← Back to home

Privacy Policy

Last updated: 2026-05-17

1. Who we are

iotec is an independent software developer building tools for NinjaTrader 8. Contact: [email protected].

2. Data we collect

2.1 From the indicator (during normal use)

• License key — to validate your purchase.
• Device fingerprint — an anonymized SHA-256 hash derived from your MachineGuid + BIOS serial + motherboard serial. This is opaque and cannot be reversed to identify your computer's hardware details.
• Assembly hash — SHA-256 of the iotec DLL files installed, for tamper detection.
• Public IP address — visible to us, like any web service.
• Timestamp of each activation and heartbeat check.

2.2 From the website / purchase

• Email and name — provided during checkout via the payment processor.
• Standard browser data — user agent, referrer, etc. when you visit iotec.dev (no third-party trackers, no analytics scripts at this time).

3. Data we do NOT collect

The indicator never sends to our servers:

• Your trading positions, open orders, P&L, or account balance.
• The instruments you trade or watch.
• Your chart configurations or workspace data.
• Your broker credentials.
• Any content of your trades or strategies.

4. Where data lives

• License server: hosted in Europe (Contabo, Germany).
• Email service: Brevo (Sendinblue, EU-based).
• Payment processor: Gumroad (US, GDPR-compliant Merchant of Record).
• CDN/DNS: Cloudflare.
• Backups: Cloudflare R2 (encrypted at rest).

5. Local data on your computer

The indicator stores your license key locally at %APPDATA%\iotec\license*.dat, encrypted with Windows DPAPI tied to your user account. Only you, logged into your Windows session, can decrypt it.

6. How we use data

• To validate your license and prevent unauthorized use.
• To send you license keys, support replies, and product updates.
• To detect tampering or abuse.
• To improve the product (aggregated, anonymized metrics).

We do not sell, rent, or share your data with third parties for marketing.

7. Your rights (GDPR / similar laws)

You have the right to:

• Request a copy of your data.
• Request correction or deletion.
• Withdraw consent.
• Lodge a complaint with your local data protection authority.

Email [email protected] for any request.

8. Retention

• License + email: while your license is active + 12 months after last activity.
• Server logs: 90 days.
• Backups: 90 days.

9. Security

We use TLS for all network communication, encrypted backups, RSA-signed license payloads, and access-restricted servers. No system is 100% secure; we do our best.

10. Changes

We may update this policy. Material changes will be announced by email to active licensees when possible.

11. Contact

Questions or data requests: [email protected]