Privacy Policy

1. Data Controller

The entity responsible for data processing on this website and the associated app platform is:

Email: info@united-daytraders.com

For further details, please refer to our Imprint.

2. Overview of Data Processing

This privacy policy applies to the website tra-mada.de as well as our app platform through which we provide our services.

We process personal data only to the extent necessary for the provision of our services or where you have given your consent. Data is shared with third parties only in accordance with this privacy policy.

3. Legal Basis

We process personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL). The lawful bases for our processing activities are:

• Consent: Newsletter, email marketing, push notifications
• Performance of Contract: User accounts, payment processing, course access, appointment booking
• Legal Obligation: Retention of payment receipts and audit logs
• Secure and Reliable Operation of Services: Server log files, web and app analytics, security measures, fraud prevention

4. Your Rights

You have the following rights regarding your personal data:

• Access to your stored data
• Rectification of inaccurate data
• Erasure of your data
• Restriction of processing
• Objection to processing
• Data portability (where technically feasible)
• Withdrawal of consent at any time, with effect for the future
• Lodging a complaint with the UAE Data Office

No automated decision-making or profiling takes place.

To exercise your rights, please contact: info@united-daytraders.com

5. Website — Data Processing

5.1 Server Log Files

Our hosting provider (Hetzner Online GmbH, Germany) automatically collects and stores information in server log files that your browser transmits. The website is additionally served via Azure Front Door (Microsoft).

The following data is collected:

• IP address
• Browser type and version
• Operating system
• Referrer URL
• Time of the request

This data is processed as it is necessary for the secure operation of our website. Retention period: 30 days.

5.2 PostHog (Web Analytics)

We use PostHog (PostHog Inc., San Francisco, USA) to analyze website usage. Data processing is performed via EU servers (eu.posthog.com) through a relay proxy.

PostHog is operated in cookieless mode. No cookies are set and no persistent identification across multiple sessions is performed. Anonymized page views and usage events are collected.

This data is processed as it is necessary for the secure and reliable operation of our website. Further information: posthog.com/privacy

5.3 Calendly (Appointment Booking)

For booking consultation sessions, we use Calendly (Calendly LLC, Atlanta, USA). When booking, your name, email address, and chosen appointment are transmitted to Calendly.

When loading the booking form, Calendly sets functional cookies that are technically required for the booking process.

Legal basis: performance of contract (pre-contractual measures). Further information: calendly.com/privacy

5.4 WhatsApp Contact

A button on the website allows you to contact us via WhatsApp. Your message and phone number are processed by WhatsApp Ireland Limited (Meta).

Legal basis: performance of contract (pre-contractual measures). Further information: WhatsApp Privacy Policy

5.5 Email Contact

If you contact us by email, your details are stored for the purpose of processing the inquiry. This data is deleted once the purpose has been fulfilled, unless statutory retention periods apply.

Legal basis: performance of contract (pre-contractual measures).

5.6 Fonts

The fonts used on this website (Google Fonts) are served locally from our server. No connection to Google servers is established.

6. App Platform — Data Processing

The following sections concern data processing in our app platform through which we provide our services.

6.1 Registration and User Account

During registration, we collect: email address, name, and password (stored in encrypted form). Optionally, you may provide a profile picture, your country, and language preference. For login, you may use email/password, Google sign-in, passkeys (WebAuthn), and two-factor authentication (TOTP or email OTP).

Session data (IP address, browser identifier) is stored for 30 days.

Legal basis: performance of contract.

6.2 Google Sign-In

If you sign in via Google, we receive your name, email address, and profile picture from Google Ireland Limited.

Legal basis: your consent (through use of Google sign-in). Further information: Google Privacy Policy

6.3 Payment Processing

Payments are processed through the following providers:

• Stripe (Stripe Inc., USA): Credit card, SEPA, subscription management
• PayPal (PayPal Europe, Luxembourg): PayPal payments, subscriptions

These providers process payment data, billing address, and transaction history on our behalf.

Legal basis: performance of contract. Retention: 10 years pursuant to applicable commercial and tax law requirements.

6.4 Courses and Learning Progress

We store your course progress, quiz results, task submissions, and uploaded images for the provision of our services.

Legal basis: performance of contract.

6.5 Video Hosting (Mux)

For the delivery of video content, we use Mux (Mux Inc., San Francisco, USA). Playback data and usage statistics are collected.

Legal basis: performance of contract. Further information: mux.com/privacy

6.6 Trading Modules (ATAS)

For the provision of trading software modules, your email address is transmitted to ATAS (atas.net) for module access activation.

Legal basis: performance of contract.

6.7 Messages and Community

Within the platform, you can create posts, write comments, leave reactions, and send direct messages. This content is stored for as long as your account exists.

Legal basis: performance of contract.

6.8 Push Notifications

With your explicit consent, we send browser push notifications. Technical subscription data (endpoint URL, encryption keys) is stored.

Legal basis: your consent. You can disable notifications at any time in your browser settings.

6.9 Email Communications and Newsletter

For sending emails, we use Azure Communication Services (Microsoft). We send transactional emails (password reset, verification, order confirmations) as well as newsletter campaigns.

When subscribing to the newsletter, we store your email address, the time of consent, and the associated IP address. To improve our communications, we track whether and when emails are opened and links are clicked.

Legal basis: your consent for newsletters; performance of contract for transactional emails. You may unsubscribe at any time via the unsubscribe link in any email or in your account settings.

6.10 File Storage

Files you upload (images, attachments, voice messages) are stored on Azure Blob Storage (Microsoft).

Legal basis: performance of contract.

6.11 Video Conferences (Zoom)

For live webinars and coaching sessions, we use Zoom (Zoom Video Communications Inc., USA). Participation links are provided within the platform. When participating, Zoom processes your IP address, device information, and, where applicable, audio/video data.

Legal basis: performance of contract. Further information: Zoom Privacy Policy

6.12 App Analytics

In the app, we use PostHog via EU servers. After login, usage events are associated with your account to improve the platform.

This data is processed as it is necessary for the secure and reliable operation of our platform.

7. Cookies

We do not set any cookies on the website ourselves. PostHog is operated in cookieless mode. When using the Calendly booking form, Calendly sets functional cookies that are technically required for the booking process.

The app platform uses only technically necessary session cookies for authentication. These cookies are required for the functionality of the app and do not require separate consent.

8. International Data Transfers

Our company is headquartered in the United Arab Emirates (Dubai). Personal data is primarily processed in the UAE. Some of our service providers are based in other countries, including the USA and the European Union.

Where personal data is transferred to countries outside the UAE, we ensure that appropriate safeguards are in place, including contractual obligations on our service providers to protect your data in accordance with applicable data protection standards.

US-Based Service Providers

• Stripe — Payment processing
• Calendly — Appointment booking
• Zoom — Video conferences
• Mux — Video hosting
• Google — Sign-in (OAuth)
• Meta/WhatsApp — Contact

EU-Based Service Providers

• Hetzner — Web hosting (Germany)
• Microsoft Azure — CDN, file storage, email delivery (EU)
• PostHog — Web analytics (EU servers)
• PayPal — Payment processing (Luxembourg)

Other Service Providers

• ATAS (atas.net) — Trading software modules

If you access our services from outside the UAE, you are responsible for ensuring that your use of our services complies with the data protection laws applicable in your jurisdiction.

9. Data Deletion and Retention

You may request deletion of your account in the app settings. Upon confirmation by email, your personal data will be anonymized: email address masked, name set to "Deleted User", profile picture removed, sessions and linked sign-in services deleted.

Retention periods:

• Session data: 30 days
• Server logs: 30 days
• Payment receipts: 10 years (applicable commercial and tax law requirements)
• Newsletter data: until unsubscription
• Account data: until account deletion

Audit logs and anonymized course data are retained for legal reasons even after account deletion.

10. Data Security

All data transfers are encrypted via TLS/SSL. Passwords are hashed using bcrypt. Additionally, we offer two-factor authentication (TOTP and email OTP). Access to data is restricted through role-based access controls.

11. Changes to This Privacy Policy

We reserve the right to update this privacy policy as needed, for example in the event of changes to our services or the legal framework. The current version is always available on this page.

As of: February 2026