Privacy policy
Written in plain English and built to match how the site actually works. No data sales, no ad tracking, and nothing non-essential without your consent.
Key points about your privacy
- We never sell or rent your personal data, and we don't share it for cross-context behavioral advertising.
- No non-essential cookies or trackers load until you opt in via the consent banner — and our analytics set no cookies at all.
- Outbound click logs are privacy-minimized and designed not to directly identify you — no name, email or IP address is stored, and we honor Do Not Track and Global Privacy Control.
- The only personal data we routinely hold is an email address you chose to give us (newsletter, waitlist, or support).
- You can access, correct, export or delete your data any time by emailing hello@wethetraders.com.
Showing details for United States (guessed from your timezone — pick a region to change it). Printing includes all regions.
The life of your data
Five steps, from your first visit to full deletion. Select a step for details.
1. You visit
The site works fully before you make any choice. No analytics, no cookies, nothing non-essential loads — the consent banner simply waits for your answer.
1. You visit — Pages load with zero trackers
The site works fully before you make any choice. No analytics, no cookies, nothing non-essential loads — the consent banner simply waits for your answer.
2. Data is collected — Only what you allow
If you accept, cookieless Plausible analytics start (aggregate only). If you click out to a platform, a privacy-minimized click event is logged — unless your browser sends Do Not Track or Global Privacy Control. If you join the newsletter, we store the email you typed.
3. Data is stored — Minimal, encrypted, time-limited
Emails and click logs live in our database with access limited to the site's operators. Your preferences (consent, theme, region) stay in your own browser and never reach us. Retention windows are listed in the Data retention section.
4. Data is used — Improve the site, send what you asked for
Aggregate statistics guide which comparisons we build next. Your email is used only for the updates you signed up for. Nothing is sold, rented, or shared for advertising.
5. You stay in control — Withdraw, export or delete any time
Withdraw consent in the Cookies section, unsubscribe with one click, or email us to access, export, correct or erase your data. The full process is described in Your privacy rights.
1. What information we collect
No accounts, no profiles
This site has no user accounts or logins, so we never hold passwords, payment details or trading data about you.Information you provide directly
- Newsletter / waitlist: the email address you enter, plus where on the site you signed up, so we can send what you asked for.
- Contact by email: if you email us (support, corrections, privacy requests) we receive your email address, name if you include it, and the contents of your message.
Information collected automatically
- Analytics (only after you consent): we use Plausible, a privacy-first tool that records page URLs, referrer, browser and device type, and country. It sets no cookies, keeps no persistent identifier, and cannot follow you across other sites. Your IP address is used transiently to derive the country and is not stored by us.
- Outbound click logs: these are designed not to directly identify you. We do not store your name, email address or IP address in click logs. We may record the platform clicked, link type, timestamp, and limited technical information such as a one-way hash of the browser user-agent, for abuse prevention, site measurement and referral attribution. We skip logging entirely if your browser sends the Do Not Track or Global Privacy Control signal.
- Preferences on your device: your cookie-consent choice, dark/light theme, policy-region preference and crypto-disclosure acknowledgement are kept in your browser's local storage. They never leave your device.
- Server logs: our hosting provider, Vercel, keeps standard request logs (including IP addresses) for security and abuse prevention. These are short-lived under Vercel's standard log retention.
Information from third parties
We do not buy data, use data brokers, or collect data about you from social media. If you sign up with a trading platform after clicking one of our links, the partner may confirm to us that a referral converted so we can be paid — that confirmation is tied to the click, not to your identity on our site.
2. Legal basis for processing
US privacy laws (CCPA/CPRA and similar state laws) don't require a named "legal basis" for each use of data, but we apply the same discipline everywhere: every item below is collected for a stated reason, and nothing else.
Under the GDPR and UK GDPR we must have a lawful basis for every use of personal data. These are the ones we rely on:
| Lawful basis | What it means | Where we rely on it |
|---|---|---|
| Consent | You actively opted in, and can withdraw at any time | Analytics; newsletter and waitlist emails |
| Legitimate interests | A use we need to run the site, balanced against your rights | PII-free click logging; site security and abuse prevention; replying when you email us |
| Legal obligation | The law requires us to keep or disclose something | Business and tax records; responding to lawful requests |
| Contract | Processing needed to deliver a service you asked for | Not used today — would apply if we launch user accounts (e.g. the trading journal) |
We do not rely on vital interests or public task. Where we rely on legitimate interests we have run a balancing test, and you can object at any time (see "Your privacy rights" below).
3. How we use your information
- Running the site — serving pages, keeping the comparison data accurate, fixing bugs.
- Improving the experience — consent-gated, aggregate analytics tell us which comparisons help and which pages confuse.
- Security and fraud prevention — server logs and rate limiting protect the site from abuse.
- Newsletter (opt-in only) — occasional updates on fee changes and new comparisons; every email has an unsubscribe link.
- Support and corrections — answering your emails and fixing data you report as wrong.
- Legal compliance — keeping the records the law requires and responding to valid legal requests.
What we don't do
No advertising profiles, no automated decision-making about you, no cross-site tracking, and no selling of personal data — full stop.| Data | Purpose | Legal basis (GDPR/UK) | Retention |
|---|---|---|---|
| Newsletter / waitlist email | Send the updates you asked for | Consent | Until you unsubscribe or ask us to delete it |
| Analytics events | Understand aggregate usage, improve the site | Consent | Aggregated; no personal identifiers retained |
| Outbound click logs (privacy-minimized) | See which comparisons help; attribute referrals | Legitimate interests | 12 months, then aggregated or deleted |
| Email correspondence | Support, corrections, privacy requests | Legitimate interests / legal obligation | Up to 24 months after the thread is resolved |
| Hosting server logs (Vercel) | Security and abuse prevention | Legitimate interests | Short-lived under Vercel's standard log retention |
4. Data retention
We keep personal data only as long as it serves the purpose it was collected for, then delete or irreversibly aggregate it.
| Data type | How long we keep it | Why | How to delete it sooner |
|---|---|---|---|
| Newsletter / waitlist email | Until you unsubscribe or request deletion | You asked us to keep sending updates | Click unsubscribe in any email, or email hello@wethetraders.com |
| Analytics data | Aggregate statistics only | Trends stay useful; individuals aren't identifiable | Withdraw consent — nothing further is recorded |
| Outbound click logs | 12 months | Year-over-year comparison of what helps readers | Privacy-minimized and not intended to directly identify you |
| Email correspondence | Up to 24 months after resolution | Context if you contact us again; legal record-keeping | Email hello@wethetraders.com and ask us to erase the thread |
| Preferences (consent, theme, region) | On your device until you clear browser data | Stored locally so we don't have to hold it | Clear site data in your browser settings |
5. Your privacy rights
You don't need an account or a form to exercise any right on this page — email hello@wethetraders.com with the subject "Privacy request", tell us which right you're exercising and which region you're in, and include the email address you used on the site (if any) so we can find your data. Exercising your rights is free, and we never discriminate against you for doing so.
United States — CCPA/CPRA and state privacy laws
- Right to know / access — ask what personal information we've collected about you and receive a copy.
- Right to delete — ask us to erase the personal information we hold about you.
- Right to correct — ask us to fix inaccurate personal information (added by the CPRA).
- Right to opt out of sale or sharing — we don't sell personal information or share it for cross-context behavioral advertising, so there's nothing to opt out of. We also honor the Global Privacy Control signal.
- Right to limit sensitive personal information — we don't collect sensitive personal information as the CPRA defines it.
- Right to non-discrimination — exercising your rights never changes how the site treats you.
We respond within 45 days (extendable once by another 45 days for complex requests — we'll tell you if that happens). You may use an authorized agent; we'll verify the request with you directly. Residents of Virginia, Colorado, Connecticut, Utah and other states with privacy laws can use the same email — we apply the strongest applicable standard to everyone.
United Kingdom — UK GDPR
- Access (Article 15) — get a copy of your personal data and how we use it.
- Rectification (Article 16) — have inaccurate data corrected.
- Erasure (Article 17) — have your data deleted ("right to be forgotten").
- Restriction (Article 18) — pause our use of your data while a dispute is resolved.
- Portability (Article 20) — receive your data in a machine-readable format to take elsewhere.
- Objection (Article 21) — object to processing based on legitimate interests; we stop unless we can show compelling grounds.
- Automated decisions (Article 22) — we make no automated decisions with legal or similar effects, so this right is not engaged.
We respond within one month of receiving your request (extendable by up to two further months for complex requests — we'll tell you within the first month). We respond even when we decline, and explain why. If you're unhappy, you can complain to the Information Commissioner's Office.
European Union — GDPR
- Access (Article 15) — get a copy of your personal data and how we use it.
- Rectification (Article 16) — have inaccurate data corrected.
- Erasure (Article 17) — have your data deleted ("right to be forgotten").
- Restriction (Article 18) — pause our use of your data while a dispute is resolved.
- Portability (Article 20) — receive your data in a machine-readable format to take elsewhere.
- Objection (Article 21) — object to processing based on legitimate interests; we stop unless we can show compelling grounds.
- Automated decisions (Article 22) — we make no automated decisions with legal or similar effects, so this right is not engaged.
We respond within one month (extendable by up to two further months for complex requests — we'll tell you within the first month), and we respond even when we decline. Some member states add local variations, e.g. the age of digital consent differs by country. You always have the right to lodge a complaint with your national data protection authority (Article 77) — find yours in the EDPB members list.
7. Third-party data processors
A small number of infrastructure providers process data on our behalf. Each one is bound by a data processing agreement (DPA) requiring them to protect your data and use it only on our instructions.
| Provider | What they do | Where data goes | Safeguards |
|---|---|---|---|
| Vercel | Serves the site; keeps standard server logs | USA (global edge network) | DPA incorporating Standard Contractual Clauses |
| Supabase (Postgres database) | Stores newsletter emails and PII-free click logs | USA (AWS us-west-2, Oregon) | DPA, encryption at rest |
| Plausible Analytics | Consent-gated, cookieless aggregate analytics | European Union | EU-hosted, GDPR-native, DPA available |
We don't currently use an email-delivery provider — newsletter addresses are stored, and nothing is sent yet. If we add one to start sending the newsletter, we will list it here before the first email goes out.
8. Data security
- Encryption in transit — the whole site is served over HTTPS/TLS.
- Data minimization by design — the less we hold, the less can leak: click logs are PII-free, user agents are one-way hashed, analytics are aggregate, and we never touch payment data.
- Access control — database access is limited to the people who operate the site, on a least-privilege basis.
- Maintenance — dependencies are kept up to date and the codebase is reviewed for security issues.
If a breach ever affects personal data, we will assess and contain it, notify the relevant supervisory authority within 72 hours where the GDPR/UK GDPR requires it, and inform affected people without undue delay, including what happened and what we're doing about it.
An honest caveat
We use industry-standard safeguards, but no website can promise perfect security. This is one more reason we deliberately store so little about you.9. International data transfers
The site is operated from the United States and hosted on Vercel, so US visitors' data is processed domestically. Analytics data is processed in the EU by Plausible.
The site is operated from the United States and hosted on Vercel. Where your personal data (in practice: an email address you gave us) is transferred outside the UK/EU, we rely on recognised safeguards: Standard Contractual Clauses, the EU–US Data Privacy Framework where the provider is certified, and for UK transfers the UK Addendum / UK Extension to the Data Privacy Framework. Analytics never leaves the EU — Plausible is EU-hosted.
A transfer never reduces your rights: you can exercise every right in this policy regardless of where the data sits, and you can ask us which safeguard covers a specific transfer.
10. Children's privacy
This site is about trading and is intended for adults. We do not knowingly collect personal data from children — under 13 in the United States (COPPA), under 13 in the United Kingdom, and under the age of digital consent in EU member states (13–16, depending on the country).
If you believe a child has given us personal data (for example, joined the newsletter), email hello@wethetraders.com and we will delete it promptly.
11. Your choices & controls
- Unsubscribe from emails — click the unsubscribe link in any newsletter, or email us; it takes effect immediately.
- Change cookie preferences — use the control in the Cookies section above; withdrawing consent stops analytics on the spot.
- Block analytics automatically — we honor the Do Not Track and Global Privacy Control signals: enabling either in your browser blocks analytics from loading and opts you out of click logging, without touching the banner.
- Update or correct your information — email hello@wethetraders.com with the change.
- Export your data — ask for a copy in a machine-readable format (in practice: your email address and subscription details).
- Delete everything — one email to hello@wethetraders.com and we erase what we hold about you, subject only to records the law requires us to keep.
12. Changes to this policy
We update this policy when our practices or the law change. The version number, effective date and history below always reflect the current text. For material changes we post a notice on the site before the change takes effect, and where a change affects processing based on your consent, we ask for that consent again — we don't treat continued browsing as agreement to materially new uses of your data.
| Version | Date | What changed |
|---|---|---|
| 2.2 | 2026-07-05 | Clarified affiliate/referral attribution, softened click-log wording to privacy-minimized, added stronger affiliate and risk disclosure references, and noted the crypto-disclosure acknowledgement stored in local storage. |
| 2.1 | 2026-07-05 | Named the database processor (Supabase, USA) and its region; clarified no email-delivery provider is used yet; stated the Article 27 representative position. |
| 2.0 | 2026-07-03 | Full rewrite: regional US/UK/EU detail, retention and processor tables, CPRA rights, cookie inventory. |
| 1.0 | 2026-07-01 | Initial plain-English policy at launch. |
13. Contact information
Data controller: WeTheTraders. One address reaches us for everything — general privacy questions, data subject access requests (DSARs), and complaints: hello@wethetraders.com. Use the subject line "Privacy request" and tell us which right you're exercising, which region you're in, and the email address you used on the site (if any).
- Acknowledgement: within 7 days.
- Full response: within one month (UK/EU) or 45 days (US) — the statutory windows described in "Your privacy rights".
Regulators
- Federal Trade Commission — ftc.gov
- California Attorney General (CCPA) — oag.ca.gov/privacy/ccpa
- Information Commissioner's Office — ico.org.uk
- Your national data protection authority — find it via the EDPB
- European Data Protection Board — edpb.europa.eu
14. Data protection officer & representatives
WeTheTraders is operated from the United States. We do not currently appoint a Data Protection Officer — we don't process personal data at large scale, and we don't systematically monitor people, so Article 37 GDPR does not require one. If our obligations change, we will update this section. Privacy is handled directly by the site's operators; contact hello@wethetraders.com with any GDPR question and it reaches the people responsible.
EU/UK representative
We have not appointed an Article 27 representative in the EU or UK at this stage. If our processing of EU/UK personal data grows to the point where one is required, we will appoint a representative and name them here.US law doesn't require a DPO. All privacy matters are handled via hello@wethetraders.com.
Frequently asked questions
The whole policy, in the questions people actually ask.
- Do you sell my data?
- No. We never sell or rent personal data, and we don't "share" it for cross-context behavioral advertising as the CCPA defines it. We earn money from affiliate referrals, which need no personal data at all — see How we make money.
- What are cookies, in plain English?
- Small files a website stores in your browser so it can recognise you later. This site barely uses the concept: our analytics are cookieless, and the only things we store are your own preferences (consent choice, theme, region, crypto-disclosure acknowledgement) in local storage on your device.
- Do you use Google Analytics?
- No. We use Plausible, an EU-based, cookieless analytics tool that collects aggregate statistics only — and even that loads only after you consent.
- Do you track me across other websites?
- No. There are no ad-network pixels, no retargeting tags, no social-media widgets, and our analytics cannot follow you anywhere else.
- What happens when I click a link to a trading platform?
- Two things: we log a privacy-minimized click event (which platform, when, and a one-way-hashed browser signature — no IP, no name, not intended to directly identify you), and the destination platform may receive referral parameters or click IDs and may set its own cookies to credit the referral. Their privacy policy and tracking practices are controlled by them, not by us.
- Do you store my IP address?
- Not in anything we build: click logs contain no IPs, and analytics use the IP transiently to derive your country without storing it. Our hosting provider keeps standard server logs (which include IPs) for a short security-retention window.
- How long do you keep my data?
- The short version: newsletter emails until you unsubscribe, correspondence up to 24 months, click logs 12 months, and analytics only as aggregates. The full table is in the Data retention section.
- How do I delete my data?
- Email hello@wethetraders.com with the subject "Privacy request" and say you want your data deleted. We confirm within 7 days and complete the deletion within the statutory window for your region.
- How do I unsubscribe from the newsletter?
- Click the unsubscribe link at the bottom of any email — it works immediately. Or email us and we'll remove you by hand.
- Can I get a copy of my data?
- Yes — that's the right of access (and portability in the UK/EU). Email us and we'll send what we hold in a machine-readable format. For most people that's one email address and a signup date.
- What is GDPR?
- The EU's General Data Protection Regulation (the UK kept its own copy after Brexit). It says personal data may only be used for stated purposes on a lawful basis, and gives you enforceable rights: access, correction, deletion, portability and objection. This site is built to those standards for everyone, not just EU visitors.
- What is the CCPA?
- The California Consumer Privacy Act (expanded by the CPRA) — California's privacy law. It gives residents the right to know, delete and correct their data, and to opt out of its sale or sharing. We don't sell or share data, and we extend the CCPA rights to visitors from any US state.
- Do you honor Do Not Track or Global Privacy Control?
- Yes, both. If your browser sends Do Not Track, we skip click logging entirely. We treat a Global Privacy Control signal as an opt-out under the CCPA — though since we don't sell or share data, you're already opted out.
- Is my data safe?
- We use HTTPS everywhere, restrict database access, and — most importantly — store as little as possible, so there's very little to steal. No system is perfectly secure, which is exactly why we designed the site around data minimization.
- Where is my data stored?
- Analytics stay in the EU (Plausible). Newsletter emails and click logs live in our Supabase database in the USA (AWS us-west-2), and the site is hosted on Vercel in the USA. Transfers out of the UK/EU are covered by Standard Contractual Clauses or the Data Privacy Framework.
- How will I know if this policy changes?
- The version number and dates at the top of this page always reflect the current text, with a change log in the Changes section. Material changes get a site notice before they take effect, and consent-based processing is re-consented, not assumed.
- Do I need an account to exercise my rights?
- No — this site has no accounts. Everything works by email, and every right (access, correction, deletion, export, objection) is available to everyone, in any region, for free.