Back to Nitix

Privacy Policy

Last Updated: June 23, 2026

TEMPLATE — REQUIRES REVIEW BY A QUALIFIED U.S. ATTORNEY / DATA-PROTECTION ADVISER BEFORE PUBLICATION This document is a template that contains [PLACEHOLDER] tags that must be replaced with accurate company-specific information before use. It is drafted in a U.S.-first posture (the primary market) with CCPA/CPRA coverage for U.S./California residents, and retains GDPR + UK GDPR + Swiss revDSG (nFADP) coverage for EU/EEA/UK/Swiss users. It is not legal advice; the authors are not lawyers. A qualified attorney/privacy adviser must review and finalize this document before it is published or relied upon.

Effective Date: [PLACEHOLDER: MM/DD/YYYY] Last Updated: June 23, 2026

Company: [PLACEHOLDER: Legal Entity Name] ("we", "us", "our") Website / Platform: [PLACEHOLDER: https://nitix.app or applicable domain] Contact: [PLACEHOLDER: privacy@nitix.app]

1. Introduction

This Privacy Policy describes how [PLACEHOLDER: Legal Entity Name] ("Company", "we", "us", "our") collects, uses, stores, and discloses information when you use Nitix ("Platform"), our options strategy generation and backtesting platform focused on U.S. options markets, including our website, web application, APIs, and related services (collectively, the "Services").

By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the Services.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored in hashed form)
  • Phone number (optional / [PLACEHOLDER: required])
  • Billing address and any tax-identification information required for invoicing (where applicable)
  • Account preferences and settings

2.2 Trading and Strategy Data

As part of our core Services, we collect:

  • Options strategies you create, view, or backtest
  • Backtest configurations, parameters, and results
  • Watchlists, screeners, and saved strategy templates
  • Import files or data you upload (e.g., broker data files)
  • Simulation and analysis outputs

2.3 Usage Analytics

We automatically collect information about how you interact with the Services:

  • Pages viewed, features used, and navigation patterns
  • Time spent on the Platform, session duration, and frequency of use
  • Device information (device type, operating system, browser type and version)
  • IP address and approximate geographic location
  • Referral source and search terms
  • Subscription tier and feature access patterns

2.4 Payment and Billing Information

When you subscribe to a paid plan (Pro or Elite):

  • Payment method details (processed by Stripe — we do not store full card numbers)
  • Billing history and invoice records
  • Subscription tier, start/end dates, and renewal status
  • Any tax-identification information you provide for invoicing (where applicable)

2.5 Communications

  • Support tickets and chat transcripts
  • Feedback, survey responses, and feature requests
  • Email communications with our team

2.6 Automatically Collected Technical Data

  • Log data (server logs, access logs, error logs)
  • Cookie identifiers and similar tracking technologies (see Cookie Policy)
  • Browser fingerprint data
  • API request metadata

3. How We Use Your Information

We use collected information for the following purposes:

PurposeData Categories
Provide and operate the ServicesAccount info, trading data, technical data
Process subscriptions and paymentsPayment data, billing info
Generate backtest results and strategiesTrading data, usage analytics
Improve and develop the PlatformUsage analytics, feedback, error logs
Communicate with you (updates, support)Account info, communications
Enforce our Terms of ServiceAccount info, usage analytics, log data
Comply with legal obligationsAll categories as required
Detect and prevent fraud or abuseAccount info, technical data, log data

4. Cookies and Tracking Technologies

Our use of cookies is described in detail in our Cookie Policy.

In summary, we use:

  • Essential cookies for authentication and session management
  • Analytics cookies (via PostHog) to understand usage patterns
  • Third-party cookies from our payment processor (Stripe) and error monitoring (Sentry)

5. Third-Party Services

We share limited data with the following third-party service providers:

5.1 Stripe (Payment Processing)

  • Data shared: Payment method details, billing name, email, address, transaction amounts
  • Purpose: Process subscription payments for Pro and Elite tiers
  • Privacy policy: https://stripe.com/privacy
  • Data location: [PLACEHOLDER: Stripe processing region]

5.2 Sentry (Error Monitoring)

  • Data shared: Error logs, stack traces, device/browser information, user ID (anonymized)
  • Purpose: Monitor application stability and diagnose bugs
  • Privacy policy: https://sentry.io/privacy/
  • Data location: [PLACEHOLDER: Sentry data region]

5.3 PostHog (Product Analytics)

  • Data shared: Page views, user interactions, device/browser info, approximate location, and an analytics identifier
  • Purpose: Understand usage patterns to improve the Platform
  • Privacy policy: https://posthog.com/privacy
  • Data location: [PLACEHOLDER: PostHog hosting region — e.g., US Cloud or EU Cloud]

5.4 Hetzner Online GmbH (Cloud Hosting / Infrastructure)

  • Data shared: Application data stored on our infrastructure, including account information, strategy data, and backtest results
  • Purpose: Host and serve the Platform, store our databases and file uploads, and run compute workloads
  • Privacy policy: https://www.hetzner.com/legal/privacy-policy/
  • Data location: [PLACEHOLDER: Hetzner data-center location — e.g., Germany (EU) or Ashburn, VA (US)]

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes.

6. Data Retention

Data CategoryRetention Period
Account informationDuration of account + [PLACEHOLDER: 30/90] days post-deletion
Trading and strategy dataDuration of account + [PLACEHOLDER: 30/90] days post-deletion
Payment and billing records[PLACEHOLDER: 7 years] (as required by tax/regulatory law)
Usage analytics (aggregated)[PLACEHOLDER: 24 months] from collection
Usage analytics (identified)[PLACEHOLDER: 12 months] from collection
Support communications[PLACEHOLDER: 24 months] from resolution
Server and error logs[PLACEHOLDER: 90 days]
CookiesPer Cookie Policy — varies by category

Where a retention period expires, data is either securely deleted or anonymized so it can no longer identify you.

7. Your Rights

7.1 General Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Rectification — Request correction of inaccurate or incomplete data
  • Deletion — Request deletion of your personal data ("right to be forgotten")
  • Portability — Receive your data in a structured, commonly used, machine-readable format
  • Restriction — Request restriction of processing in certain circumstances
  • Objection — Object to processing based on legitimate interests or for direct marketing

7.2 Exercising Your Rights

To exercise any of these rights, contact us at:

  • Email: [PLACEHOLDER: privacy@nitix.app]
  • Address: [PLACEHOLDER: Company registered address]

We will respond to your request within [PLACEHOLDER: 30 days]. We may request verification of your identity before processing your request.

7.3 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time by:

  • Adjusting cookie settings in your browser or via our consent banner
  • Contacting us at [PLACEHOLDER: privacy@nitix.app]

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

8. GDPR, UK GDPR, and Swiss revDSG (EEA / UK / Switzerland Users)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following applies in addition to your rights described in Section 7. Your data is protected by the EU General Data Protection Regulation (GDPR), the UK GDPR, and/or the Swiss revised Federal Act on Data Protection (revDSG / nFADP), as applicable.

  • Data controller: [PLACEHOLDER: Legal Entity Name] is the controller of your personal data for the purposes of these laws. [PLACEHOLDER: If the controlling entity is U.S.-based, confirm cross-border controller obligations with counsel.]
  • Our legal basis for processing your data includes: (a) performance of the contract (providing the Services), (b) consent (where explicitly obtained, e.g., analytics cookies), (c) legitimate interests (improving the Platform, securing it, and preventing fraud), and (d) compliance with legal obligations.
  • In addition to the rights in Section 7, you may object to processing based on legitimate interests, withdraw consent at any time, and are not subject to solely automated decision-making that produces legal or similarly significant effects.
  • You have the right to lodge a complaint with a supervisory authority: in the EEA, your local Data Protection Authority (list at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en); in the UK, the Information Commissioner's Office (ICO); in Switzerland, the Federal Data Protection and Information Commissioner (FDPIC).
  • Where we transfer data outside the EEA/UK/Switzerland (for example, to U.S.-based infrastructure or service providers), we rely on appropriate safeguards such as the Standard Contractual Clauses (and the UK and Swiss addenda where required), as described in Section 10.

[PLACEHOLDER: EU/UK Representative under GDPR Art. 27, if required — name and address. A Swiss representative may also be required under the revDSG in certain cases — confirm with counsel.]

9. CCPA / CPRA (California and U.S. State Privacy Rights)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you the rights described below. Residents of other U.S. states with comprehensive privacy laws (e.g., Colorado, Connecticut, Virginia, Utah, and others) may have substantially similar rights, which we honor where those laws apply. [PLACEHOLDER: A qualified attorney should confirm which U.S. state privacy laws apply to your operations and tailor this section accordingly.]

9.1 Right to Know / Access

You have the right to know and request access to the personal information we have collected about you, including:

  • Categories of personal information collected and the categories of sources
  • The business or commercial purpose for collecting (or, if applicable, sharing) it
  • Categories of third parties to whom we disclose personal information
  • The specific pieces of personal information we hold about you

9.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions permitted by law.

9.3 Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

9.4 Right to Opt Out of Sale or Sharing

We do not sell your personal information and do not "share" it for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. Accordingly, there is no sale or share for you to opt out of. [PLACEHOLDER: If you later enable advertising or analytics that could constitute a "sale" or "share," add a "Do Not Sell or Share My Personal Information" link and honor Global Privacy Control (GPC) signals.]

9.5 Sensitive Personal Information

We do not use or disclose sensitive personal information for purposes that would entitle you to a right to limit its use under the CPRA. [PLACEHOLDER: Confirm with counsel based on actual data flows.]

9.6 Right to Non-Discrimination

We will not discriminate against you for exercising your privacy rights.

9.7 Authorized Agents and Verification

You may use an authorized agent to submit a request on your behalf. We may require verification of your identity (and your agent's authority) before processing a request.

9.8 How to Exercise These Rights

To exercise these rights, contact us at [PLACEHOLDER: privacy@nitix.app] or [PLACEHOLDER: a request webform URL]. We will respond within the timeframes required by applicable law (generally 45 days under the CCPA/CPRA, extendable as permitted). [PLACEHOLDER: toll-free number, if you are an offline business required to provide one.]

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. [PLACEHOLDER: Primary data processing location — e.g., United States and/or the European Union, depending on the hosting region selected in Section 5.4].

When transferring data across borders, we ensure appropriate safeguards:

  • EEA / UK / Switzerland → United States or other third countries: Standard Contractual Clauses (SCCs), together with the UK International Data Transfer Addendum and the Swiss revDSG addendum where applicable, or another legally recognized transfer mechanism
  • Onward transfers to sub-processors: governed by data-processing terms no less protective than those described in this Policy (see Section 5 and our Data Processing Agreement)
  • Other: [PLACEHOLDER: Additional transfer mechanisms, as confirmed by counsel]

11. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256 or equivalent)
  • Role-based access controls and authentication
  • Regular security assessments and vulnerability scanning
  • Secure software development practices
  • Incident response procedures

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

The Services are not directed at individuals under the age of [PLACEHOLDER: 18]. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under the applicable age, we will take steps to delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will:

  • Post the updated policy on this page with a revised "Last Updated" date
  • [PLACEHOLDER: Send email notification for material changes]
  • [PLACEHOLDER: Display in-app notification for material changes]

Continued use of the Services after changes take effect constitutes acceptance of the revised policy.

14. Contact Information

For questions, concerns, or requests related to this Privacy Policy:

  • Company: [PLACEHOLDER: Legal Entity Name]
  • Email: [PLACEHOLDER: privacy@nitix.app]
  • Address: [PLACEHOLDER: Principal place of business / registered agent address]
  • Phone: [PLACEHOLDER: phone number]
  • Data Protection Officer / Privacy Contact (if applicable): [PLACEHOLDER: name and contact]

REMINDER: This is a template document. All [PLACEHOLDER] tags must be replaced and the document must be reviewed by a qualified U.S. attorney (and a data-protection adviser for EU/UK/Swiss coverage) before publication.