Last updated: April 2026
This Privacy Policy describes how Tsuroni LTD processes personal information in connection with CrowdWisdom Trading. It is designed to support common disclosure expectations under laws such as the GDPR and the CCPA/CPRA, but it is not a substitute for legal advice.
This Privacy Policy explains how Tsuroni LTD ("we," "us," "our") processes personal information when you use CrowdWisdom Trading websites, applications, and related services (the "Services").
Controller / business contact: Tsuroni LTD. For privacy inquiries and requests: gilad@crowdwisdomtrading.com.
Data Protection Officer (GDPR): we have not appointed a standalone Data Protection Officer because we are not currently required to under Article 37 of the GDPR, based on the nature and scale of our processing. If that changes, we will update this Policy and publish appropriate contact details.
EU representative (Article 27 GDPR): we do not currently designate a representative in the European Union. If we become required to appoint one based on our processing activities, we will publish their contact details in this Policy.
We describe our collection using categories that align with common regulatory frameworks (including CPRA-style categories). Not every category applies to every user.
Identifiers: name, email address, account username or user ID, authentication identifiers (for example, Firebase user IDs when you sign in with a provider), and similar contact or account identifiers you provide.
Commercial information: records of products or services purchased, obtained, or considered; subscription or plan type; payment status; and related commercial transaction metadata (we do not receive full payment card numbers; see Payments below).
Internet or other electronic network activity: device and browser type, operating system, referring/exit pages, pages or screens viewed, approximate interactions, session duration, timestamps, diagnostics, and similar usage data needed to operate and secure the Services.
Geolocation data: approximate location inferred from IP address (not precise GPS from this Policy unless a feature explicitly requests it and we tell you).
Inferences: we may derive or generate inferences from the above (for example, preferences, approximate segments, or product usage patterns) to personalize or improve the Services and measure performance.
Sensitive personal information: we do not ask you to provide health information, government IDs, or other statutorily sensitive categories to use the core Services. If you voluntarily send sensitive information in support messages, we process it only to handle that request and as permitted by law.
Communications: messages you send us (support, feedback) and subscription or marketing preferences.
Payments: payment transactions are processed by third-party payment providers (for example, PayPro Global). We receive limited information from them (such as confirmation of payment, subscription status, and partial billing details). We do not receive your full card number; the processor handles payment card data under its terms.
Where the GDPR or similar laws apply, we must identify a legal basis for each purpose. The table below summarizes typical processing. Specific legal basis may vary depending on your region and the exact activity.
Summary: data categories, purposes, and legal bases (illustrative)
| Data category (examples) | Purposes | Legal basis (GDPR, where applicable) |
|---|---|---|
| Identifiers; account data | Account creation, authentication, customer support, service delivery, security, fraud prevention, and communicating about the Services | Performance of a contract; legitimate interests (security, service integrity); legal obligation where applicable |
| Commercial information | Billing, subscriptions, fulfillment, accounting, and dispute handling | Performance of a contract; legal obligation (tax/accounting); legitimate interests (payment integrity) |
| Internet/network activity; limited geolocation from IP | Operating the Services, analytics, product improvement, abuse detection, performance measurement, and security monitoring | Legitimate interests (balanced against your rights; see section 4); consent where required (certain cookies or marketing); performance of a contract where tied to core features |
| Inferences | Personalization, ranking, recommendations, and understanding aggregate usage | Legitimate interests; consent where required by law or by our cookie/marketing tools |
| Communications content you send us | Support, feedback handling, and quality improvement | Legitimate interests; performance of a contract |
Where we rely on legitimate interests, we have assessed those interests against your rights and freedoms. We use personal data for purposes such as securing accounts, preventing abuse, improving reliability and performance, understanding how features are used in aggregate, and communicating about the Services in line with reasonable expectations.
You may object to processing based on legitimate interests where applicable law allows, and you may have additional rights in section 12. We will stop or restrict processing unless we demonstrate compelling legitimate grounds or show that processing is necessary for legal claims.
We share personal information with vendors that process data on our behalf for the purposes above. They must process data under our instructions and appropriate safeguards. Examples of categories and named vendors we use today include:
Authentication and identity: Google Firebase Authentication (Google LLC / Google Ireland Limited, as applicable).
Hosting and application delivery: Vercel or comparable hosting used to serve the website and APIs (actual provider depends on deployment).
Analytics and product telemetry: Google Analytics (via Next.js third-parties where enabled) and PostHog for product analytics.
Payments: PayPro Global (or another processor shown at checkout) for payment processing and subscription billing.
Consent management: CookieYes for cookie banner and preference storage where deployed.
Email and communications: providers used for transactional and (where permitted) marketing email delivery.
Database and backend: infrastructure supporting application data (for example, cloud database services used with our application).
We may update this list as vendors change. For a standalone subprocessor list in table form, contact us at the email below and we will provide the then-current list for your records where required by law.
We may disclose information if required by law, to respond to lawful requests by public authorities (including national security or law enforcement requirements), to protect rights, privacy, safety, or property, or in connection with a business transaction (merger, acquisition, financing, or sale of assets) subject to appropriate confidentiality and notice where required.
We do not sell your personal information for money. Where “sale” or “sharing” is defined broadly (for example under some U.S. state laws, including cross-context behavioral advertising), we describe opt-out rights below and honor applicable choices.
If you access the Services from outside the country where we or our providers operate, your information may be transferred to and processed in countries that may have different data protection laws (including Israel, the United States, the EEA, and the UK, depending on provider locations).
Where required, we use appropriate safeguards such as standard contractual clauses approved by the European Commission or UK Addendum, and supplementary measures where appropriate.
We retain personal information only as long as reasonably necessary for the purposes described, unless a longer period is required or permitted by law.
Account and profile data: for the life of your account and for a reasonable period after you request deletion (typically up to 90 days) to recover from accidental deletion, unless a longer hold is required for legal, security, or fraud-prevention reasons.
Security and diagnostic logs: typically approximately 30 to 180 days, unless a longer period is needed to investigate incidents or meet legal obligations.
Payment and billing records: for as long as required by tax, accounting, and regulatory obligations (often up to seven years, depending on jurisdiction and record type).
Marketing records and consent logs: until you withdraw consent or opt out, and for a short period afterward to demonstrate compliance.
Analytics identifiers: in line with vendor settings and our configuration (often 14 to 26 months for common analytics tools, unless shortened by settings).
Aggregated or de-identified information may be retained without a fixed end date where it no longer identifies you.
We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.
We may use automated tools and models to generate informational content, predictions, summaries, or rankings about markets or the Services. These outputs are provided for informational purposes and are not individualized legal, credit, employment, housing, or similar high-risk decisions about you.
We do not make decisions that produce legal effects concerning you or similarly significantly affect you based solely on automated processing, within the meaning of Article 22 GDPR, for the core Services described in this Policy. If we introduce solely automated decision-making with legal or similar significant effects, we will provide information about logic, significance, and your rights before processing.
Depending on where you live, you may have rights to access, rectify, delete, restrict or object to processing, port data, withdraw consent where processing is consent-based, and limit use of sensitive personal information where applicable.
How to submit a request: email us at gilad@crowdwisdomtrading.com with the subject line “Privacy Request” and describe your request. You may also use any web form we make available for privacy requests if we publish one.
Verification: to protect your information, we may need to verify your identity before fulfilling a request. We may ask for information such as your account email, recent billing reference, or other reasonable verification consistent with applicable law. We will not fulfill requests we cannot verify as required by law.
Response timeframe: where the GDPR applies, we will typically respond within one month (30 days) of verification, and may extend by up to two further months for complex requests (we will tell you if we extend and why). Where the CCPA/CPRA applies to your request, we will typically respond within 45 days and may extend by an additional 45 days when reasonably necessary, with notice.
No fee: we do not charge a fee unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse, as permitted by law.
Authorized agents: California residents may use an authorized agent where permitted; we may require proof of authorization and may still verify your identity directly in some cases.
Appeals (CPRA): if we deny your California request in whole or in part, you may appeal by replying to our decision email within a reasonable period. We will describe how to submit an appeal and respond within the timeframe required by law (typically 45 days for the appeal decision, with a possible extension if permitted).
EEA/UK: you may lodge a complaint with your local supervisory authority.
California (CCPA/CPRA): California residents may request to know, delete, and correct certain personal information, and may opt out of “sale” or certain “sharing” for cross-context behavioral advertising, as defined by law. We will not discriminate against you for exercising these rights.
Some browsers transmit “Do Not Track” (DNT) signals. There is no consistent industry standard for how to respond to DNT. We do not rely on DNT alone as the sole mechanism for exercising privacy rights. For California and similar regimes, we honor opt-out preference signals where required by applicable regulations and where technically feasible in combination with our cookie and analytics controls.
You should also use our cookie banner (where available) and account or device settings to manage tracking and advertising preferences.
The Services are not directed at children under 13 (or under 16 where applicable). We do not knowingly collect personal information from children. If you believe we have, contact us and we will take appropriate steps.
The Services may link to third-party sites or services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.
We may update this Privacy Policy from time to time. The “Last updated” date reflects the latest version. We will provide additional notice where required by law.
Privacy questions or requests: gilad@crowdwisdomtrading.com.
This Policy is provided for informational purposes. Consult a qualified attorney for legal advice specific to your situation.
