fraud, secure our infrastructure, analyze product performance, and improve our trading algorithms.

3. Legal Obligation: To comply with tax laws, accounting standards, and financial regulations applicable to Spanish limited liability companies.

4. Consent: For optional cookies and specific marketing communications, which you can withdraw at any time.

5. How We Use Your Data

A. Service Provisioning

  • To authenticate your access to the Data Intelligence dashboard.
  • To execute automated trade signals via your connected brokerage account (Strategy pillar).
  • To manage your subscription and billing cycles.

B. Communication

  • To send transactional emails (e.g., subscription receipts, connection alerts).
  • To notify you of significant Congressional trades (based on your notification settings).
  • To provide customer support and respond to inquiries.

C. Security & Optimization

  • To monitor for suspicious activity and prevent unauthorized access.
  • To analyze aggregate user behavior to refine our UI/UX and data visualization tools.

6. Data Sharing & Third Parties

We do not sell your personal data. We share data only with trusted third parties necessary to operate our business:

A. Financial Partners (Strategy Users Only)

If you use our 'Strategies' (Join Them) service, we transmit trade signals and authentication tokens to your chosen broker (e.g., eToro, Darwinex) to execute the trades. We do not share your personal contact details with them for marketing purposes.

B. Infrastructure Sub-processors

  • Cloud Hosting: Secure server providers (e.g., AWS/Google Cloud) to store data.
  • Payment Processors: (e.g., Stripe) to handle billing securely. We do not see or store your full card details.
  • Analytics: (e.g., Google Analytics) for platform performance monitoring.

C. Legal Authorities

We may disclose your data if required by law enforcement, regulators, or court order, or to protect the rights and safety of Potentia Finance SL and its users.

7. International Transfers

As a modern digital platform, some of our service providers or brokerage partners may be located outside the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, such as:

1. Transferring to countries with an adequacy decision by the European Commission.

2. Implementing Standard Contractual Clauses (SCCs) approved by the European Commission.

By using our services, you acknowledge that your data may be processed globally to facilitate the 24/7 nature of financial markets.

8. Data Security

We implement industry-standard security measures to protect your data:

Encryption: All sensitive data (including API tokens) is encrypted in transit (TLS 1.2+) and at rest.

Access Controls: Internal access to personal data is restricted to authorized personnel on a need-to-know basis.

Brokerage Isolation: We do not touch your funds. All assets remain in custody with your third-party broker; our role is strictly limited to signal transmission.

9. Data Retention

We retain your personal data only as long as your account is active or as necessary to fulfill the purposes outlined in this policy. We may retain certain transactional data for a longer period to comply with tax and legal obligations (typically 4-6 years under Spanish law). Upon account deletion, your access tokens are immediately revoked and removed from our active systems.

10. Your GDPR Rights

Users within the EEA have the following rights:

Right to Access: Request a copy of the personal data we hold about you.

Right to Rectification: Correct inaccurate or incomplete data.

Right to Erasure ('Right to be Forgotten'): Request deletion of your data, subject to legal retention requirements.

Right to Restriction: Request that we limit the processing of your data.

Right to Portability: Receive your data in a structured, machine-readable format.

Right to Object: Object to processing based on legitimate interests.

11. Exercising Your Rights

To exercise any of these rights, please contact our Privacy Team at privacy@potentia.finance.

We may request specific information to verify your identity before processing your request. We aim to respond to all legitimate requests within one month.

12. Automated Decision Making

Our 'Automated Strategies' involve the use of algorithms to execute trades on your behalf. However, this is not considered 'automated decision-making' with legal effects under GDPR Art. 22, as the execution is based on the specific mandate and strategy you explicitly selected. You retain the ability to disconnect the strategy or intervene via your brokerage account at any time.

13. Third-Party Links

Our website may contain links to external sites (e.g., official Congress disclosure sites, news outlets). We are not responsible for the privacy practices or content of these third-party sites.

14. Updates to This Policy

We may update this Privacy Policy to reflect changes in our services or legal requirements. Significant changes will be notified via email or a prominent notice on our dashboard. The 'Last Updated' date at the top indicates the latest revision.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

Potentia Finance SL

Email: privacy@potentia.finance

Address: Barcelona, Spain

Potentia Finance - Smart Wealth