PortQuant
PortQuant

Privacy Policy

Last updated: January 24, 2026

1. Introduction

PortQuant ("we", "us", or "our") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our trading portfolio analysis service at https://portquant.com.

We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable European data protection laws. By using our service, you acknowledge that you have read and understood this policy.

2. Data Controller

The data controller responsible for your personal data is:

arvadis GmbH
Zelglistrasse 39
5600 Lenzburg
Switzerland

Email: [email protected]
Website: https://portquant.com

3. Data We Collect

3.1 Account Information (PortQuant User Account)

  • Email address: Used for authentication and communication
  • Name (optional): Display name for personalization
  • User preferences: Theme settings, dashboard layouts, display preferences

✓ We do NOT store passwords. We use passwordless authentication via email codes.

3.2 Trading Account Information (From MetaTrader)

When you connect your trading platform via our Expert Advisor (EA), we receive and store the following account information:

  • Account type: Demo, real, or contest account classification
  • Account settings: Leverage, currency, margin mode
  • Account balances: Balance, equity, margin, free margin, margin level, credit
  • Profit/Loss: Current floating profit

Privacy-First Design

  • We do NOT store your MT5 account number (login)
  • We do NOT store your broker name or server
  • Your trading accounts are identified only by anonymous, system-generated identifiers
  • API keys are cryptographically bound to prevent reuse on different accounts

3.3 Trade History and Positions

We receive and store detailed information about your trading activity:

  • Deal/Trade details: Ticket numbers, order IDs, position identifiers
  • Execution data: Open/close timestamps, entry prices, exit prices
  • Volume: Lot sizes and trade volumes
  • Symbols: Trading instruments (e.g., EURUSD, XAUUSD)
  • Costs: Commission, swap, fees
  • Results: Profit/loss per trade
  • Risk management: Stop loss and take profit levels
  • EA information: Magic numbers, comments (for strategy identification)

3.4 Performance Snapshots

We periodically capture account snapshots to calculate performance metrics:

  • Balance and equity at regular intervals
  • Margin usage and free margin
  • Floating profit/loss on open positions

3.5 Technical Data

  • IP address: For security, fraud prevention, and abuse detection
  • Browser type and version: For compatibility and support
  • Device information: Screen size, operating system
  • Access timestamps: Login times, session duration

4. Legal Basis for Processing

Under GDPR, we process your data based on:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our portfolio analysis service to you
  • Legitimate Interests (Art. 6(1)(f)): Security, fraud prevention, and service improvement
  • Consent (Art. 6(1)(a)): For optional marketing communications (you can withdraw consent anytime)
  • Legal Obligation (Art. 6(1)(c)): When required by law

5. How We Use Your Data

5.1 Trading Data Processing

  • Calculate equity curves, balance curves, and account performance over time
  • Compute risk metrics: maximum drawdown, risk-adjusted returns, win rates
  • Generate per-trade analytics: pips, duration, profit factors
  • Create performance reports and visualizations
  • Group trades by strategy (magic number) for strategy-level analysis
  • Track open positions and floating profit/loss in real-time

5.2 Account Data Processing

  • Authenticate your access to the service via passwordless email codes
  • Link trading accounts to your user profile securely
  • Provide personalized dashboard and preference settings
  • Send service-related notifications (login codes, account alerts)

5.3 Technical Data Processing

  • Detect and prevent fraud, unauthorized access, or abuse
  • Monitor and improve service security and performance
  • Troubleshoot technical issues and provide support
  • Comply with legal obligations

6. Data Retention

We retain your data as follows:

  • User account data: Until you delete your PortQuant account
  • Trading account data: All trading history is stored indefinitely for your records and analysis
  • Account snapshots: Equity and balance snapshots stored indefinitely for performance tracking
  • Authentication logs: 90 days for security purposes
  • Technical logs: 30 days

Important: Data Deletion

When you delete a trading account from PortQuant, all associated data is permanently and immediately deleted. This includes all trades, open positions, snapshots, and performance data. There is no recovery period. We recommend exporting your data before deletion if you need records.

7. Data Sharing

We do NOT sell, rent, or trade your personal data. We may share data only with:

  • Service providers: Hosting, email delivery (under strict data processing agreements)
  • Legal authorities: When required by law or court order

All third-party processors are bound by GDPR-compliant Data Processing Agreements (DPAs) and are located within the EU or in countries with adequate data protection levels.

8. International Data Transfers

Our servers are located in the European Union. If any data transfer outside the EU is necessary, we ensure appropriate safeguards are in place, including:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

Right of Access (Art. 15)

Request a copy of all personal data we hold about you

Right to Rectification (Art. 16)

Request correction of inaccurate personal data

Right to Erasure (Art. 17)

Request deletion of your personal data ("right to be forgotten")

Right to Restriction (Art. 18)

Request limitation of processing of your data

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format

Right to Object (Art. 21)

Object to processing based on legitimate interests

Right to Withdraw Consent (Art. 7)

Withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

10. Data Security

We implement appropriate technical and organizational measures including:

  • Encryption in transit: TLS 1.3 encryption for all API and web communications
  • Encryption at rest: Database-level encryption for all stored data
  • Network isolation: Database servers are isolated in private networks with no public internet access
  • Access controls: Role-based access, API key authentication, and session management
  • Rate limiting: Protection against brute force and denial-of-service attacks
  • Regular backups: Encrypted backups with geographic redundancy
  • Monitoring: Real-time intrusion detection and anomaly monitoring
  • Infrastructure security: Firewalls, fail2ban, and regular security updates

Our infrastructure is hosted in Hetzner data centers in Germany, ensuring all data remains within the European Union.

11. Cookies

We use only essential cookies required for the service to function:

  • Session cookies: To maintain your login session
  • Preference cookies: To remember your theme and display settings

We do NOT use tracking cookies, analytics cookies, or advertising cookies.

12. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our service. The "Last updated" date at the top indicates when the policy was last revised.

14. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with your local Data Protection Authority (DPA). However, we encourage you to contact us first so we can address your concerns directly.

15. Contact Us

For any questions about this Privacy Policy or our data practices, please contact:

PortQuant Data Protection
arvadis GmbH, Zelglistrasse 39, 5600 Lenzburg, Switzerland
Email: [email protected]
Website: https://portquant.com