The Privacy Statement.

§ 1What Pascal collects

The minimum the software needs.

Account data. Your email address, billing identity, and jurisdiction. The minimum to maintain your subscription and identify you when you contact Pascal.

Operational data. API connection metadata, the strategies that fired on your account, the regime classifications under which they fired, the reasoning trace stored in Alexandria. Not your raw API key beyond the secure connection layer (see § 3).

Communication. Support emails and opt-in newsletter subscribers. Nothing else.

Pascal does not run analytics that follow you across the web. Pascal does not embed tracking pixels in dashboards or newsletters. Pascal does not sell, rent, or share your data.

§ 2Lawful basis · UK GDPR

Why Pascal can process your data.

• Contract performance · operating the service you have subscribed to.
• Legitimate interests · running Pascal, auditing its decisions, defending the integrity of the architecture.
• Consent · for optional things, like the Architect's monthly note. Consent is yours to withdraw at any time.

§ 3How your API credentials are handled

The key Pascal cannot misuse.

The trade-only API key you generate is stored encrypted at rest, with a per-user encryption key. Pascal never logs the raw key.

Permission scope is verified at the moment of connection. Pascal refuses any key with withdrawal permission attached — the architecture will not operate with one. (Read the Custody Model for the architectural detail.)

When you revoke the key directly at your exchange, Pascal's access ends instantly. The encrypted credential in Pascal's store is destroyed within the SLA published in this document at v1.0.

§ 4Alexandria · your trading record

Pascal remembers what it did for you.

Every trade decision and reasoning trace that Pascal makes on your account is recorded in Alexandria — Pascal's institutional memory. You can request access to your full Alexandria record at any time and read what Pascal saw, what Pascal did, and why.

When you close your account, you can request deletion of personally identifying associations to your Alexandria records, subject to financial-record retention obligations (see § 7). The aggregate, anonymised decision data Pascal uses to improve the architecture is retained without identifiers.

§ 5Sharing with third parties

Pascal does not sell or trade your data.

Pascal uses a small number of sub-processors to operate the service: cloud hosting, billing, transactional email. The current list is published below this section in v1.0 and updated when it changes.

Pascal does not share data with advertisers. Pascal does not share data with exchange partners. Pascal does not share data with anyone else, except where legally compelled — and where we are not legally gagged, we will tell you.

§ 6International transfers

Where your data sits.

Pascal's primary jurisdiction is the United Kingdom. Sub-processors operating in the EU or US do so under Standard Contractual Clauses (SCCs) where required by UK / EU GDPR.

§ 7Retention

How long Pascal holds your data.

• Account data · while your account is active, plus six years (financial-record retention).
• Alexandria decisions on your account · indefinite by design. Pascal's value is the accumulated institutional memory; you consent to this by using Pascal. Personally identifying associations can be severed on request at account closure.
• Aggregated and anonymised research data · retained without identifiers as part of Pascal's continuing operation.

§ 8Your rights

The rights UK GDPR gives you.

• Access · request a copy of the data Pascal holds on you.
• Correction · ask Pascal to fix anything inaccurate.
• Deletion · subject to retention obligations above.
• Portability · receive your data in a structured, machine-readable form.
• Objection · object to processing on legitimate-interests grounds.

Pascal responds to rights requests within 30 days. Address requests to hello@pascaltrades.com.

§ 9Cookies and tracking

The minimum needed for the site to work.

The marketing site uses essential cookies only. There are no third-party analytics, no advertising cookies, and no cross-site tracking. The dashboard uses an authentication cookie required for you to stay logged in.

§ 10Security

How Pascal protects what it holds.

Encryption at rest. Encryption in transit. Mutual TLS to exchanges where they support it. No key sharing between user accounts. Audit logs of every administrative action recorded in Alexandria and reviewable by the Tier-8 Board.

§ 11Changes & contact

How this document evolves.

Material changes to this Privacy Statement are announced at least 30 days before they take effect. A change log lives at the bottom of v1.0.

Data-protection contact: hello@pascaltrades.com.