Deciqor
Back to home

Privacy Policy

Last updated: April 18, 2026

Section 1: Data controller

Deciqor (Zdeněk Ježek, IČO: 01069292, Czech Republic), operating as a sole trader / OSVČ.

Contact: zdnkjk8@gmail.com

Section 2: Data we collect

  • Account data: email, full name, username, country.
  • Identity / payouts: IBAN and related bank details when you request payouts (verified as needed).
  • Activity data: simulated trades, DQS scores, evaluation status, login history.
  • Technical data: IP address, device characteristics, browser type, user agent (for security and abuse prevention).
  • Payment data: processed by Stripe. We receive transaction identifiers, amounts, and status. We do not store full card numbers, CVCs, or complete payment credentials on our servers.

Section 3: Legal basis (Article 6 GDPR)

  • Contract: performance of the service you requested.
  • Legitimate interests: fraud prevention, security, reliability, limited analytics (balanced against your rights).
  • Consent: where required (e.g. optional marketing), which you may withdraw.
  • Legal obligation: tax, accounting, and anti-fraud requirements.

Section 4: How we use your data

  • Provide and operate the Deciqor platform and evaluation service.
  • Calculate DQS scores and enforce Program Rules.
  • Process and verify payouts.
  • Prevent fraud, abuse, and security incidents.
  • Host, store, and back up data on infrastructure providers.
  • Comply with legal obligations.
  • Send transactional emails (e.g. account, evaluation status, payout updates).

Section 5: Data sharing / third parties

We share data with processors acting on our instructions:

  • Supabase: database and auth (EU region: Frankfurt).
  • Stripe: payment processing (PCI DSS).
  • Resend: transactional email delivery.
  • Vercel: hosting and CDN.
  • Cloudflare: DDoS protection and edge security (where used).
  • Polymarket (public API): we fetch read-only market prices; we do not send your personal data to Polymarket for identification purposes.

We require appropriate safeguards (including data processing agreements where required).

Section 6: Data retention

  • Account data: while your account is active, plus up to 2 years after closure unless law requires longer.
  • Trade records: up to 7 years where required for legal and tax purposes.
  • Payment / accounting records: up to 10 years (Czech tax law requirements may apply).
  • IP logs / security signals: typically up to 90 days, unless needed for investigations.
  • Marketing: until you opt out, plus a short wind-down (e.g. 30 days) for suppression lists.

Section 7: Your rights (GDPR)

Subject to applicable law, you may have the right to:

  • Access your data (copy).
  • Rectify inaccurate data.
  • Erasure (“right to be forgotten”), subject to legal retention.
  • Restrict processing in certain cases.
  • Data portability where processing is automated and contract-based.
  • Object to processing based on legitimate interests.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with the Czech supervisory authority: Úřad pro ochranu osobních údajů (ÚOOÚ), www.uoou.cz.

To exercise rights, email zdnkjk8@gmail.com. We respond within 30 days, extendable by up to 60 days for complex requests under GDPR.

Section 8: Cookies

We use essential cookies only: authentication session tokens, security / CSRF tokens, and preferences (e.g. price display format). We do not use analytics or advertising cookies without your consent where required. Disabling cookies in your browser may prevent login or core features.

Section 9: Security

  • HTTPS on the site.
  • Passwords stored using strong hashing (never plaintext).
  • Database access controls (including row-level security where implemented).
  • Incident response; where a personal data breach is likely to result in risk, we will notify the supervisory authority and affected users as required (typically within 72 hours under GDPR Article 33).

Section 10: International transfers

Primary data processing occurs in the EU (e.g. Supabase Frankfurt). Some providers (e.g. Stripe, Vercel) may process data in the United States or other regions under appropriate safeguards such as the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs), as applicable.

Section 11: Children

The service is not directed at users under 18. We do not knowingly collect personal data from minors. If you believe we have received data from a minor, contact us to delete it.

Section 12: Changes

We may update this Privacy Policy. Material changes will be posted here and, where appropriate, notified by email.

Last updated: April 18, 2026

Back to home