← Back to Home

Privacy Policy

Last Updated: January 26, 2026

1. Introduction & Data Controller

The Arcane Archives ("we," "us," "our") is the data controller responsible for your personal data. We are committed to respecting your privacy and protecting your personal information in accordance with applicable data protection laws.

2. Information We Collect

We collect different types of information to provide and improve our services:

2.1 Information You Provide Directly

• Account Information: Username, email address, display name, password (encrypted)
• Profile Information: Profile picture, bio, preferences, settings
• Payment Information: Billing details processed securely through Stripe (we do not store full credit card numbers)
• Communication Data: Messages you send through Telegram, support inquiries, feedback
• User-Generated Content: Community posts, comments, forum contributions

2.2 Information Collected Automatically

• Usage Data: Course progress, modules completed, watch time, feature usage, login history
• Device Information: IP address, browser type and version, device type, operating system
• Analytics Data: Pages viewed, time spent on platform, navigation paths, click patterns
• Performance Data: Error logs, loading times, technical issues encountered
• Cookies & Similar Technologies: Session cookies, authentication tokens, preference cookies

2.3 Information from Third-Party Sources

• Payment Processor (Stripe): Transaction details, payment status, billing information
• Introducing Broker Data: Trading account information if you register through our IC Markets referral (handled by broker, not stored by us)
• Analytics Services: Aggregated usage statistics and platform performance metrics

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision & Account Management

• Create and manage your account
• Process your subscription payments and manage billing
• Provide access to educational content, courses, and platform features
• Track your learning progress and course completion
• Facilitate community features and user interactions
• Provide customer support and respond to inquiries

3.2 Platform Improvement & Development

• Analyze usage patterns to improve user experience
• Develop new features and optimize existing ones
• Conduct research and testing for platform enhancements
• Debug technical issues and maintain platform stability

3.3 Communication & Marketing

• Send transactional emails (subscription confirmations, payment receipts, password resets)
• Provide important platform updates and service announcements
• Send educational content, newsletters, and course recommendations (with your consent)
• Notify you about new features, content releases, and live calls
• Respond to your questions and provide support

3.4 Security & Fraud Prevention

• Protect against unauthorized access and account takeovers
• Detect and prevent fraudulent activity and payment disputes
• Enforce our Terms of Service and community guidelines
• Investigate security incidents and Terms violations

3.5 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from authorities
• Protect our legal rights and interests
• Maintain records for tax and accounting purposes

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Processing Purpose	Legal Basis
Account creation and subscription management	Performance of contract
Payment processing	Performance of contract
Platform improvements and analytics	Legitimate interests
Marketing communications	Consent (you can opt-out anytime)
Security and fraud prevention	Legitimate interests
Legal compliance	Legal obligation

5. Data Storage & Security

5.1 Where We Store Your Data

Your data is stored using the following infrastructure:

• Primary Database: Firebase/Firestore (Google Cloud Platform) - EU/UK regions where possible
• Payment Data: Stripe (PCI DSS compliant, not stored on our servers)
• Hosting: Netlify (global CDN with data residency controls)
• Analytics: Privacy-focused analytics services with data anonymization

5.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted using TLS/SSL encryption (HTTPS)
• Password Security: Passwords are hashed using bcrypt/Argon2 algorithms
• Access Controls: Role-based access with principle of least privilege
• Monitoring: Continuous security monitoring and threat detection
• Regular Updates: Security patches and software updates applied promptly
• Data Backup: Regular encrypted backups with secure storage

Important Note: While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of data transmitted over the internet.

6. Data Sharing & Third-Party Services

We share your personal data only in the following circumstances:

6.1 Essential Service Providers

• Stripe: Payment processing (PCI DSS compliant)
• Firebase/Google Cloud: Database hosting and cloud infrastructure
• Netlify: Website hosting and serverless functions
• Email Service Providers: Transactional and marketing emails

All third-party service providers are carefully selected and bound by data processing agreements to protect your information.

6.2 Introducing Broker Relationships

If you register with IC Markets or other brokers through our referral links:

• Your registration data is collected by the broker, not by us
• We may receive commission as an Introducing Broker
• We do not have access to your trading account details or transactions
• Brokers have their own privacy policies governing your data

6.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or regulatory requirements
• Protect and defend our rights or property
• Prevent fraud or investigate potential violations
• Protect the safety of users or the public

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.

7. Cookies & Tracking Technologies

7.1 Types of Cookies We Use

• Essential Cookies: Required for platform functionality (authentication, session management)
• Preference Cookies: Remember your settings and preferences
• Analytics Cookies: Help us understand how users interact with the platform
• Performance Cookies: Monitor platform performance and identify issues

7.2 Managing Cookies

You can control cookies through:

• Your browser settings (disable or delete cookies)
• Platform cookie preferences (where available)
• Opting out of analytics tracking

Note: Disabling essential cookies may impact platform functionality.

8. Your Data Protection Rights

Under UK GDPR and Data Protection Act 2018, you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

8.4 Right to Restrict Processing

You can request that we limit how we use your personal data.

8.5 Right to Data Portability

You can request a copy of your data in a machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You have the right to complain to the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Active Accounts: Data retained while your subscription is active
• Cancelled Subscriptions: Core account data retained for 90 days after cancellation (for reactivation), then archived
• Financial Records: Retained for 7 years for tax and legal compliance
• Usage Analytics: Aggregated and anonymized after 24 months
• Legal Holds: Data may be retained longer if required by law or for legal proceedings

Account Deletion: You can request permanent account deletion at any time. We will delete your data within 30 days, except where retention is legally required.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK/EU. When this occurs:

• We ensure adequate safeguards are in place (Standard Contractual Clauses, Privacy Shield where applicable)
• Third-party service providers comply with GDPR requirements
• Data is encrypted during transfer

11. Children's Privacy

The Arcane Archives is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• User feedback and best practices

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send email notification to registered users
• Display a prominent notice on the platform

Continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us & Data Protection

For any questions, concerns, or requests regarding your privacy or this Privacy Policy:

Complaints: If you believe your data protection rights have been violated, you may lodge a complaint with:

Information Commissioner's Office (ICO)
Website: ico.org.uk
Phone: 0303 123 1113