Privacy Policy
21.06.2026
MarketTriage ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our weekly CFTC Commitment of Traders analysis newsletter and website.
Information We Collect
Newsletter Data
When you subscribe to our COT (Commitments of Traders) newsletter, we collect:
- Email address
Legal Basis: Consent (opt-in). You actively subscribe by entering your email address.
Data Retention: Your email address is retained until you unsubscribe — via the link in every newsletter or by contacting support@markettriage.com. On unsubscribing it is removed from our mailing list (processing may take up to 48 hours). We never use it to market other products or share it with third parties for their own marketing.
Technical Data
We automatically collect certain technical information:
- Browser type and version
- IP address (anonymized)
- Access times and pages visited
How We Use Your Information
We use the collected information to:
- Deliver our newsletter: Send weekly COT market analysis to subscribers
- Analyze traffic sources: Understand where visitors come from (with your consent via Google Analytics)
- Improve our service: Analyze usage patterns and optimize performance
- Comply with legal obligations: Meet regulatory requirements (GDPR)
Data Sharing and Third Parties
We share data only with essential service providers:
- Cloudflare: Infrastructure, CDN, security services, and bot protection (Cloudflare Turnstile) on our forms — see Bot Protection below
- Google Analytics: Website traffic analysis (only with your explicit consent. IP addresses are anonymized.)
- Microsoft Clarity: Heatmaps and session recordings to improve user experience (only with your consent)
- Stripe: Payment processing for subscriptions (name, email, payment method, billing address; legal basis: contract performance, Art. 6(1)(b) GDPR) — see Payment Data below
- Firebase Authentication (Google): User identity and sign-in
- Data sent: Email, display name, OAuth provider tokens
- Purpose: Authenticate users via Google, Apple, or email link sign-in
- Legal basis: Contract performance (Art. 6(1)(b) GDPR)
- Privacy policy: Firebase Privacy Policy
- Brevo: Email delivery for our COT newsletter
- Data sent: Email address only
- Purpose: Deliver weekly newsletter emails
- Data processing location: EU (Brevo servers)
- Privacy policy: Brevo Privacy Policy
Important: We never sell your data to third parties. We do not use your email for marketing purposes beyond the newsletter you subscribed to.
Cookies and Tracking
We use cookies and browser storage to provide our service. We use Klaro, a privacy-friendly consent manager, to give you control over cookie preferences.
Types of Cookies We Use
- Essential Cookies (Required):
- Cloudflare cookies: Security, DDoS protection, and performance
- Session storage: Temporary data during your session
- Analytics Cookies (Optional, enabled by default):
- Google Analytics: Tracks traffic sources and website usage
- Microsoft Clarity: Heatmaps and session recordings
Manage Cookie Preferences: You can change your cookie settings at any time by clicking the cookie icon in the bottom-left corner of your screen.
We do not use advertising cookies or cross-site tracking. All analytics cookies require your consent.
Bot Protection (Cloudflare Turnstile)
Our newsletter signup form is protected by Cloudflare Turnstile, a privacy-preserving bot-detection service that replaces traditional CAPTCHAs. It helps us confirm that form submissions come from a real person rather than automated software, protecting against spam and abuse.
What Data is Processed
- IP address and basic connection metadata
- Browser and device characteristics (e.g. user agent, browser settings)
- Interaction signals used to tell humans apart from bots
Turnstile is designed to be privacy-friendly: it does not use this data for advertising, does not track you across websites, and does not rely on invasive tracking cookies. The processing is necessary for the security of our forms.
Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) in protecting our service from spam, abuse, and automated submissions.
Cloudflare Turnstile is provided by Cloudflare, Inc. For details, see the Cloudflare Privacy Policy.
Google Analytics
We use Google Analytics 4 (GA4) to understand where our visitors come from and how they use our website. This helps us improve our service and understand which channels are most effective.
What Data is Collected
- Traffic sources: How you found us (organic search, social media, direct, referral)
- Website usage: Pages visited, time spent, navigation patterns
- Device information: Browser type, device type, screen resolution
- Geographic location: Country and city (derived from anonymized IP)
- User interactions: Clicks, scrolls, form submissions
Privacy Measures
- Consent required: GA only tracks you if you accept analytics cookies (declinable any time via the cookie banner), using Google Consent Mode V2
- IP anonymization: Your IP is anonymized before being sent to Google; we send no personally identifiable information
- Data retention: Analytics data is retained for 14 months, then automatically deleted
We have entered into Google's Data Processing Amendment for GDPR compliance. Your data is processed according to Google's Privacy Policy and the Google Analytics Terms of Service.
Payment Data
When you subscribe to a paid plan, payment processing is handled entirely by Stripe under its Data Processing Agreement and Standard Contractual Clauses (EU/US). Credit card numbers and payment credentials are never transmitted to or stored on Kolmira UG servers.
We store the following billing-related data in our database: subscription tier, billing status, billing period dates, and a Stripe customer reference ID. This data is necessary to provide and manage your subscription.
Retention: Billing data is retained for the duration of your subscription plus the legally required retention period for commercial records under German law (§257 HGB: 10 years for accounting records, §147 AO: 10 years for tax-relevant documents).
Your Rights (GDPR)
If you are in the European Economic Area (EEA), you have the following rights:
- Right to Access: Request a copy of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Opt out of certain data processing
- Right to Withdraw Consent: Revoke consent at any time
To exercise these rights, contact us at support@markettriage.com
Data Security
We implement industry-standard security measures:
- HTTPS encryption for all data transmission
- Secure Cloudflare Workers environment
- Regular security audits and updates
However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.
International Data Transfers
Your data may be processed in countries outside the EEA. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) with service providers
- Cloudflare's global compliance framework
Children's Privacy
Our service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent changes. Continued use of our service after changes constitutes acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please see our Imprint for full contact information.