Effective Date: May 14, 2026 | Version 1.1
TidalFi Labs Limited (“TidalFi”, “we”, “us”, or “our”) is dedicated to protecting the privacy of your personal data. We have created this Privacy Policy to explain what personal data we collect from users of our websites, including www.tidalfi.ai and all related websites, mobile apps, platforms, and web-based services (the “Sites”), and any other technologies, features, content, products, and services that we offer (collectively, our “Services”); how we use that information; and how we share it with others. We encourage you to read this Privacy Policy and reach out to us using the contact methods at the end of the Privacy Policy if you have any questions. This Privacy Policy incorporates the Terms of Use found on our Sites.
This Privacy Policy does not apply to third-party websites, products, or services, even if they may link to our website or if our site links to them. We recommend that you review the privacy practices of those third parties before connecting, accessing third-party websites and sharing any personal data.
If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in another language, you may access this Privacy Policy by emailing us at [email protected].
This Privacy Policy is provided in a layered format. You can jump to a specific section by clicking on the section below.
| No. | Term | Explanation |
|---|---|---|
| 1 | Collection of Personal Data | We collect various types of personal data when you interact with us through our Services and by other means. |
| 2 | Use of Personal Data | We collect and use personal data for various purposes in connection with your use of our Services. |
| 3 | Disclosure of Personal Data | We may disclose personal data to certain third parties, including our service providers and advertising partners. |
| 4 | Cookies and Other Tracking Technologies | We collect information about your use of our Services through cookies and other tracking technologies. |
| 5 | Legal Bases for Processing | We rely on one or more legal bases to process your personal data under applicable law. |
| 6 | Children’s Data | Our Services are not intended for use by children under the age of 18. |
| 7 | Data Security and Retention | We use reasonable and appropriate technical and organizational measures to protect personal data, and will retain personal data only for as long as is necessary for the purposes set out in this Privacy Policy. |
| 8 | Transfers of Personal Data | Your personal data may be transferred outside of your jurisdiction to Hong Kong. |
| 9 | Opting out of Electronic Communications | We may send you marketing emails, which you may opt out in various ways. |
| 10 | Notice to Individuals in the EEA, UK, and Switzerland | We provide additional disclosures and rights to individuals in the EEA, UK, and Switzerland. |
| 11 | Notice to Individuals in Canada | We provide additional disclosures and rights to individuals in Canada. |
| 12 | Notice to Individuals in Australia and New Zealand | We provide additional disclosures and rights to individuals in Australia and New Zealand. |
| 13 | Notice to Residents of the Philippines | We provide additional disclosures and rights to residents of the Philippines. |
| 14 | Notice to Residents of Brazil | We provide additional disclosures and rights to residents of Brazil. |
| 15 | Notice to Individuals in Hong Kong | We provide additional disclosures and rights to individuals in Hong Kong under the Personal Data (Privacy) Ordinance. |
| 16 | Biometric Information and Retention Policy | We provide additional disclosures about our collection and use of biometric information. |
| 17 | Updates to this Privacy Policy | Updates to this Privacy Policy become effective on the date they are posted. |
| 18 | Contact Us | You may contact us for comments or questions in various ways. |
For the purposes of this Privacy Policy, “personal data” means individually identifiable information about an individual consumer collected online by the operator and maintained by the operator in an accessible form. Personal data does not include “aggregate” or other non-personally identifiable information. Aggregate information is information that we collect about a group or category of products, service, or users that is not personally identifiable or from which individual identities are removed. a. Personal data you provide us We may ask you to provide us with certain information when you contact us, sign up for an account, sign up for our promotional emails, or otherwise interact with us, including contact information and other information about you. For example, we may collect information such as name, username and password, email address, postal address, date of birth, Social Security number, purchase history, cryptocurrency payment addresses, and social media handles. We may also collect trading information and activity data, including the trades you take on the platform, order history, lot size, short/long, date/time opened and closed, SL/TP levels, token type, account performance, and account identifiers linked to trading activity such as account ID, and evaluation ID. b. Personal data collected automatically Our Services may use cookies and other tracking technologies such as web beacons, embedded scripts, and tags, which collect information from you automatically as you use our Services, including: - Browser and device data. When you use our Services, we may automatically collect information such as IP address, geolocation data, device identifier, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the Services you are visiting. - Usage data. When you use our Services, we may automatically collect information such as browsing history, time spent on the Services, pages visited, links clicked, language preferences, patterns of use, and the pages that led or referred you to our Site. We also collect information about your online activities on websites and connected devices over time and across third-party websites, devices, apps, and other online features and services. Please review Section 4 below for more information about our use of these technologies. c. Personal data we collect from others We may also collect information from the following sources: - Our affiliates. We may collect personal data from our affiliates, including personal details (e.g., name, email, and postal address); account identifiers such as username and account ID; trading activity data (such as trades, order history, and account performance); and device and usage data (such as login timestamps and browser info). - Service providers. We may collect personal data via our service providers, including those providing hosting, analytics, customer and technical support, background check, identity verification, and other services. For example, we may collect personal data if you use a chatbot or live chat on our Services, which is provided by our third-party service provider, Intercom. For more information please review our Biometric Information and Retention Policy (Section 16). - Social media and other content platforms. We may also collect personal data through platforms such as Google, X, YouTube, TikTok, or Meta, if you apply to become an affiliate or if access our Services through a third-party connection or login. - Other third parties. We may also collect personal data from third-party data providers, business and marketing partners, ad network providers, and advertisers.
We may use the personal data we collect for the following purposes: - Provide, operate, and maintain the Services. - Improve, personalize, and expand the Services. - Evaluate your application to use the Services or to become an affiliate. - Verify your identity. - Providing customer service and support. - Develop new features and functionalities. - Communicate with you in accordance with your preferences to provide you with updates and other information relating to the Services, and for marketing and promotional purposes through email and any other channels you choose to communicate with us. - To contact you regarding changes to the Services and/or any of the Services’ policies. - To prevent unauthorized, improper, or illegal activities on the Services. - For internal business purposes. - Performing internal analytics. - For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Policy or for any other legal purpose not inconsistent with this Privacy Policy. - For targeted advertising, and to understand the usefulness to you of the advertisements or content that have been delivered to you. - For systems and data security. - Evaluating or conducting a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us about the users of our Services is among the assets transferred. - Complying with our legal obligations, responding to subpoenas, court orders, or legal process; and to establish or exercise our legal rights or defenses against legal claims.
We may disclose personal data to the following categories of third parties: - Our affiliates and subsidiaries. We may disclose personal data to our affiliates and/or subsidiaries to provide our Services and for internal business purposes. - Service providers. We may disclose personal data to our service providers to provide services on our behalf, such as order fulfillment, payment processing, analytics, advertising, hosting, marketing, customer and technical support, background checks, identity verification, and other services. For example, if you use a chatbot or live chat on our Services, the information provided may be recorded and stored by our third-party provider, Intercom, on our behalf. - Third-party platform advertising. We may share your information with third-party platform providers, including advertising, social media, and analytics companies, who assist us in serving advertising regarding the Services to others who may be interested. We also partner with third parties who use cookies to serve interest-based advertising and content on their respective third-party platforms that may be based on your preferences, location and/or interests. - Other Third Parties. We may share your information with other third parties including joint marketing campaign partners and data co-ops and data brokers. - Compliance and harm prevention. Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities. - Business transfers and transactions. If we are involved in a merger, acquisition, asset sale, or other corporate combination, your personal data may be transferred to the acquiring or surviving entity.
We use cookies and similar tracking technologies to track the activity on the Services and we hold certain information. Cookies are files with a small amount of data which may include unique identifier, and are sent to your browser from a website and stored on your device. We also use other tracking technologies, such as beacons, tags and scripts to collect and track information and to improve and analyze our Services. a. Cookies Cookies on the Services generally fall into the following categories: - Strictly necessary cookies: These are required for the operation of the Services. They include, for example, cookies that enable you to log into secure areas. These cookies are session cookies which are erased when you close your browser. - Performance cookies: These allow us to recognize and count the number of users of the Services and see how such users navigate through the Services. This helps improve how the Services work, for example, by ensuring that users can find what they are looking for easily. These cookies are session cookies which are erased when you close your browser. - Functional cookies: These improve the functional performance of the Services and make it easier for you to use. For example, cookies are used to remember that you have previously visited the Services and asked to remain logged into it. These cookies are session cookies which are erased when you close your browser. - Advertising/Targeting cookies. We utilize cookies or similar tracking technologies to collect information about your interactions with our Services. We may also use cookies to deliver content, including ads, relevant to your interests on our Services and third-party sites based on how you interact with advertisements or content. You can modify your browser settings to decline or accept certain cookies. However, if you decline certain cookies, some of our Services’ features may not function as designed. Where supported, your cookie preferences may be stored in a shared-domain TidalFi consent cookie so the same choice can apply across TidalFi web and Trading Desk subdomains. b. Analytics Information We may use Google Analytics or other service providers for analytics services across TidalFi web and Trading Desk. These analytics services may use cookies to help us analyze how users use the Services. Trading Desk analytics events are sanitized before being sent and are not intended to include account tokens, wallet addresses, email addresses, or full URL query strings. Information generated by these services (e.g., your IP address and other usage information) may be transmitted to and stored by Google Analytics and other service providers on servers in the U.S. (or elsewhere) and these service providers may use this information for purposes such as evaluating your use of the Services, compiling statistic reports on the Services’ activity, and providing other services relating to Services activity and other Internet usage. You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout or downloading the Google Analytics Opt-out Browser Add-on. c. Third-Party Ad Networks Certain companies may participate in the Digital Advertising Alliance (“DAA”) AdChoices Program and may display an Advertising Option Icon for Interest-based Ads that links to an opt-out tool which allows you to exercise certain choices regarding targeting. You can learn more about the DAA AdChoices Program at http://www.youradchoices.com/ and its opt-out program for mobile apps at http://www.aboutads.info/appchoices. In addition, certain advertising networks and exchanges may participate in the Network Advertising Initiative (“NAI”). NAI has developed a tool that allows consumers to opt out of certain Interest-based Ads delivered by NAI members’ ad networks. To learn more about opting out of such targeted advertising or to use the NAI tool, see http://www.networkadvertising.org/choices/. Please be aware that, even if you are able to opt out of certain kinds of Interest-based Ads, you will continue to receive non-targeted ads. Opting out of one or more NAI or DAA members only means that those selected members should no longer under the DAA / NAI rules deliver certain targeted ads to you. This will affect this and other services, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). If your browsers are configured to reject cookies when you visit this opt-out page, or you subsequently erase your cookies, use a different device or web browser(s), or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective. Mobile device opt-outs will not affect browser-based Interest-based Ads even on the same device, and you must opt out separately for each device. We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
We rely on one or more legal bases to process your personal data under applicable law. We may process personal data (i) as necessary to perform our contractual obligations to you, including, but not limited to, those obligations in our Terms of Use; (ii) as necessary to pursue our legitimate business interests as further detailed below; (iii) as necessary for our compliance with our legal obligations such as a request or order from courts, law enforcement or other government authorities; and/or (iv) with your consent. We may collect, process, and maintain personal data to pursue the legitimate business interests outlined below. To determine these legitimate interests, we balance our legitimate interests against the legitimate interests and rights of you and others and only process personal data in accordance with those interests where they are not overridden by your data-protection interests or fundamental rights and freedoms. Our legitimate interests generally include: - Providing, improving, and developing our Services, including to deliver your requested services, send you messages and provide user support, customize the Services to better fit your needs as a user, develop new products and services, and perform internal analytics and research and development. This also includes sharing personal data with our trusted service providers that provide services on our behalf. - Protecting you and others and to create and maintain a trusted environment, such as to comply with our legal obligations, to ensure compliance our agreements with you and other third parties, to ensure safe, secure, and reliable Services, and to detect and prevent wrongdoing and crime, assure compliance with our policies, and protect and defend our rights, interests, and property. In connection with the activities above, we may conduct internal research and profiling based on your interactions on various Services, content you submit to the Services, and information obtained from third parties. - Providing, personalizing, measuring, and improving our marketing, including to send you promotional messages and other information that may be of interest to you with your consent. Where required by applicable law, we will obtain your prior consent before sending direct marketing communications. Where we rely on consent as the legal basis for marketing, you may withdraw your consent at any time as described in Section 9.
Our Services are not intended for children. We do not knowingly collect any personal data from children under the age of 18. If you think that your child provided this kind of information on the Services, we strongly encourage you to contact us immediately, and we will do our best efforts to promptly remove such information from our records.
The security of your personal data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We maintain appropriate technical, administrative, and physical safeguards to help protect the security of your personal data against unauthorized access, destruction, loss, alteration, disclosure or misuse, but we cannot guarantee its absolute security. We encourage you to secure your account with a strong password and to keep your password private. We will retain your personal data for as long as necessary for the purposes outlined in this Privacy Policy. This information will be used and retained to the extent necessary to comply with any legal obligations or policies, to resolve disputes, and/or enforce legal agreements. Personal data may also be retained for internal analytic purposes. This information is retained for a shorter period of time, unless it is used to enhance security features or improve the functionality of our Services. Our determination of precise retention periods will be based on (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation to which we are subject; and (iii) whether retention is advisable in light of our legal position, including regard to applicable statutes of limitations, litigation or regulatory investigations. For information about our retention of biometric information for identity verification purposes, please review our Biometric Information and Retention Policy (Section 16) below.
Your personal data may be transferred to – and maintained on – computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Your personal data may be transferred to and processed in Hong Kong, as well as in other countries where our service providers and affiliates are located. Where we transfer personal data from the European Economic Area, United Kingdom, or Switzerland to countries not recognised as providing an adequate level of protection, we implement appropriate safeguards, including standard contractual clauses approved by the relevant supervisory authority, or other mechanisms as permitted under applicable law. You may request a copy of the applicable safeguards by contacting us at [email protected].
We may use your personal data to send you email updates regarding our Services, other announcements, and inquiries. If you no longer wish to receive promotional email communications from us, you may opt out via the unsubscribe link included in such emails or email us at [email protected]. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving promotional emails from us, we may still send you important administrative messages that are required to provide you with the Services or for other reasons disclosed in this Policy.
This Notice applies to any individuals located within the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland about whom we may have collected personal data from any source, including through your use of the Services. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable privacy laws, including the General Data Protection Regulation (“GDPR”), the UK GDPR, Switzerland’s Federal Act on Data Protection, and related laws, regulations, and guidance from the European Union and/or its member states. In certain circumstances, individuals located within the EEA, UK, and Switzerland are entitled to the following privacy rights: - Right to Access. - Right to Erasure. - Right to Rectification. - Right to Object to Processing. - Right to Restrict Processing. - Right to Data Portability. - Right to Withdraw Consent. - Right to Lodge Complaint. To exercise your privacy rights described above, please email us at [email protected]. Any request you submit to us is subject to an identification and residency verification process as permitted under applicable law. Additionally, all requests are subject to certain exceptions under applicable law, which may vary.
This Notice applies to individuals in Canada about whom we may have collected personal data. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and/or provincial privacy laws. For the purposes of this Notice, “personal data” means information about an identifiable individual. Personal data does not include any business contact information that is solely used to communicate with you in relation to your employment, business or profession, such as your name, position name or title, work address, work telephone number, or work email address. Personal data also does not include information that has been de-identified, anonymized, or aggregated in such a way that there is no serious possibility it can be used to identify an individual. You may have rights of access, correction, and withdrawal of consent. To exercise your privacy rights, please email us at [email protected]. If you are unsatisfied with our response, you may also contact the Office of the Privacy Commissioner at (800) 282-1376.
This Notice applies to any individuals located within Australia and New Zealand about whom we may have collected personal data. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Australia Privacy Act 1988 and the New Zealand Privacy Act 2020. In certain circumstances, individuals located within Australia and New Zealand are entitled to privacy rights, including the right to access and the right to correct personal data, subject to certain exceptions. To exercise your privacy rights, please email us at [email protected].
This Notice applies to any residents and citizens of the Philippines about whom we may have collected personal data. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Philippines Data Privacy Act 2012, Republic Act No. 10173. In certain circumstances, individuals in the Philippines are entitled to privacy rights including access, correction, suspension / withdrawal / deletion, objection, withdrawal of consent, and the right to file a complaint. To exercise your privacy rights, please email us at [email protected].
This Notice applies to any Brazilian residents about whom we may have collected personal data. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with applicable laws, including the Brazilian General Data Protection Law (“LGPD”). In certain circumstances, individuals located in Brazil are entitled to privacy rights including confirmation and access, rectification, erasure, anonymization / blocking / deletion, objection, data portability, withdrawal of consent, and the right to petition with the Brazilian Data Protection Authority. To exercise your privacy rights, please email us at [email protected].
This Notice applies to individuals located in Hong Kong about whom we may have collected personal data. We provide this Notice in addition to the disclosures throughout the rest of this Privacy Policy to comply with Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”) and the six Data Protection Principles contained therein. Collection of Personal Data (DPP1) We collect personal data by lawful and fair means, and only to the extent necessary for the purposes set out in this Privacy Policy. At or before the time of collection, we will take all practicable steps to ensure you are informed of whether your provision of data is obligatory or voluntary, the purposes for which your data will be used, and the classes of persons to whom your data may be transferred. Use of Personal Data (DPP3) Unless we obtain your express consent, we will only use your personal data for the purposes for which it was collected, or for directly related purposes. Direct Marketing We may use your name, contact details, and transaction-related information to send you direct marketing communications about our financial services and related products. We will only do so if we have obtained your consent. You have the right at any time to request that we cease using your personal data for direct marketing purposes, free of charge, by contacting us at [email protected]. Data Access and Correction Rights (DPP6) Under the PDPO, you have the right to request access and correction. We may charge a reasonable fee for processing a data access request. To exercise these rights, please submit a written request to [email protected]. We will respond within 40 days of receipt as required by the PDPO. Complaints Office of the Privacy Commissioner for Personal Data, Hong Kong Website: www.pcpd.org.hk Telephone: +852 2827 2827
This section applies to any individuals about whom we have collected biometric data, including through your use of our Sites and Services. For purposes of this section, “biometric information” means personal data stored by us and/or our vendors about an individual’s physical characteristics that can be used to identify that person. In all cases, such collection, retention, and use of your biometric information will only occur after collecting your consent. We will not sell, lease, trade, or otherwise profit from your biometric information. We will retain such biometric information only until, and will permanently destroy such biometric information when, the first of the following occurs: - The initial purpose for collecting or obtaining such biometric information has been satisfied. - Within one (1) year of your last interaction with us. We will store, transmit, and protect from disclosure any biometric information collected using reasonable care and in a manner that is the same as or more protective than the manner in which we store, transmit, and protect from disclosure other confidential and sensitive information.
We may change this Privacy Policy from time to time to reflect changes in our data practices or relevant laws. We will let you know via email and/or a prominent notice on our Services, prior to the change becoming effective, and update the effective date at the top of this Privacy Policy. We recommend periodically reviewing this Privacy Policy for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
If you have questions or concerns regarding this Privacy Policy, please email us at [email protected]. Individuals in Europe, New Zealand, and Brazil can also contact our Data Protection Officer by email at [email protected].