Legal

Privacy Policy

Last updated: 2026-04-19

Glitch Trade is an AI software tool operated by Nuraveda, a sole proprietorship owned by Tejas Karan Agrawal at 77 Huntley St, Toronto, ON M4Y 2P3, Canada. This policy covers personal data collected through trade.glitchexecutor.com and the services we operate under paid subscription.

1. Data controller & contact

Nuraveda is the data controller for the personal data described below. For any data-related request — access, copy, correction, deletion, portability, restriction, or objection — contact support@glitchexecutor.com. We acknowledge requests within 7 days and respond substantively within 30 days (or the period required by your applicable law).

2. What we collect

  • Contact & trial form submissions — name, email, phone (when provided), and the message you send us. Stored in encrypted Postgres.
  • Account identifiers — account credentials, Telegram user ID where you use that surface, and the commands you send our tools, for access control and billing.
  • Exchange API keys — encrypted with AES-256, trade-only scope (no withdrawal permissions). You can revoke at any time.
  • Billing data — handled by Stripe (see §6 Sub-processors). We receive only customer ID, email, amount, last-4 of card, and plan. We never see full card numbers.
  • Aggregate analytics — page views, referrers, device type. No cookies, no cross-site tracking, no fingerprinting, no IP-to-user resolution.
  • Turnstile challenge data — processed by Cloudflare under their privacy terms. We receive only pass/fail.
  • Server logs — IP address, request timestamp, and path, retained for up to 30 days for security and abuse prevention.

3. Legal basis for processing

Depending on which privacy regime applies to you, we rely on one or more of the following legal bases:

  • Contract performance — to deliver tool access and process subscriptions you signed up for (Canada PIPEDA — implied consent; EU/UK GDPR Art. 6(1)(b); DIFC DPL §10(1)(b); ADGM DPR §5(1)(b); UAE PDPL Art. 5(1)(c); India DPDPA §7(a)).
  • Legitimate interests — to secure the Service against abuse, debug errors, and improve product quality.
  • Legal obligation — to comply with applicable Canadian, tax, accounting, and sanctions-screening laws.
  • Consent — for any optional communications such as marketing newsletters. You may withdraw consent at any time without affecting the lawfulness of prior processing.

4. What we don't do

  • No cross-site tracking, advertising cookies, or third-party ad-tech pixels on the marketing site.
  • No selling or licensing of personal data to third parties.
  • No enrichment of your form submission against third-party data brokers or lookup services.
  • No profiling or automated decision-making that produces legal effects on you.
  • No data collection from anyone we know to be under 18 years of age. If you believe a minor has submitted personal data, contact us and we will delete it.

5. Data retention

  • Account & tool telemetry — for the life of your subscription plus 24 months (to support dispute resolution and tax records), then deleted or anonymised.
  • Contact-form submissions — 24 months, or sooner on your deletion request.
  • Server logs — up to 30 days.
  • Billing records — retained as long as required by applicable Canadian tax, accounting, and AML laws (typically 6–7 years per the Canada Revenue Agency).

6. Sub-processors

We rely on the following third-party processors. Each is bound by a data-processing agreement and their own published privacy terms:

  • Cloudflare, Inc. — site delivery, WAF, Turnstile bot mitigation, Pages hosting.
  • Stripe, Inc. — subscription billing, checkout, payment card processing.
  • Telegram Messenger Inc. — where used as a tool surface. Your Telegram messages are processed under Telegram's own privacy terms before reaching our servers.
  • Primary database hosting — Postgres-compatible, encrypted at rest, located in Iowa, United States. Backups encrypted and retained per §5.
  • Your exchange — via API keys you provide. Trade-only scope; see Terms §6.

7. International transfers

Our primary database is located in Iowa, United States. Because the controller (Nuraveda) is based in Province of Ontario, Canada, most personal data is therefore transferred from Canada to the United States and may be subject to U.S. law, including lawful-access regimes that differ from Canadian law.

Where required for users in other regions, transfers rely on mechanisms such as the EU Commission's Standard Contractual Clauses, the UK International Data Transfer Addendum, adequacy decisions, or equivalent safeguards under the UAE PDPL (Art. 22 cross-border transfer provisions) and India DPDPA 2023 (§16 notified-country framework). For Canadian residents we comply with PIPEDA's accountability principle — we remain responsible for personal data transferred to a processor regardless of where it is processed.

8. Security

We apply administrative, technical, and physical safeguards that are reasonable for a service of this scale: AES-256 at-rest encryption for API keys, TLS 1.2+ in transit, least-privilege access for staff, audit logging on sensitive tables, and periodic credential rotation. No system is perfectly secure — if you believe your credentials have been compromised, contact us immediately at support@glitchexecutor.com.

9. Your rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

  • Access — obtain a copy of the personal data we hold about you (PIPEDA Principle 9).
  • Rectification — correct inaccurate or incomplete data.
  • Erasure — request deletion, subject to legal retention obligations.
  • Restriction — limit how we process your data pending resolution of a dispute.
  • Portability — receive a machine-readable copy of data you provided, where technically feasible.
  • Objection — object to processing based on our legitimate interests.
  • Withdraw consent — at any time, for any processing based on consent.
  • Complain to a regulator — your local data-protection authority, such as the Office of the Privacy Commissioner of Canada (priv.gc.ca), the Information and Privacy Commissioner of Ontario, the UK ICO, your EU DPA, the UAE Data Office, the India Data Protection Board, or the California Attorney General.

Submit requests to support@glitchexecutor.com. We verify identity before actioning requests to protect your data from unauthorised access.

10. Data breach notification

In the event of a personal-data breach of security safeguards that poses a real risk of significant harm to affected individuals, we will notify the Office of the Privacy Commissioner of Canada and affected individuals as soon as feasible in accordance with PIPEDA and its Breach of Security Safeguards Regulations. We will also notify relevant supervisory authorities in other jurisdictions within their statutory timelines (including the 72-hour window under GDPR Art. 33 where applicable).

11. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes we will post the revised version on this page and update the "Last updated" date. For changes that materially expand how we use personal data, we will provide advance notice.

12. Contact

Data Protection contact: support@glitchexecutor.com.

Nuraveda
Attention: Tejas Karan Agrawal
77 Huntley St, Toronto, ON M4Y 2P3, Canada
Tel: +1 437 539 7958