Controller: Sharpnel Trading Last updated: June 8, 2026
Sharpnel Trading is a sole proprietorship (eenmanszaak) established under the laws of Belgium. Sharpnel provides the Sharpnel Trading analytical software and website (together, the "Service").
Sharpnel is the data controller for the personal data described in this Policy. This means Sharpnel decides why and how your personal data is processed.
In this Policy, "Sharpnel" means Sharpnel Trading. "You" and "your" mean the person whose personal data Sharpnel processes.
Sharpnel has not appointed a Data Protection Officer (not mandatory for a sole trader of this size); for any privacy matter contact [email protected].
This Policy is written to comply with the EU General Data Protection Regulation (GDPR), the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, and other applicable data-protection law. It is incorporated by reference into Sharpnel's Terms of Service and Sharpnel's software End User License Agreement (EULA). On any question about the processing of personal data, this Privacy Policy prevails over those documents.
Sharpnel Trading is analytical software only. You analyse markets with it and place any trades yourself, through your own broker. Sharpnel never routes or execute orders for you, and Sharpnel never receives, hold, or have custody of your funds, securities, or positions. Where you connect your own brokerage (for example via an Interactive Brokers integration or a MetaTrader bridge), the credentials you enter are used solely to establish the connection you ask for; they are not sent to Sharpnel as part of any telemetry or crash report. This shapes what data Sharpnel does and do not collect.
Sharpnel collects only what Sharpnel needs to provide the Service and to run Sharpnel's business lawfully. The table below sets out each category of data, the purpose, and the legal basis under Article 6 GDPR.
What: Your email address, username, and password (stored only as a salted, bcrypt-hashed value — Sharpnel never stores plaintext passwords). If you sign in with Google OAuth, Sharpnel receives your name, email address, and profile picture from Google. Sharpnel also processes authentication tokens, your subscription tier/entitlement status, and the per-session signals needed to run a licensed copy of the desktop software.
Per-tier session data (desktop): To verify your identity, confirm your active tier, and enforce the concurrent-session limit that applies to your tier, the software exchanges authentication tokens with Sharpnel's servers and records signals about your active sessions (such as session identifiers and last-activity timestamps). Each tier permits a maximum number of simultaneous active sessions; signing in beyond that limit may end your least-recently-used session. a maximum number of concurrent sessions per tier
Why: To create and secure your account, authenticate you, deliver the features your tier is entitled to, and enforce the licence (including preventing account- and credential-sharing).
Lawful basis: Performance of Sharpnel's contract with you (Art. 6(1)(b)) for account creation, authentication, and feature delivery. Sharpnel's legitimate interests (Art. 6(1)(f)) in preventing account-sharing, credential abuse, fraud, and unauthorised access for the anti-account-sharing and session-cap enforcement, balanced against your interests as described in Section 5.
What: Your subscription plan, billing interval, billing status, and a Stripe customer ID and subscription ID. Payments are processed entirely by Stripe. Sharpnel does not store your full card number, CVV, or full billing details — those are held by Stripe under its own terms. Sharpnel receives and store invoice/transaction records (amount, currency, date, tax/VAT information, and your billing country) as needed to manage your subscription and meet Sharpnel's accounting and tax obligations.
Why: To take payment, manage your subscription and renewals, issue invoices, handle refunds/withdrawals, and comply with tax and accounting law.
Lawful basis: Performance of Sharpnel's contract (Art. 6(1)(b)) to provide and bill the subscription; legal obligation (Art. 6(1)(c)) for tax, VAT, and accounting record-keeping.
What: Basic information about how you use the Service, such as pages visited, features used, broad interaction events, browser type, device type, and similar diagnostic information. On the web, some of this is collected only with your consent (see Section 8, Cookies).
Why: To operate, secure, debug, and improve the Service, and to understand which features are used.
Lawful basis: Sharpnel's legitimate interest (Art. 6(1)(f)) in maintaining and improving the Service and keeping it secure; for any analytics set through cookies or similar technologies on the website, your consent (Art. 6(1)(a)) collected via the cookie banner.
What: Watchlists, alerts, workspace layouts, presets, study configurations, display settings, and other preferences you create. Some of this is stored on your own device, and some is synced to your account to provide the Service across devices.
Why: To provide the functionality you ask for and keep your settings available to you.
Lawful basis: Performance of Sharpnel's contract (Art. 6(1)(b)). Sharpnel does not sell this content and do not use its contents for advertising.
What: The content of any message you send Sharpnel (for example by email), your contact details, and any information you choose to include when you contact support.
Why: To respond to your request and keep a record of support interactions.
Lawful basis: Performance of Sharpnel's contract (Art. 6(1)(b)) where the request relates to your subscription; otherwise Sharpnel's legitimate interest (Art. 6(1)(f)) in providing customer support.
The desktop software can send Sharpnel a scrubbed crash summary, but only if you affirmatively turn it on. It is off by default. Diagnostic crash files are written only to your own device unless you opt in.
If, and only if, you enable "Send anonymous crash reports" (during setup or later under Settings), then after a crash the software sends Sharpnel a scrubbed crash summary consisting of:
Before sending, the software removes your local account/user name and replaces local file paths so they no longer reveal your identity.
The crash summary never includes: your application logs, watchlists, charts, trades, broker credentials, API keys, screen contents, keystrokes, or any data you enter into the software.
Why: So Sharpnel can diagnose and fix crashes and improve stability.
Lawful basis: Your consent (Art. 6(1)(a)). You can withdraw consent at any time, with effect for the future, by turning the setting off Settings → General → "Send anonymous crash reports"; withdrawal stops all further uploads and is as simple as granting it. Leaving it off has no effect on your ability to use the software at your tier. "Anonymous" here refers to the absence of your account identity, name, or entered content in the report payload — see Section 3.7 on connection metadata.
What: As with any internet request, when the software or website contacts Sharpnel's servers (for normal operation, licensing/entitlement checks, updates, or crash uploads) Sharpnel's servers receive standard connection metadata, including your IP address and a software/OS or browser user-agent string.
Why: Security, abuse-prevention, fraud-prevention, and diagnostics.
Lawful basis: Sharpnel's legitimate interest (Art. 6(1)(f)) in the security and integrity of the Service. This metadata may constitute personal data even where a crash summary itself has been stripped of directly-identifying content; it is processed and briefly retained as described in Section 6.
Sharpnel does not collect special categories of personal data (such as data revealing health, race, political opinions, or biometric data) and ask that you do not send them to Sharpnel.
Sharpnel uses your personal data to:
Sharpnel does not sell, rent, or share your personal data with third parties for their own marketing. Sharpnel does not use advertising profiles, third-party advertising cookies, retargeting pixels, or behavioural tracking beyond the consent-gated website analytics described in Section 8.
Where Sharpnel relies on legitimate interests (Sections 3.1, 3.3, 3.5, 3.7), Sharpnel has weighed those interests against your rights and freedoms. Sharpnel's interests are: preventing account- and credential-sharing and the resulting loss and security risk; preventing fraud and unauthorised access; keeping the Service available, secure, and free of abuse; and maintaining and improving the Service. Sharpnel uses the minimum data necessary for these purposes, do not use them to build advertising or profiling beyond what is described here, and you can object at any time (see Section 9). You can ask Sharpnel for more detail on this balancing test by contacting Sharpnel.
Sharpnel keeps personal data only as long as necessary for the purpose it was collected for, then delete or anonymise it.
| Category | Retention |
|---|---|
| Account, authentication, entitlement | For as long as your account is active. After you request deletion (or after prolonged inactivity per Sharpnel's internal schedule), Sharpnel deletes your personal account data within 30 days, except where Sharpnel must keep limited records for the periods below. |
| Per-tier session data | Short-lived; session and entitlement records are retained only as long as needed to operate and enforce the licence, then expire/rotate. |
| Billing / invoices | Retained for the period required by Belgian and EU tax and accounting law (generally up to 7 years for invoices and accounting records) even after account deletion. |
| Usage data | Retained for a limited period for operations, security, and analytics, then deleted or aggregated/anonymised. |
| Support data | Retained for as long as needed to handle the matter and for a reasonable period afterwards for reference and dispute-handling. |
| Optional crash telemetry | The scrubbed crash summary is retained only for as long as needed to diagnose and fix the issue, then deleted or aggregated. |
| Connection metadata | Retained briefly for security, abuse-prevention, and diagnostics, then deleted or aggregated. |
Anonymised or aggregated data that can no longer identify you may be kept for longer for analytics.
Sharpnel shares personal data only with service providers ("processors") who process it on Sharpnel's behalf under a written data-processing agreement (Art. 28 GDPR), and only as needed to run the Service. Sharpnel does not sell your data. Current categories of recipients:
| Recipient | Purpose | Privacy information |
|---|---|---|
| Stripe | Payment processing and subscription billing (PCI-DSS compliant) | https://stripe.com/privacy |
| Google (OAuth) | Optional social sign-in, if you choose it | https://policies.google.com/privacy |
| Cloudflare | CDN, security, and DDoS protection for the website | https://www.cloudflare.com/privacypolicy/ |
| Email/transactional provider PrivateEmail (Namecheap) | Sending transactional and service emails | https://www.namecheap.com/legal/general/privacy-policy/ |
| Hosting provider (United States) | Hosting Sharpnel's application servers, databases, and crash-report intake | https://www.namecheap.com/legal/general/privacy-policy/ |
Sharpnel may also disclose personal data where required by law, court order, or a lawful request from a competent authority; to establish, exercise, or defend legal claims; or to a successor entity in connection with a merger, acquisition, reorganisation, or sale of assets (in which case this Policy continues to apply to your data, or you are notified of any new policy).
Sharpnel uses cookies and similar storage for:
Sharpnel does not use third-party advertising cookies, retargeting pixels (e.g. Facebook Pixel), or behavioural tracking beyond the consent-gated analytics above. Cookies are described in this Policy; Sharpnel does not maintain a separate cookie notice
Under the GDPR and Belgian data-protection law you have the following rights, which you can exercise free of charge in most cases:
How to exercise your rights: email [email protected]. Sharpnel may need to verify your identity. Sharpnel will respond within one month, extendable by two further months for complex or numerous requests (Sharpnel will tell you if so).
Right to complain: if you are in the EU/EEA you may lodge a complaint with a supervisory authority, in particular in your country of residence or work. For this controller, the lead authority is the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données — GBA/APD), Rue de la Presse 35 / Drukpersstraat 35, 1000 Brussels, Belgium — https://www.dataprotectionauthority.be ([email protected]). Sharpnel would, however, appreciate the chance to address your concern first.
Sharpnel is based in Belgium and host the Service in the United States. Some of Sharpnel's service providers (such as Stripe and certain infrastructure or email providers) may process personal data outside the EU/EEA, including in the United States. Where Sharpnel transfers personal data outside the EU/EEA to a country without an EU adequacy decision, Sharpnel relies on appropriate safeguards under Chapter V GDPR — in particular the European Commission's Standard Contractual Clauses (SCCs), supplemented by additional technical and organisational measures where needed, and/or recipients certified under an approved EU transfer framework. Standard Contractual Clauses (and, where the recipient is certified, the EU–US Data Privacy Framework) You can request a copy of the relevant safeguards by contacting Sharpnel.
Sharpnel implements reasonable technical and organisational measures appropriate to the risk, including:
No method of transmission or storage is completely secure, and Sharpnel cannot guarantee absolute security. If a personal-data breach is likely to result in a risk to your rights and freedoms, Sharpnel will notify the competent supervisory authority, and you where required, in line with Sharpnel's obligations under Articles 33–34 GDPR.
The Service is intended only for users who are at least 18 years old (or the age of majority and full contractual capacity in their jurisdiction, if higher). Sharpnel does not knowingly collect personal data from anyone under 18. If you believe a minor has provided Sharpnel with personal data, contact Sharpnel at [email protected] and Sharpnel will delete it.
Sharpnel may update this Privacy Policy from time to time. Sharpnel will post the updated version here and update the "Last updated" date. If a change materially affects how Sharpnel processes your personal data, Sharpnel will give registered users reasonable advance notice by email or in-product notice before it takes effect. Your continued use after the effective date constitutes acknowledgement of the updated Policy, to the extent permitted by applicable law; nothing here overrides your non-waivable data-protection rights.
For any question about this Policy or about your personal data, contact:
Sharpnel Trading Email: [email protected] Business address: Baron de Pelichystraat 26, 8870 Izegem, Belgium Website: https://www.sharpnel-trading.com