Tradyon Privacy Policy

This Privacy Policy ("Policy") explains how Tradyon collects, processes, uses, and protects your personal data when you use the Tradyon Platform and related services. It applies to all users, including individual traders, enterprise customers, API consumers, and visitors to www.tradyon.ai. This Policy is incorporated by reference into the Terms of Use and forms one integrated legal agreement.

Applicability and Multi-Jurisdictional Compliance

Tradyon operates globally and processes personal data under multiple regulatory regimes:

Tradyon processes data in compliance with the strictest applicable standard. For example, if your data involves an EU resident (GDPR) and a UAE resident (PDPL), both standards apply. If a GDPR standard is stricter, we apply GDPR requirements.

For Privacy Inquiries, Data Subject Rights, or Complaints

• Email: privacy@tradyon.ai
• Mailing Address: Data Protection Officer, Tradyon Unit 1405, Floor 14, Addax Port Office Tower, Tamouh, Abu Dhabi, Al Reem Island, Abu Dhabi, U.A.E
• Response Time: 30 days (or as required by applicable law)

For EU/UK Residents — Supervisory Authority: the relevant Data Protection Authority (DPA) in your member state.

For UAE Residents — UAE Data Office Complaint: complaints@dpo.gov.ae

2.1 Data Provided Directly by You

When you register, use the Platform, or communicate with us, we collect:

Account Registration and Profile Information

• Full name
• Email address (personal and/or business)
• Phone number
• Job title and professional role
• Company name and jurisdiction
• Company email address
• Account login credentials (hashed password)
• Country and timezone
• Billing address and payment information

Platform Usage Data

• Search queries and prompts you enter into the Platform
• Filters and parameters you apply
• Saved searches and alert configurations
• Your research on the Platform
• Documents or reports you download
• Feature usage and interaction patterns

Support and Communication Data

• Messages, emails, or chat communications with Tradyon support
• Feedback, complaints, or inquiries you submit
• Copies of communications including subject matter and timestamps
• Technical information about issues you report

Payment Information

• Billing address
• Payment method (credit card, bank account, etc.)
• Transaction history and invoices
• Payment status and billing disputes

2.2 Data Automatically Collected

Technical Data

• IP address
• Device type, operating system, and browser information
• Pages visited, time on page, and clickstream data
• Device identifiers (cookies, tracking pixels, local storage)
• Referring URL and destination URL
• Geographic location (inferred from IP address)
• Session duration and login/logout times

Platform Analytics

• Features used and frequency
• Queries executed and their timing
• Alerts triggered and alert configurations
• API calls made and data accessed
• Performance metrics (page load time, error rates)
• Aggregated user behavior patterns

These are collected automatically via cookies, web beacons, and server logs.

2.3 Data from Third-Party Sources

We obtain personal data from external providers for purposes described in Section 3:

Data Providers

• Public Sources: Trade association websites, industry directories, government registries, LinkedIn profiles, company websites
• Event Data: Attendee lists from trade shows or industry conferences where Tradyon participates
• Referral and Marketing Partners: Contact information from co-marketing initiatives

Data from Publicly Available Sources

• Web scraping of public trade records, port data, customs filings, industry publications
• Government export-import statistics and trade databases
• Commodity exchange data and market publications
• Company registration information from government repositories that are publicly available
• You may appear in these datasets even if you did not directly provide information to Tradyon

2.4 Enterprise Users

If you are added as an Enterprise User by your company's administrator, we may receive:

• Your name, email, phone, job title from the administrator
• Employee records and organizational charts provided during onboarding
• Your activities and queries within the Enterprise account

3.1 Core Business Purposes

Service Delivery and Platform Operation

• Providing access to the Tradyon Platform and features
• Processing your queries and generating analytics
• Executing alerts and notifications you configure
• Saving searches, preferences, and account settings
• Enabling seamless login and session management
• Delivering AI-assisted insights through TradeGenie and other AI Services

Account Management and Billing

• Creating and administering your account
• Processing subscription payments and renewals
• Issuing invoices and managing billing disputes
• Managing access and user permissions
• Handling account termination and data deletion requests

Customer Support and Communications

• Responding to your inquiries and support tickets
• Troubleshooting technical issues
• Notifying you of changes, outages, or security events
• Providing account-related updates and administrative messages

3.2 Secondary Purposes (with Your Consent or Legitimate Interest)

Analytics, Improvement and Optimization

• Analyzing user behavior to improve the Platform's usability, performance, and features
• Conducting A/B testing on interface elements and workflows
• Generating usage statistics and performance metrics
• Identifying and fixing bugs and technical issues
• Optimizing server capacity and infrastructure

Benchmarking and Aggregated Insights

• Creating anonymized, aggregated benchmarks (for example, "average wheat export price from India in Q4 2025")
• Generating industry reports and market intelligence
• Identifying trends and patterns in global trade
• Publicly publishing aggregated insights (without identifying individuals)

AI Model Improvement (Anonymized Data Only)

• Fine-tuning AI models and natural language processing using anonymized, aggregated query data
• Improving TradeGenie's ability to interpret trading queries and provide relevant recommendations
• Training models on product/commodity data, not personal user data
• As of 2025, Tradyon does not train AI models on personal data or user identities

Marketing and Business Development (where permitted)

• Sending periodic newsletters about platform updates, new features, and commodity market insights
• Inviting you to webinars, training sessions, or industry events
• Conducting surveys about your experience with the Platform
• Re-engaging dormant users with special offers or feature announcements
• Building marketing lists from third-party data (Apollo, Lusha, public sources)

You may opt-out of marketing communications anytime by clicking "Unsubscribe" or contacting hello@tradyon.ai.

Legal and Regulatory Compliance

• Complying with legal obligations (taxes, audits, regulatory requests)
• Defending against legal claims and disputes
• Investigating fraud, abuse, or policy violations
• Preventing money laundering, sanctions evasion, and terrorist financing
• Maintaining records for business continuity and disaster recovery

Security, Fraud Detection and Safety

• Monitoring for suspicious activity and unauthorized access
• Detecting and preventing fraud, abuse, and cyber attacks
• Protecting the integrity of the Platform and user data
• Enforcing these Terms and other agreements
• Responding to security incidents and breaches

Under GDPR, PDPL, DPDP Act, and similar laws, Tradyon's processing of your personal data is justified on the following legal bases:

4.1 Contract Performance

Legal Basis: Necessary to perform the contract with you.

Processing activities

• Account creation and authentication
• Delivering Platform features and services
• Processing payments and billing
• Managing subscriptions and access

Without this processing, we cannot provide the Service.

4.2 Legal Obligation

Legal Basis: Compliance with applicable laws and regulations.

Processing activities

• Retaining financial and tax records
• Responding to lawful government requests (subpoenas, tax inquiries, law enforcement)
• KYC/AML compliance and sanctions screening
• Trade compliance and export control verification
• Breach notification (as required by law)

We are legally required to process certain data and retain it for specified periods, even if you request deletion.

4.3 Your Explicit Consent

Legal Basis: Affirmative consent for specific processing.

Processing activities

• Marketing Communications: Sending newsletters, promotions, and announcements (opt-in for non-customers; opt-out available for customers)
• Non-Essential Cookies: Cookies for tracking, analytics, and personalization (separate cookie consent on your first visit)
• Phone Outreach: Calling you for sales, support, or feedback (consent obtained)
• Secondary Data Uses: Aggregating data for benchmarking; using data in case studies or testimonials

You retain the right to withdraw consent at any time. Withdrawal does not affect processing conducted before withdrawal.

4.4 Legitimate Interest

Legal Basis: Tradyon's legitimate business interests, balanced against your privacy rights.

Processing activities

• Platform Improvement: Analyzing usage data to improve functionality, security, and performance
• Security and Fraud Prevention: Detecting unauthorized access, malware, and abusive behavior
• Business Development: Contacting you with offers, webinars, or training (if you are a prospect)
• Network Optimization: Managing server capacity, load balancing, and infrastructure
• User Research: Understanding user needs through surveys and feedback (optional participation)
• Enforcement of Terms: Investigating breaches and preventing abuse
• Customer Retention: Reaching out to inactive users with re-engagement offers

Tradyon has assessed that its interests (securing the platform, improving services, preventing abuse) outweigh privacy risks, particularly because processing is minimized and you have rights to object.

4.5 Vital Interests (Limited Cases)

Legal Basis: Protection of critical interests.

Processing activities

• Responding to emergency requests during security breaches or system outages
• Protecting the safety and security of the Platform infrastructure
• Preventing imminent threats to data integrity or user safety

4.6 Public Task / Official Authority

Legal Basis: Compliance with official government functions (UAE only).

If Tradyon processes data in an official capacity (e.g., executing government-mandated reporting), such processing is justified by official authority.

5.1 Categories of Recipients

Your personal data may be shared with the following categories of third parties:

Affiliated Entities

• Tradyzen Technologies Pvt Ltd (backend operations, customer support, data processing)
• Other Tradyon group companies (subject to these same protections)

Service Providers and Data Processors

These vendors process data on Tradyon's behalf under Data Processing Agreements (DPAs):

All service providers are required to:

• Process data only as instructed by Tradyon
• Implement equivalent security and confidentiality protections
• Not use personal data for their own purposes
• Enter into Data Processing Agreements
• Delete data upon termination of services

Subprocessors

Under GDPR and CCPA, you have the right to be informed of subprocessors. A current list is maintained on request.

5.2 Data Sharing with Third Parties (Non-Processors)

Your personal data is not sold, rented, or shared with third parties for their independent purposes, except in the following circumstances:

Aggregated and Anonymized Data (not personal data)

• Industry benchmarks and market intelligence reports (published anonymously)
• Aggregated trade flow statistics
• Anonymized case studies or testimonials (with consent)

Legal Obligations and Enforcement

• Government agencies and law enforcement (court orders, subpoenas, mutual legal assistance treaties)
• Tax authorities (regarding tax compliance)
• Financial regulators and auditors
• Authorities investigating fraud, abuse, or illegal activity

Business Transactions

In connection with a merger, acquisition, asset sale, bankruptcy, or similar transaction, personal data may be transferred as part of the business. We will provide notice and allow you to opt-out where legally required.

With Your Explicit Consent

Sharing with co-marketing partners, referral partners, or event organizers (only with your prior consent).

5.3 No Sale of Personal Data

Tradyon does not sell or share personal information for purposes of targeted advertising or behavioral tracking. We do not allow third-party data brokers to sell your information. You have the right to opt out of the Services at any time.

6.1 Technical Safeguards

Encryption

• Data at Rest: All personal data stored in Tradyon's systems (databases, backups, archives) is encrypted using AES-256 or stronger encryption, with encryption keys managed by AWS/GCP Key Management Service (KMS).
• Data in Transit: All data transmitted between your device and Tradyon servers is encrypted using TLS 1.2 or higher.
• Database-Level Encryption: Sensitive fields (passwords, API keys, financial data) are encrypted at the database layer.

Access Controls

• Role-Based Access Control (RBAC): Employees are granted minimum necessary permissions based on job function.
• Principle of Least Privilege: No employee has default access to personal data; access is granted on a case-by-case, need-to-know basis.
• Cloud IAM Policies: AWS and GCP identity and access management (IAM) enforces least privilege access to cloud resources.
• Multi-Factor Authentication (MFA): Required for all employee and privileged accounts.

Monitoring and Detection

• Access Logging: All access to personal data is logged, timestamped, and auditable.
• Real-Time Alerts: Suspicious access patterns trigger automated alerts to the security team.
• Continuous Vulnerability Scanning: Automated tools scan for misconfigurations, weak encryption, and known vulnerabilities.
• Web Application Firewalls (WAF): CloudFlare or AWS WAF protects against common web attacks (SQL injection, XSS, DDoS).

6.2 Organizational Safeguards

Data Protection Governance

• Data Protection Officer (DPO): Tradyon maintains a qualified DPO responsible for privacy compliance: sravanth@tradyon.ai.
• Privacy by Design: Privacy considerations are integrated into all system design and development decisions.
• Data Protection Impact Assessments (DPIAs): Formal assessments are conducted before deploying high-risk processing (AI models, large-scale data sharing, cross-border transfers).
• Staff Training: All employees handling personal data receive mandatory privacy training annually.

Vendor Management

• Vendor Risk Assessment: Third-party processors are vetted for security and data protection practices before engagement.
• Data Processing Agreements (DPAs): Executed with all processors.
• Regular Audits: Periodic security audits of vendor systems and procedures.
• Subprocessor Approval: You have the right to object to new subprocessors. Tradyon shall provide notice and opportunity to object.

6.3 Incident Response

• Security Incident Plan: Documented procedures for detecting, responding to, and reporting data breaches.
• Notification Timeline: Tradyon commits to notifying affected individuals within 72 hours of discovering a personal data breach (GDPR requirement) or as required by applicable law.
• Regulatory Notification: Notification to relevant Data Protection Authorities (DPA) within 72 hours (or as required).
• Post-Incident Review: Investigation and documentation of root causes; corrective actions implemented.

6.4 Limitations on Data Protection

• No Absolute Security: While we maintain rigorous safeguards, no data security system is 100% impenetrable. Sophisticated attackers may find vulnerabilities despite our protections.
• User Responsibility: You are responsible for maintaining the confidentiality of your login credentials and account access. Do not share passwords; use strong, unique passwords.
• Third-Party Data Security: Personal data obtained from third parties carries inherent risks from those providers. Tradyon verifies data accuracy but does not warrant third-party security practices.
• Third-Party Service Security: AWS, GCP, and other cloud providers maintain their own security practices. Tradyon cannot guarantee their practices meet your expectations, but we conduct due diligence.

7.1 Cross-Border Transfer Framework

Tradyon processes personal data across multiple jurisdictions (UAE, India, US, EU, UK, and others). International transfers are governed by applicable law and justified as follows:

EU/UK to UAE Transfer

• Mechanism: Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into Data Processing Agreements.
• Adequacy: UAE does not have an EU "adequacy decision," but SCCs provide sufficient contractual safeguards.
• Supplementary Measures: Tradyon implements encryption, access controls, and limited processing in UAE to minimize risk.

EU/UK to India Transfer

• Mechanism: Standard Contractual Clauses (SCCs).
• Adequacy: India does not have an EU "adequacy decision."
• Processing in India: Limited to backend operations (customer support, data processing, infrastructure management) under strict DPAs.

US to Other Jurisdictions

• Mechanism: Standard Contractual Clauses, adequacy decisions where available (EU, UK, Canada, New Zealand).
• CCPA Compliance: Tradyon complies with CCPA service provider restrictions when processing California residents' data.

India to Other Jurisdictions

• Mechanism: DPDP Act (cross-border transfer safeguards).
• Restriction: Transfers of "sensitive personal data" are limited to specified categories; transfers outside India require appropriate contractual safeguards.
• Note: DPDP Act provisions on cross-border transfers are still subject to regulatory clarification; local counsel confirmation is advised.

7.2 Adequacy Decisions

Where no adequacy decision exists, Tradyon relies on Standard Contractual Clauses (SCCs) and supplementary technical safeguards:

• Encryption of personal data to minimize recoverability by unauthorized parties
• Contractual restrictions on government access requests
• Limited onward transfers to subprocessors (with notice and objection rights)
• Commitments to notify you of government data requests

7.3 Your Rights Regarding Transfers

You have the right to:

• Request information about the transfer mechanisms used
• Object to transfers to specific countries or third parties
• Request a copy of transfer documentation (SCCs, adequacy decisions)
• Contact your Supervisory Authority if you believe a transfer violates your rights

8.1 Retention Schedule by Data Category

Tradyon retains personal data according to the following schedules. Except as specified, data is deleted or anonymized at the end of the retention period.

8.2 Early Deletion and Data Subject Rights

You may request early deletion of your data at any time by exercising your right to erasure (Section 9). Tradyon will delete or anonymize personal data within:

• EU/UK (GDPR): 30 days
• UAE (PDPL): 30 days
• India (DPDP Act): 30 days
• California (CCPA): 45 days

8.3 Exceptions to Deletion

Tradyon may retain personal data beyond the above periods if:

• Legally required (e.g., tax records, regulatory compliance)
• Necessary to defend against legal claims or disputes
• Required for ongoing business continuity, backup, or disaster recovery
• Data is anonymized or pseudonymized (no longer personal data)
• You have consented to longer retention
• Necessary for AI model improvement (anonymized data only)

8.4 Anonymization

When retention periods expire, Tradyon will (a) delete personal data, or (b) anonymize it (remove all identifiable information) so it cannot be linked to you. Anonymized data is no longer protected by data protection laws and may be retained indefinitely for analytics, benchmarking, and research.

9.1 GDPR Rights (EU/UK Residents)

If you are an EU or UK resident, you have the following rights under GDPR:

Right of Access

• Request a copy of personal data Tradyon holds about you
• Receive confirmation of processing and details about recipients
• Response deadline: 30 days (extendable by 60 days for complex requests)
• Cost: Free unless request is manifestly unfounded or excessive

Right of Rectification

• Request correction of inaccurate or incomplete personal data
• Tradyon will update records and notify third-party recipients of corrections
• Response deadline: 30 days

Right to Erasure ("Right to be Forgotten")

Request deletion of personal data in specific circumstances:

• Data is no longer necessary for the original purpose
• You withdraw consent (if processing was consent-based)
• You object to processing and there is no overriding legal basis
• Data has been unlawfully processed
• Legal obligation to delete

Response deadline: 30 days.

Exceptions: Tradyon may retain data if legally required (tax, regulatory, legal claims), contract performance requires retention, or legitimate interests outweigh the erasure request.

Right to Restrict Processing

Request that Tradyon limit processing to storage only (no use). Applied when:

• You dispute accuracy (processing restricted pending verification)
• Processing is unlawful but you prefer restriction over deletion
• Data is no longer needed but required for a legal claim
• You object to processing (pending objection resolution)

Tradyon will flag restricted data and process only with your consent. Response deadline: 30 days.

Right to Data Portability

• Request a copy of your personal data in a structured, commonly used, machine-readable format
• Request that Tradyon transmit your data directly to another organization (where technically feasible)
• Applies to data you provided or that was automatically generated
• Excludes data derived solely from others (e.g., aggregated benchmarks)
• Response deadline: 30 days

Right to Object

Object to processing for:

• Direct Marketing: Unrestricted right to opt-out from marketing communications
• Legitimate Interest Basis: Object based on specific circumstances. Tradyon must cease processing unless overriding legitimate interest (e.g., legal compliance, fraud prevention)
• Automated Decision-Making: Object to decisions based solely on automated processing that has legal or similarly significant effect

Response deadline: 30 days.

Right to Not Be Subject to Automated Decision-Making

Right not to be subject to decisions based solely on automated processing (including profiling) that produces legal or similarly significant effects.

Exceptions

• Necessary to perform a contract
• Authorized by law
• Based on your explicit consent

You have the right to human review and to express your point of view.

Right to Lodge a Complaint

• File a complaint with your national Data Protection Authority (DPA)
• No need to exhaust Tradyon's internal processes first

9.2 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA/CPRA:

Right to Know

Request what personal information Tradyon collects, uses, and discloses. Tradyon will provide:

• Categories of personal information collected
• Sources of collection
• Purposes for collection
• Categories of third parties with whom data is shared

Response deadline: 45 days.

Right to Delete

Request deletion of personal information collected from you (except where exceptions apply).

Exceptions

• Perform services you requested
• Fulfill legal obligations
• Enable internal uses reasonably aligned with expectations
• Comply with law
• Detect and remedy security incidents
• Protect rights or safety of others

Response deadline: 45 days.

Right to Correct

• Request correction of inaccurate personal information
• Tradyon will update records and notify third parties (where feasible)
• Response deadline: 45 days

Right to Opt Out of Sale/Sharing

• Opt out of the "sale" or "sharing" of personal information
• Tradyon does not sell or share personal information for targeted advertising. No opt-out necessary.
• If you believe we do, contact privacy@tradyon.ai to verify.

Right to Limit Use and Disclosure

Request that Tradyon limit use of sensitive personal information to purposes necessary to provide the service you requested or as permitted by law. Sensitive personal information includes:

• Social security numbers, financial account numbers
• Precise geolocation
• Racial or ethnic origin
• Religious beliefs, union membership
• Health information, biometric information
• Sex life or sexual orientation
• Citizenship or immigration status

Response deadline: 45 days.

Right to Non-Discrimination

Right not to receive discriminatory treatment for exercising privacy rights. Tradyon will not:

• Deny goods or services
• Charge different prices or rates
• Provide different quality of service
• Suggest that exercising rights will result in less favorable treatment

Exception: Legitimate price variation based on value provided by data (with appropriate consumer notice).

Consumer Right to Opt-Out of Profiling

• Opt out of profiling and automated decision-making that produces legal or similarly significant effects
• Response deadline: 45 days

Agent Authorization

• Designate an authorized agent to exercise rights on your behalf
• Agent must provide power of attorney or similar authorization
• Tradyon may require you to verify the agent's authority

9.3 India DPDP Act Rights

If you are an individual whose personal data is processed in India, you have rights under the Digital Personal Data Protection Act, 2023 (DPDP Act):

Right of Access

• Request confirmation of whether personal data is being processed
• Request a copy of personal data in a commonly used format
• Response deadline: 30 days

Right to Correction

• Request correction of inaccurate, incomplete, or misleading personal data
• Tradyon will make reasonable efforts to update records
• Response deadline: 30 days

Right to Erasure

Request deletion of personal data if:

• Data is no longer necessary for the purpose of processing
• Processing is unlawful
• You withdraw consent
• Legal obligation to delete

Exceptions: Tradyon may retain data if legally required, contract performance requires retention, or legitimate interests require processing.

Response deadline: 30 days.

Right to Data Portability

• Request personal data in a structured, commonly used, portable format
• Right to transmit data to another organization where technically feasible
• Response deadline: 30 days

Right to Withdraw Consent

• If processing is based on consent, withdraw it at any time
• Withdrawal does not affect processing conducted before withdrawal

Right to Lodge a Complaint

File a complaint with the Data Protection Board of India (DPBI) if you believe Tradyon has violated DPDP Act requirements.

9.4 UAE PDPL Rights (UAE Residents)

If you are a resident of the UAE, you have the following rights under Federal Decree Law No. 45/2021 (PDPL):

Right of Access

• Request confirmation of whether personal data is being processed
• Request a copy of personal data
• Response deadline: 30 days
• Free of charge (unless request is vexatious or excessive)

Right of Correction

• Request correction of inaccurate, incomplete, or misleading personal data
• Tradyon will correct data and notify third-party recipients
• Response deadline: 30 days

Right to Deletion

Request deletion of personal data if:

• No longer necessary for the purpose
• Processing is unlawful
• You withdraw consent
• You object to processing

Exceptions: Tradyon may retain data if legally required, contract requires retention, or legitimate interests require processing (with prior notice).

Response deadline: 30 days.

Right to Withdraw Consent

• Withdraw consent for processing at any time
• Withdrawal applies prospectively (does not affect past processing)

Right to Lodge a Complaint

• File a complaint with the UAE Data Office
• Use this link to address your grievance: https://u.ae/en/Help/Contact-Us

9.5 How to Exercise Your Rights

Submission Process

Submit a written request to sravanth@tradyon.ai, Data Protection Officer of Tradyon, including:

• Your full name and account ID
• Email address and phone number
• Clear description of the right you are exercising
• Specific data or categories you are requesting
• Proof of identity (copy of passport, national ID, or business registration)

Tradyon's Response

• Acknowledge receipt within 7 days
• Respond substantively within applicable legal deadlines (typically 30 days, extendable by 60 days for complex requests)
• Provide information in commonly used format (PDF)
• Free of charge, unless request is manifestly unfounded or excessive

Right to Remedy

If Tradyon denies your request, you have the right to:

• Request written explanation of the denial and legal basis
• Appeal internally to Tradyon's Data Protection Officer
• Lodge a complaint with your relevant supervisory authority

Tradyon uses cookies and similar tracking technologies (pixels, local storage, web beacons) to enhance your experience and understand how you use the Platform. A "cookie" is a small file stored on your device that identifies your browser.

10.1 Types of Cookies

Strictly Necessary Cookies (Always Active)

• Session management and login authentication
• Security and fraud prevention
• Platform functionality (remembering preferences, maintaining cart)
• These cookies are essential and cannot be disabled without breaking the Platform

Functional Cookies (Require Your Consent)

• Remember user preferences and saved searches
• Remember language and display settings
• Enable enhanced features (annotations, saved alerts)
• Improve user experience through personalization

Analytics and Performance Cookies (Require Your Consent)

• Google Analytics for tracking user behavior
• Datadog or similar tools for performance monitoring
• Identify popular features, page views, time on page
• Heatmaps and session recordings (with consent)
• Help improve Platform usability

Marketing and Advertising Cookies

• Facebook Pixel and similar tools for retargeting
• LinkedIn Insight Tag for professional targeting
• Google Ads conversion tracking
• Allow Tradyon to track you across websites and show targeted ads

Third-Party Cookies

• Embedded content from third parties
• Consent management platforms
• Payment processors

10.2 Cookie Consent and Management

First Visit Consent Banner

When you first visit www.tradyon.ai, a consent management banner appears asking you to:

• Accept all cookies (Strictly Necessary + Functional + Analytics + Marketing)
• Reject all non-essential cookies (Strictly Necessary only)
• Customize your preferences

Updating Preferences

• Access your cookie preferences at any time via a "Cookie Settings" link in the website footer
• Withdraw consent for specific categories
• Change preferences by deleting cookies and revisiting the site

Browser Controls

• Most browsers allow you to block, delete, or control cookies
• Disabling cookies may prevent some Platform features from working
• Visit www.aboutcookies.org for browser-specific instructions

10.3 Do Not Track (DNT)

If your browser sends a "Do Not Track" signal, Tradyon recognizes this preference. However, third-party analytics and advertising tools may not respect DNT signals. If you prefer not to be tracked, configure your cookie preferences as above.

The Tradyon Platform is intended for business use by adults (18+). Tradyon does not knowingly collect personal data from children under 13 years of age. If you are under 18, please obtain parental consent before using the Platform. If a parent/guardian discovers that their child has provided personal data to Tradyon, please contact privacy@tradyon.ai immediately, and we will delete the child's data.

A "personal data breach" is any security incident involving unauthorized access, loss, disclosure, or alteration of personal data.

In the event of a breach, Tradyon will:

12.1 Conduct an Internal Investigation (within 48 hours)

• Assess the nature, scope, and impact of the breach
• Identify affected individuals and data categories
• Determine root cause and remedial actions

12.2 Notification to Supervisory Authorities (within 72 hours of discovery)

• EU/UK (GDPR): Notify relevant Data Protection Authority (unless breach is unlikely to result in risk)
• India (DPDP Act): Notify Data Protection Board if required
• UAE (PDPL): Notify UAE Data Office within 30 days
• California (CCPA): Notify California Attorney General
• Other jurisdictions: As required by applicable law

12.3 Notification to Affected Individuals

• Notify in the most expedient time possible
• Communication method: Email to address on file, phone, postal mail; public notice (if breach is large-scale)

Notification includes:

• Nature of breach and data involved
• Measures taken or recommended to mitigate risk
• Tradyon's contact information
• Identity of affected person or categories

12.4 Public Disclosure (if breach affects > 1,000 individuals)

• Press release or website notice announcing the breach
• Summary of measures to prevent future breaches

12.5 User Responsibilities

To prevent breaches:

• Use strong, unique passwords; enable multi-factor authentication
• Do not share login credentials
• Immediately notify Tradyon of suspected unauthorized access
• Keep your devices and software updated
• Avoid public Wi-Fi for accessing sensitive account information

The Tradyon Platform may include links to external websites and third-party services. Tradyon is not responsible for the privacy practices of third parties. We recommend reviewing their privacy policies before providing personal data.

When you link to a third-party service from Tradyon:

• Your interaction with that service is governed by its privacy policy, not this Policy
• Third-party data collection and use practices may differ significantly
• Tradyon does not endorse or control third-party privacy practices

Tradyon may update this Privacy Policy to reflect changes in law, technology, or business practices. Material changes will be communicated:

• Email notification to the address on your account
• Prominent notice on www.tradyon.ai
• 30 days' notice before the change becomes effective

Continued use of the Platform following notice constitutes acceptance of the updated policy. If you object to changes, discontinue using the Platform and submit a data deletion request.

Address: Tradyon, Unit 1405, Floor 14, Addax Port Office Tower, Tamouh, Abu Dhabi, Al Reem Island, Abu Dhabi, U.A.E.

Response Time: 30 days (or as required by applicable law).

Supervisory Authority Websites

• European Union/UK: https://www.edpb.europa.eu/edpb_en , https://ico.org.uk
• India: Digital Personal Data Protection Rules, 2025
• UAE Data Office: https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws
• California, USA: oag.ca.gov/privacy

This Privacy Policy is governed by the laws of the United Arab Emirates, specifically with respect to data controller obligations and data subject rights as defined in Federal Decree Law No. 45/2021 (PDPL). However, data protection provisions are interpreted in light of:

• GDPR (for EU/UK users)
• DPDP Act (for India-based processing)
• CCPA/CPRA (for California residents)
• Other applicable local laws in your jurisdiction

Any disputes arising from this Policy or privacy practices are subject to the dispute resolution and governing law provisions in the Terms of Use.