Privacy Policy — AlgoRecon

Photon Services Limited ("we", "us", "our"), a company registered in England and Wales, operates AlgoRecon (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, and how we use and protect it. We act as the data controller for the personal data described here.

1. What data we collect

Data	Purpose	Legal basis (UK GDPR)
Email address	Identify your licence, send receipts and important service communications	Contract
First name, last name (optional)	Personalise communications and invoices	Contract
Device fingerprint (a one-way hash of your machine identifiers)	Activate your licence on a specific device, enforce the 2-device limit, and prevent trial abuse	Legitimate interest in preventing fraud and licence sharing
Licence activation history	Allow you to deactivate devices you no longer use	Contract
Payment information	Card details are entered into our payment processor's secure checkout — we never see or store full card numbers. We retain only transaction metadata (amount, date, last 4 digits of card, billing country)	Contract
Support correspondence	Respond to enquiries and improve the Service	Legitimate interest

Data we do not collect. The AlgoRecon desktop app stores your trade history, strategy data, and broker information in a local SQLite database on your machine. None of that data is transmitted to our servers. AlgoRecon reads from your already-running MetaTrader 5 terminal — your MT5 login credentials are never entered into or stored by the Service.

Diagnostic reports you choose to send. If you use the "Send diagnostic report" button in the app (Settings), AlgoRecon uploads your recent application log file, the app version, and your licence key to our own support storage (Cloudflare R2). This is sent only when you click the button, and is used solely to help us resolve a problem you have reported. The log may include technical detail about your session — such as your MT5 account number, broker, and server name, and StrategyQuant activity — but never your MT5 password (AlgoRecon reads from your already-running terminal and never receives or stores your trading credentials). You can preview exactly what will be sent before sending, and it is sent only when you choose.

Optional anonymous diagnostics. The app can send two kinds of anonymous diagnostics: usage statistics (that the app launched and which features are opened, to understand adoption) and crash reports (a scrubbed technical diagnostic if the app crashes). These never include your account numbers, broker, trades, P&L, licence key, file contents, email address, or any personal identifier. Usage statistics consist of the event name plus anonymous technical metadata automatically attached by our analytics provider — application version, operating system and version, device language/locale, the web-view engine version, and a temporary session identifier that resets each session (it cannot be used to track you across sessions). Crash reports contain only a scrubbed error type, a path- and value-free stack trace, the app version, and the operating system. Both usage statistics and crash reports are on by default, because both are anonymous and contain no personal data (the crash scrubber strips messages, paths, and variables, keeping only the error type, a path-free stack, and the app/operating-system version). You can turn either off at any time in Settings → Privacy & Telemetry.

2. Who we share data with

We share personal data only with a small number of processors that we need to operate the Service:

Our payment processor — handles checkout, recurring billing, receipts, and refunds. We will list the specific processor here once onboarding is complete.
Keygen LLC — our licensing service. Stores your email, fingerprint hash, and licence status. Keygen Privacy Policy.
Cloudflare, Inc. — hosts our licensing API worker. Receives request metadata (IP address, request body) for the purpose of fulfilling licence operations and rate-limiting abuse. Cloudflare Privacy Policy.
Aptabase (only if usage statistics are enabled) — privacy-first, EU-hosted usage analytics. Receives only the anonymous app/feature events described above; collects no personal data. Aptabase Privacy Policy.
Sentry (only if crash reports are enabled) — crash-diagnostics service. Receives only scrubbed, anonymous crash data — no personal or financial information. Sentry Privacy Policy.

We do not sell your personal data, and we do not share it with advertising networks.

In addition, the pages of this marketing site load static assets (CSS, fonts) from Tailwind Labs via its content delivery network. Like any content delivery network, this service receives your IP address and user agent to serve the asset — it does not set cookies, run analytics, or track users across sites.

3. International transfers

Some of our processors are based outside the UK or EEA. Where personal data is transferred internationally we rely on the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent safeguards as required by UK GDPR.

4. How long we keep data

Active licence data is kept for as long as your subscription is active.
After cancellation we retain licence and transaction records for up to 7 years to comply with UK accounting and tax law.
Trial accounts without a subsequent purchase are retained for up to 24 months, then deleted.

5. Your rights

Under UK GDPR you have the right to:

Access the personal data we hold about you.
Request that we correct inaccurate data.
Request that we delete your data (subject to legal retention obligations above).
Object to or restrict processing based on legitimate interest.
Request a copy of your data in a portable format.
Withdraw consent at any time, where we rely on consent.
Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk).

To exercise any of these rights, email privacy@algorecon.com. We respond within 30 days.

6. Security

The Service uses HTTPS for all communications with our licensing worker. Your local licence cache is encrypted with AES-256-GCM using a key derived from your device's hardware fingerprint — this means the cache cannot be read if copied to another machine. We restrict employee access to personal data on a need-to-know basis.

7. Cookies

This website does not use tracking cookies, advertising cookies, or analytics cookies. Our payment processor's checkout page, hosted separately, uses functional cookies necessary to complete a purchase.

8. Children

The Service is not directed at children under 18. We do not knowingly collect personal data from children.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified via the email address associated with your account. The "last updated" date at the top of this page indicates when the policy was most recently revised.

10. Contact

Photon Services Limited
Email: privacy@algorecon.com