Privacy Policy

1 · Who we are

The data controller for the Service is ERAQUA LTD, a Cyprus private limited company registered at Archiepiskopou Makariou III 228, Agios Pavlos Building, Block A, 1st Floor, Flat/Office 113, 3030 Limassol, Cyprus, with Cyprus registration number HE 475206. We do not have a designated Data Protection Officer; privacy questions and rights requests are handled directly by the founder team at support@frontberg.com.

2 · What data we collect

We collect only what we need to run the Service:

• Account data — email address, display name, hashed password (or OAuth provider identifier), tier and subscription status.
• Network & device data — IP address, user-agent, viewport, locale, and rough geo-region derived from IP. Used for security, abuse detection, and legal compliance.
• Usage analytics — pages visited, desks opened, signals viewed, alerts created, search terms inside the terminal. Tied to a server-side session id, not a third-party tracker. Retained for 90 days and then aggregated.
• Trading-intelligence inputs — watchlists, saved signals, scorecards, Floor messages you post, notes, and reactions. Stored against your account so the Service personalises AlphaFlow output to you.
• Optional Telegram credentials — if you enable the Telegram MTProto fast-news ingestion feature, you provide your own Telegram API id and api_hash. These are encrypted at rest and used only to fetch public channel content on your behalf. We never post on your behalf and you can revoke at any time.
• Billing data — billing email, country, subscription history, invoice records. Card details are handled by Stripe (see §6); we never store full card numbers.
• Support correspondence — any email you send us and our reply, retained for as long as needed to resolve the matter and meet legal obligations.

3 · Why we process it

We rely on the following legal bases under GDPR Article 6:

• Performance of contract — to operate the Service, authenticate sessions, deliver subscribed signals, personalise AlphaFlow output, and process payments.
• Legitimate interest — to keep the Service safe (fraud prevention, rate limiting, abuse detection), produce aggregated usage analytics, and improve product quality.
• Legal obligation — to retain accounting records as required by Cyprus law and respond to lawful requests from authorities.
• Consent — for any communications outside the contractual scope (e.g. product newsletters you opt into). You can withdraw consent at any time.

4 · Data sources we ingest

Frontberg blends licensed and public-domain sources to produce intelligence. None of these are personal data about you; they relate to markets, instruments, and public events:

• FinancialModelingPrep (FMP) — market quotes, fundamentals, and economic data under our paid commercial licence.
• RSS feeds — public news feeds from publishers; headlines and links displayed with full attribution to the original source under standard RSS terms.
• GDELT — public, open-license global event data.
• Telegram MTProto — public channels you choose to monitor, accessed via credentials you supply.

We do not scrape paywalled content. We do not bypass authentication walls. Any third-party content shown in the Service either (a) carries an explicit licence permitting display, (b) is in the public domain, or (c) is shown as a headline-with-source-link consistent with publisher RSS terms.

5 · Who we share it with (subprocessors)

We share data only with vetted subprocessors who help us deliver the Service. Each is bound by a written Data Processing Agreement.

• Vercel (USA) — application hosting and global edge delivery.
• Stripe (USA / Ireland) — payment processing. PCI-DSS Level 1 certified.
• Database & queue providers — managed Postgres and Redis hosted in the EU region.
• Anthropic / OpenAI — large language model inference for AlphaFlow narrative output. Prompts are processed under their respective enterprise data agreements; we do not send card data, passwords, or full personal profiles to these models.
• Transactional email provider — sign-in links, billing receipts, security alerts.

We do not sell your personal data. We do not share it with third parties for their independent marketing.

6 · Payments & Stripe

Subscriptions are billed by Stripe Payments Europe Limited and its US/Irish affiliates, in the currency you select at checkout. Stripe is PCI-DSS Level 1 certified. Card numbers, CVCs, and full card data are entered directly into Stripe’s hosted fields and never touch our servers. We receive only a tokenised reference, the card brand, and last four digits for invoice display.

7 · Cookies & tracking

Frontberg uses functional cookies only. We do not run third-party advertising or behavioural-tracking pixels. The cookies we set are:

• frontberg_session — keeps you signed in.
• frontberg_csrf — protects against cross-site request forgery.
• frontberg_prefs — stores your terminal layout and theme.

All three are first-party, strictly necessary, and exempt from cookie-consent under Article 4(5) of the EU ePrivacy Directive (2002/58/EC) as implemented in Cyprus law.

8 · Retention

• Account data — until you delete your account, plus 30 days for backup expiry.
• Saved signals, watchlists, Floor messages, scorecards — retained indefinitely while your account is active so the Service can grade calibration over time. Deleted on account deletion (with the exceptions below).
• Usage analytics — 90 days at the granular level, then aggregated and anonymised.
• Billing records — 6 years as required by Cyprus tax and corporate-records legislation.
• Support correspondence — 24 months after the matter closes.

9 · Your GDPR rights

You have the right to:

• access the personal data we hold about you;
• correct or update inaccurate data;
• erase your data (“right to be forgotten”), subject to retention rules above;
• receive your data in a portable format (JSON export from the Service);
• restrict or object to specific processing activities based on legitimate interest;
• withdraw consent where consent is the legal basis;
• lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (dataprotection.gov.cy) or your local supervisory authority within the EU/EEA.

To exercise any of these rights, email support@frontberg.com. We respond within 30 days.

10 · Security

We encrypt data in transit (TLS 1.2+) and at rest. Optional Telegram credentials are encrypted with a per-user key. Production access is limited to named engineers, audit-logged, and protected by hardware MFA. We notify affected users and Datatilsynet within 72 hours of a personal data breach as required by GDPR Article 33.

11 · International transfers

Some subprocessors (notably Stripe and Vercel) process data in the United States. Such transfers are covered by the EU–US Data Privacy Framework where the recipient is certified, or by Standard Contractual Clauses (SCCs) and supplementary technical measures where it is not. You can request a copy of the SCCs by emailing us.

12 · Children

Frontberg is a paid trading-intelligence product for adults. The Service is not directed at, nor available to, anyone under 18. We do not knowingly collect data from minors. If you believe a minor has registered, email us and we will delete the account.

13 · Changes to this Policy

We may update this Policy. Material changes will be announced at least 30 days in advance via an in-app banner and an email to your registered address. Continued use after the effective date constitutes acceptance. The current and previous versions remain accessible at this URL.

14 · Contact

ERAQUA LTD · Archiepiskopou Makariou III 228, Agios Pavlos Building, Block A, 1st Floor, Flat/Office 113, 3030 Limassol, Cyprus · Cyprus Reg.no HE 475206 · support@frontberg.com