Privacy Policy

Personal Identifiers:

• Name, email address, phone number, mailing address
• Government-issued ID (passport, driver's license)
• Social Security Number or Tax ID (encrypted)
• Date of birth, citizenship, residency information

Financial Data:

• Bank account information, wire transfer details
• Investment history, portfolio holdings
• Net worth, income, accredited investor documentation
• Trading preferences, risk tolerance, investment objectives
• Tax information, W-9/W-8BEN forms

Technical Data:

• IP address, device type, browser information
• Cookies and similar tracking technologies
• Website interaction data, clickstream data
• Trading platform usage patterns

Communications:

• Email correspondence, chat messages
• Phone call recordings (with notice)
• Customer support interactions
• MiFID II Requirement: All transaction-related communications retained for 5+ years

Legal Bases for Processing (GDPR):

• Contractual Necessity: To provide Services and fulfill investment agreements
• Legal Obligations: Comply with SEC, FINRA, CFTC, MiFID II, AML, tax laws
• Legitimate Interests: Fraud prevention, service improvement, risk management
• Consent: Marketing communications, non-essential cookies (withdrawable anytime)

Purposes of Data Usage:

• Execute trades, manage portfolios, process transactions
• Verify identity and comply with KYC/AML regulations
• Improve AI trading models and optimize algorithms
• Provide customer support and account services
• Send transactional and regulatory communications
• Detect and prevent fraud, security threats, illegal activities
• Comply with legal and regulatory obligations
• Conduct research and analytics (aggregated, anonymized)

We do NOT sell your personal data. We share data only with:

Service Providers (under strict contracts):

• Cloud hosting providers (AWS, Microsoft Azure)
• Payment processors and financial institutions
• Cybersecurity and fraud detection services
• Professional service providers (auditors, legal counsel)
• Analytics and performance monitoring tools

Financial Institutions:

• Brokers, custodians, clearinghouses
• Banks and payment networks
• Credit bureaus (for KYC/credit checks)

Regulatory Authorities:

• SEC, FINRA, CFTC (U.S. regulators)
• FCA, ESMA (EU regulators - MiFID II compliance)
• FinCEN (financial crimes enforcement)
• Tax authorities (IRS, state agencies)

Legal Requirements:

We disclose information when required by law, subpoena, court order, or government request, or to protect our rights, property, or safety.

GDPR Article 46: All international transfers comply with GDPR requirements through appropriate safeguards including SCCs, adequacy decisions, or binding corporate rules.

GDPR Rights (EU Users):

• Right to Access: Obtain a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing based on legitimate interests or profiling
• Right to Withdraw Consent: Withdraw consent for consent-based processing
• Right to Lodge a Complaint: File complaints with your local supervisory authority

CCPA/CPRA Rights (California Residents):

• Right to Know: What personal information is collected, used, shared, or sold
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of sale or sharing of personal information
• Right to Correct: Correct inaccurate personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: No discrimination for exercising CCPA rights

Technical Safeguards:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• Authentication: Multi-factor authentication (MFA) required for all accounts
• Access Controls: Role-based access control (RBAC), principle of least privilege
• Network Security: Firewalls, intrusion detection/prevention systems (IDS/IPS)
• Monitoring: 24/7 security monitoring, automated threat detection
• Penetration Testing: Regular third-party security audits and penetration tests

Organizational Measures:

• Employee background checks and security training
• Confidentiality agreements with all staff and contractors
• Data breach incident response plan
• Regular security awareness training
• Vendor risk management program

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized services.

Types of Cookies:

• Essential Cookies: Necessary for site functionality (no consent required)
• Analytics Cookies: Track usage patterns via Google Analytics (anonymized)
• Functional Cookies: Remember preferences and settings
• Marketing Cookies: Serve targeted ads (consent required in EU)

Manage Cookies: Adjust settings via our cookie banner or browser preferences. Note that disabling essential cookies may impair functionality.

Do Not Track: We honor Do Not Track (DNT) browser signals where feasible.

MiFID II Compliance (EU Users):

Transaction records and communications are retained for a minimum of 5 years as required by MiFID II.

SEC/FINRA Compliance (US Users):

Investment advisory records are retained for a minimum of 7 years as required by SEC Rule 204-2 and FINRA rules.

General Retention:

• Personal data: Retained while account is active + legal retention period
• Financial records: 7 years after account closure
• Tax documentation: 7 years per IRS requirements
• AML/KYC records: 5 years after relationship ends
• Marketing data: Until you opt-out or request deletion

After retention periods expire, data is securely deleted or anonymized.

The Services are NOT directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we discover we have collected data from a minor, we will delete it immediately.

Parents or guardians who believe we may have inadvertently collected information from a minor should contact privacy@futuresfund.ai.

AI Futures Fund LLC is based in the United States. If you are accessing the Services from outside the U.S., your information may be transferred to, stored, and processed in the United States.

EU Users: We comply with GDPR and use Standard Contractual Clauses for EU-US data transfers.

UK Users: We comply with UK GDPR following Brexit.

EU Representative (GDPR Article 27): Contact privacy@futuresfund.ai for current representative details (if applicable).

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We recommend reviewing their privacy policies before providing personal information.

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Material changes will be communicated via:

• Email notification to your registered email address
• Prominent notice on the website
• In-platform notification upon login

Continued use after notice constitutes acceptance of the updated Privacy Policy.