unCoded

Privacy Policy

Last Updated: March 19, 2026

At ArrowTrade AG (“we,” “us,” or “our”), privacy and security are fundamental to our architecture. As the provider of unCoded, a non-custodial software solution, we have designed our system to collect as little data as possible and to never have access to your trading funds or private keys.

This Privacy Policy explains how we collect, use, and protect your personal data when you use the unCoded website and our services.

1. Data Controller

The entity responsible for processing your personal data under the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP) is:

ArrowTrade AG
Nordstrasse 2
CH-3900 Brig-Glis
Switzerland
Email: info@arrowtrade.ch

1a. EU Representative (Art. 27 GDPR)

As ArrowTrade AG is established in Switzerland, we have appointed the following representative in the European Union in accordance with Art. 27 GDPR:

TAASC GmbH
Helgolandstr. 1
01097 Dresden
Germany
Email: tommy.tietze@taasc.de

2. Data We DO NOT Collect

To establish trust and security, we want to be clear about what we do not touch:

  • Exchange API Keys: Your Binance API keys are stored locally on your own server instance (e.g., your VPS). They are never transmitted to or stored on our servers.
  • Trading Funds: We do not have custody of or access to your cryptocurrency or exchange balances.

3. Data Collection and Processing

We only collect data necessary to provide our services, fulfill contractual obligations, or based on your explicit consent:

  • Registration & Login (Google OAuth): When you sign in via Google, we receive your email address, your name, and a unique Google ID. This is currently the only available login method.
  • Binance User ID (UID): We store your Binance UID to verify the connection to your account and to accurately calculate the profit-sharing fees based on performance.
  • Payment Data (Stripe): To top up your license balance, we use the payment provider Stripe. Transaction data is processed during this; we do not store full credit card details on our own servers.
  • Communication Data (Lead Magnet): If you request the “Smart Money Protocol 2026,” we collect your first name, last name, and email address. This data is transmitted to Brevo (Sendinblue, France/EU), our email service provider, for delivery of the PDF and subsequent lead nurturing communications.
  • Technical Data: Every time the website is accessed, standard server logs (IP address, browser type, timestamp) are recorded to ensure the security and stability of the platform.

4. Analysis and Marketing Tools (Cookie Consent)

We use analysis and marketing tools only after you have given your explicit consent via our cookie banner (Art. 6(1)(a) GDPR):

  • Google Analytics 4 (GA4): We use this service to analyze website usage and measure conversions, such as downloads of our protocol.
  • Meta Pixel (Instagram/Facebook): This tool allows us to measure the success of our advertisements and display relevant content to website visitors on social media platforms (retargeting).
  • YouTube: Embedded videos on our site may transmit data to Google as soon as you start the video.

5. Legal Basis for Processing

  • Performance of a Contract (Art. 6(1)(b) GDPR): For providing the software and billing the profit share.
  • Consent (Art. 6(1)(a) GDPR): For sending newsletters and using marketing cookies.
  • Legitimate Interest (Art. 6(1)(f) GDPR): For the security of our IT systems and the optimization of our web presence.

6. Third-Party Service Providers

We use specialized service providers who act as data processors and are bound by strict data protection agreements (Data Processing Agreements pursuant to Art. 28 GDPR):

  • Google Cloud: For authentication and hosting.
  • Brevo: For email delivery and CRM management.
  • Stripe: For secure payment processing.

7. Data Transfers to Third Countries

Some of the service providers we use are based outside the European Economic Area (EEA) and Switzerland. We ensure that your personal data is adequately protected through the following safeguards:

  • Google (USA): Authentication, Analytics, YouTube. Legal basis: EU-US Data Privacy Framework + Standard Contractual Clauses (SCCs).
  • Meta/Facebook (USA): Meta Pixel for ad measurement and retargeting. Legal basis: Standard Contractual Clauses (SCCs).
  • Stripe (USA): Payment processing. Legal basis: EU-US Data Privacy Framework.
  • Vercel (USA): Website hosting and deployment. Legal basis: EU-US Data Privacy Framework.
  • Brevo (France/EU): Email marketing and CRM. No third-country transfer.
  • Cloudflare (USA): Turnstile bot protection on forms. Legal basis: EU-US Data Privacy Framework.

For Swiss residents: Under Art. 16 of the Swiss Federal Act on Data Protection (FADP), we ensure adequate safeguards for all international data transfers through Standard Contractual Clauses and participation in recognized data protection frameworks.

8. Data Retention Periods

We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law:

  • Account data (Google Login): As long as your account is active. Deleted within 30 days after account deletion.
  • Binance UID: As long as your license is active.
  • Payment data (Stripe): 7 years (tax retention requirements).
  • Newsletter/Marketing (Brevo): Until you unsubscribe.
  • Server logs: 30 days.
  • Google Analytics: 14 months.
  • Meta Pixel: 90 days.
  • Cookies: As specified in your cookie banner settings.

9. Supervisory Authorities

If you believe that our processing of your personal data violates data protection law, you have the right to lodge a complaint with a supervisory authority:

10. Your Rights

You have the following rights at any time:

  • Access to the personal data we hold about you.
  • Correction of inaccurate data.
  • Deletion of your data, provided no legal retention periods apply.
  • Withdrawal of any consent given, with future effect.

Please direct your requests to info@arrowtrade.ch