Privacy Policy
1. Who we are
This Privacy Policy applies to Waretto, a service operated by Samarkand Industries OÜ, a private limited company registered in Estonia under registry code 17492007, with registered address at Narva mnt 5, 10117 Tallinn, Estonia, European Union ("Samarkand", "we", "us", "our").
Samarkand Industries OÜ is the data controller for personal data collected through waretto.com and its associated services.
For questions about this policy or your personal data, contact us at privacy@waretto.com.
2. What personal data we collect
We collect personal data only where we have a lawful basis for doing so.
Data you provide directly
| Data | Context |
|---|---|
| Full name | Account registration, contact forms, event sign-up |
| Email address | All of the above |
| Organisation name and role | Enterprise enquiries |
| Phone number | Enterprise sales process (if provided) |
| Message content | Contact form submissions |
| Payment information | Subscription purchases (processed by payment provider; we do not store card data) |
Data collected automatically
| Data | Context |
|---|---|
| IP address | Server access logs, fraud prevention |
| Browser type and version | Server logs, compatibility |
| Pages visited and time spent | Analytics |
| Referrer URL | Analytics |
| Device type and operating system | Analytics |
| Cookie identifiers | See Cookie Policy |
3. Legal bases for processing
| Processing activity | Legal basis |
|---|---|
| Responding to contact form enquiries | Legitimate interests (Art. 6(1)(f)) |
| Providing subscribed services | Performance of a contract (Art. 6(1)(b)) |
| Processing payments | Performance of a contract (Art. 6(1)(b)) |
| Sending service notifications | Performance of a contract (Art. 6(1)(b)) |
| Marketing communications | Consent (Art. 6(1)(a)) — where explicitly given |
| Security monitoring and fraud prevention | Legitimate interests (Art. 6(1)(f)) |
| Legal compliance (tax, accounting) | Legal obligation (Art. 6(1)(c)) |
| Analytics (if non-anonymous) | Legitimate interests (Art. 6(1)(f)) or Consent |
4. How we use your data
We use your personal data to:
- Respond to your enquiries and provide the services you have requested
- Manage your account and subscription
- Process payments and issue invoices
- Send transactional communications (receipts, service updates, security alerts)
- Send marketing communications where you have consented
- Improve our products through aggregated analytics
- Comply with legal obligations (tax, accounting, regulatory requirements)
- Detect and prevent fraud, abuse, and security threats
What we don't do: We do not sell your personal data. We do not share your data with advertising networks. We do not use your data for automated profiling that produces legal or similarly significant effects.
5. Who we share data with
We share personal data only with service providers acting as data processors on our behalf (cloud infrastructure, payment processing, email delivery, analytics) — all bound by GDPR Article 28 data processing agreements. We share with legal authorities only where required by law.
We do not transfer personal data outside the EEA except where adequate protection is in place (adequacy decision or standard contractual clauses).
6. Analytics
Where we use web analytics, we configure it to anonymise IP addresses, disable cross-site tracking, not share data with advertising platforms, and respect Do Not Track signals. Where non-anonymous analytics are used, consent is obtained first.
7. Market data and informational outputs
Waretto aggregates market data and analytics from third-party providers (including CoinGecko, Polygon.io, and similar). Personal data is not shared with these providers as part of market data queries; only aggregated, anonymised request metadata is transmitted for the purpose of serving market data to you.
Outputs generated by Waretto — including price data, technical signals, backtests, and Sentinel Alpha Engine recommendations — are provided for informational purposes only and do not constitute financial, legal, or investment advice.
8. Data retention
| Data type | Retention period |
|---|---|
| Contact form submissions | 24 months from submission |
| Account data (active) | Duration of subscription + 12 months |
| Account data (churned) | 36 months from end of subscription |
| Payment records | 7 years (Estonian accounting law) |
| Server access logs | 90 days |
| Marketing consent records | Until consent withdrawn + 36 months |
9. Your rights
Under GDPR you have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), object (Art. 21), and withdraw consent (Art. 7(3)).
To exercise any right, contact privacy@waretto.com. We will respond within 30 days.
You may also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee, or the supervisory authority in your country of residence.
10. Security
We implement TLS 1.2+ encryption in transit, AES-256 encryption at rest, access controls and MFA, regular security testing, and GDPR Article 33 breach notification procedures.
11. Changes
Material changes will be communicated by email (for registered users) and by updating the "Last updated" date. Continued use after notice constitutes acceptance.
12. Contact
Data Controller:
Samarkand Industries OÜ
Narva mnt 5, 10117 Tallinn, Estonia
privacy@waretto.com
Estonian supervisory authority:
Andmekaitse Inspektsioon · Tatari 39, 10134 Tallinn · aki.ee