Legal

Privacy Policy

Last updated: 14 December 2025

Back to homepage

1. Introduction

This Privacy Policy explains how OrderRails (the “Service”) operated by TVWS (the “Operator”, “we”, “us”, or “our”) collects, uses, and protects information about you when you use the Service.

This Policy is intended to comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) where it applies. By using the Service, you acknowledge that your personal data will be processed in accordance with this Policy.

2. Data Controller

For the purposes of GDPR, the data controller is:

  • Operator: TVWS
  • Email: support@orderrails.net

3. Information We Collect

3.1 Account and Contact Information

  • Wallet or account identifiers used to authenticate you
  • Email address or other contact details you choose to provide
  • Basic profile or account metadata created in connection with your use of the Service

3.2 Technical and Usage Data

  • IP address, browser type and version, operating system, device information
  • Timestamps of logins, API calls, and key events
  • Logs relating to system performance, errors, and security events

3.3 Webhook and Trading-Related Data

  • Webhook payloads you send to the Service and related metadata
  • Configuration and settings for your strategies, instruments, and risk parameters
  • Non-custodial logs of order routing requests sent from the Service to third-party exchanges

We do not hold your exchange account balances or positions on our own books. Such data may, however, be indirectly visible in logs or payloads you configure.

3.4 Payment and Billing Data

  • Limited payment-related identifiers provided by payment processors (for example, Stripe or thirdweb)
  • Subscription status, credits purchased, periods of access, and related billing metadata

We do not store full payment card numbers. Card data is processed by third-party payment processors.

4. Purposes and Legal Bases

We process personal data for the following purposes and legal bases:

4.1 Service Provision and Contract Performance

To provide, operate, and maintain the Service, including:

  • Authenticating you and managing your account
  • Routing webhook payloads and performing the execution routing you configure
  • Providing dashboards, logs, and configuration tools

Legal basis (GDPR): Article 6(1)(b) – performance of a contract or steps taken at your request prior to entering into a contract.

4.2 Security, Abuse Prevention, and Compliance

To protect the Service, users, and third parties, including:

  • Detecting and investigating suspicious activity or potential abuse
  • Preventing fraud, misuse, or violations of our Terms of Service
  • Complying with legal obligations and responding to lawful requests from authorities

Legal bases (GDPR): Article 6(1)(c) – compliance with a legal obligation; and Article 6(1)(f) – legitimate interests (security and integrity of the Service).

4.3 Analytics and Service Improvement

To understand how the Service is used and improve it over time, including:

  • Aggregated or anonymised usage metrics
  • Debugging technical issues and optimising performance

Legal basis (GDPR): Article 6(1)(f) – legitimate interests (improving and operating the Service).

4.4 Communication

To communicate with you about:

  • Service-related updates, incidents, or important changes
  • Support requests you initiate

Legal bases (GDPR): Article 6(1)(b) – performance of a contract; and Article 6(1)(f) – legitimate interests (ensuring effective communication).

5. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes outlined in this Policy, or as required by law. In general:

  • Account-related data is retained while your account is active and for a reasonable period afterwards for record-keeping and legal purposes
  • Technical logs and webhook payload logs may be kept for limited periods to support debugging, security investigations, and auditability
  • Payment-related identifiers are kept for the durations required for accounting, tax compliance, and fraud prevention

6. Sharing and Transfers

We may share personal data with:

  • Service providers and subprocessors that support hosting, infrastructure, monitoring, logging, email delivery, or payment processing
  • Third-party exchanges and platforms to the extent necessary to route the webhook data and orders you configure
  • Professional advisers where necessary for legitimate business purposes and compliance
  • Authorities or third parties where required by law, regulation, or court order, or where reasonably necessary to protect our rights, users, or others

Some recipients may be located outside your country, including outside the European Economic Area (EEA). Where required, we rely on appropriate safeguards, such as the use of Standard Contractual Clauses, to protect cross-border transfers.

7. Your Rights

Depending on your location and applicable law, you may have rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent where processing is based on consent.

To exercise your rights, contact us at support@orderrails.net. We may ask for information to verify your identity before responding. You also have the right to lodge a complaint with a supervisory authority.

8. Security

We implement technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, or alteration. However, no system is completely secure. You are responsible for keeping your devices, wallets, API keys, and authentication mechanisms secure.

9. Children

The Service is not intended for, and we do not knowingly collect personal data from, individuals who cannot lawfully enter into binding contracts in their jurisdiction. If you believe we have collected data about a minor inappropriately, contact us at support@orderrails.net.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and may provide additional notice where reasonably appropriate. Your continued use of the Service after changes become effective constitutes your acceptance of the updated Policy.

11. Contact

If you have questions about this Privacy Policy or how your data is processed, you can contact:

  • Email: support@orderrails.net
  • Operator: TVWS

For additional terms governing your use of the Service, please also see our Terms of Service.