Privacy Policy for b-trader.de

Last updated: May 2026

1. Controller

Bjorn Liffers
trading under the name "b-trader.de"
Dorf-Guller Strasse 31
35415 Pohlheim
Germany
Email:

2. Collection and storage of personal data

2.1 Server log files

  • IP address
  • Date and time
  • Browser type and version
  • Operating system
  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical stability).

2.2 User account

During registration:

  • Name (optional)
  • Email address
  • Password (hashed)

Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

2.3 Usage data within the software

  • Trades
  • Screenshots
  • Notes
  • Statistics
  • BAPA analyses

These data are processed solely to provide the software.

2.4 Payment processing (PayPal)

When subscribing, the user is redirected to PayPal. PayPal's privacy policy applies.

Legal basis: Art. 6(1)(b) GDPR.

2.5 Anti-fraud and abuse prevention (device fingerprinting)

To prevent abuse – e.g., multiple use of free accounts, bot/spam registrations, and suspicious login or registration patterns – we collect technical device signals during registration and login. These signals are collected exclusively on the Registration and Login pages and nowhere else within the service.

Technically collected signals (login/registration only):

  • Stable browser ID (pseudonymous UUID, stored locally in the browser)
  • Operating system platform and processor architecture
  • Browser language and time zone
  • Screen resolution and color depth
  • Number of CPU cores
  • Canvas rendering fingerprint (graphical device parameter)
  • WebGL GPU identifier (vendor/renderer)
  • IP address and network metadata (country of origin)
  • Browser user agent
  • Timestamps and frequency of registration and login events

The raw signal data is combined server-side into a HMAC-SHA256 hash (device fingerprint). This hash and a derived risk score are stored for a maximum of 90 days. In the event of specific abuse suspicion, storage may be extended as required by law. Reverse-engineering the exact device configuration from the hash is technically not possible.

The data is used exclusively for technical security, fraud prevention and abuse detection.

No tracking for advertising or marketing purposes takes place.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in service security and preventing abusive use; no overriding interests of the user, as the data is not used for tracking or advertising).

3. Cookies

The software uses technically necessary cookies (session cookies). No tracking or marketing cookies.

Legal basis: Art. 6(1)(f) GDPR.

4. Data processing agreements

The provider uses hosting and infrastructure service providers. Data processing agreements pursuant to Art. 28 GDPR are in place with all such providers.

5. Storage period

  • User data: until account deletion
  • Contract-relevant data: 10 years (statutory retention obligations)
  • Log files: 14-30 days
  • Anti-fraud log and risk data: generally 90 days; longer retention only in case of specific abuse suspicion or legal obligations

6. Disclosure of data

Data is disclosed only:

  • to technical service providers (hosting, email)
  • to PayPal for payment processing
  • where required by law

No disclosure to third parties for advertising purposes.

7. Data subject rights

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Requests to:

8. Withdrawal of consent

Any consent given can be withdrawn at any time.

9. Data security

The software uses up-to-date encryption and security measures (TLS, hashing, access controls).

10. Changes to this privacy policy

The provider may update this policy where required by legal changes.