Skip to content

Legal

Privacy Policy

Last updated 2026-07-10

1. Who is responsible for your data

This policy explains how Grit Agility Ltd, a company registered in Scotland with company number SC837399, collects and uses personal data when you visit https://gritmarkets.com, create an account, subscribe to Grit Markets or run the software. Grit Agility Ltd is the data controller for this processing. [OWNER INPUT: registered office address and privacy contact email; confirm whether the company is registered with the ICO and, if so, the registration number.]

We process personal data in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018. This policy applies to the website, the account dashboard, the licensing system built into the software, and our communications with you.

2. What we collect and why

Account data: when you create an account we collect your email address and a password, and any name you choose to provide. We use this to operate your account, deliver the software and licence key, and send service messages such as billing notices and security alerts. Lawful basis: performance of our contract with you.

Billing data: payments are processed by Stripe, acting as our payment processor. Stripe collects your card details directly; we do not receive or store full card numbers. We receive from Stripe confirmation of payment, the payment method type, and billing details needed for our records, such as your name, billing address and country. Lawful bases: performance of our contract, and our legal obligations to keep accounting and tax records.

Licence validation telemetry: when the Grit Markets software runs, it contacts our servers at https://gritmarkets.com to validate your licence. This transmits your licence key, the MetaTrader 5 account number the software is attached to, and the IP address from which the request is made, together with basic technical data such as the software version. We use this to enforce the one-licence-per-account binding, prevent fraud and licence abuse, and diagnose validation faults. Lawful basis: performance of our contract (licence enforcement is how the subscription works) and our legitimate interest in preventing fraud and protecting our intellectual property. We do not receive your trades, positions, balance or broker credentials through licence validation. [OWNER INPUT: confirm the exact telemetry fields transmitted by the shipped EA and update this list if it differs.]

Support and correspondence: if you contact us we keep the correspondence and any information you include in it, to answer you and to keep a record of the issue. Lawful basis: our legitimate interest in providing support and handling disputes.

Website data: our web server and hosting infrastructure log IP addresses and request data for security and reliability. Lawful basis: our legitimate interest in running a secure service. [OWNER INPUT: confirm analytics and cookie usage; if any non-essential cookies or analytics are used, a cookie notice and consent mechanism are required and this section must be updated.]

3. Who we share data with

We share personal data with service providers who process it on our instructions as processors: Stripe for payment processing; [OWNER INPUT: hosting provider for the website, dashboard and licensing servers]; [OWNER INPUT: email delivery provider for service and support email]; and [OWNER INPUT: any other processors, e.g. analytics, support desk, accounting software]. Each processor is bound by a contract meeting the requirements of Article 28 UK GDPR.

We may also disclose data where the law requires it, for example to HMRC in connection with tax records, to law enforcement under a lawful request, or to our professional advisers where necessary to establish or defend legal claims. If our business is sold or reorganised, data may be transferred to the successor subject to this policy. We do not sell personal data, and we do not share it with third parties for their own marketing.

4. International transfers

Some of our processors may store or process data outside the United Kingdom. Where that happens, we rely on a UK adequacy regulation for the destination country, or on appropriate safeguards such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses. [OWNER INPUT: confirm processor locations and the transfer mechanism relied on for each, in particular for Stripe and the hosting provider.]

5. How long we keep data

Account data is kept while your account is open and for [OWNER INPUT: retention period, e.g. 24 months] after it closes, in case you return and to handle residual queries. Billing records are kept for six years after the end of the relevant financial year, as required for UK tax and accounting purposes. Licence validation logs are kept for [OWNER INPUT: retention period, e.g. 12 months] for fraud prevention and diagnostics, then deleted or anonymised. Support correspondence is kept for [OWNER INPUT: retention period, e.g. 24 months] after the matter is closed. Where data is relevant to an ongoing dispute or legal claim, we keep it until the matter is resolved.

6. Security

We take appropriate technical and organisational measures to protect personal data, including encryption of data in transit, access controls limiting who within the company can access customer data, and the use of established infrastructure providers. No system is perfectly secure, and you are responsible for keeping your account password and licence key confidential.

If a personal data breach occurs that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within the statutory timescale and, where the risk is high, notify you directly.

7. Your rights

Under the UK GDPR you have the right to: access the personal data we hold about you; have inaccurate data corrected; have data erased where there is no longer a lawful reason to keep it; restrict processing in certain circumstances; object to processing based on legitimate interests; receive the data you provided to us in a portable format; and withdraw consent at any time where processing is based on consent, without affecting processing before the withdrawal.

To exercise any of these rights, contact us at [OWNER INPUT: privacy contact email]. We will respond within one month, and we may need to verify your identity first. Exercising your rights is free of charge except in the limited circumstances where the law permits a fee.

Please note that some data cannot be deleted on request while we have an overriding legal obligation or legitimate ground to keep it, for example billing records we must retain for tax purposes, or validation logs relevant to an active fraud investigation. Where we refuse a request we will explain why.

8. Marketing communications

We send service messages, such as billing notices, licence and security alerts, and material changes to terms, to all account holders; these are not marketing and you cannot opt out of them while you hold an account. We only send marketing email, such as product news or new content, where the law permits, and every marketing email includes an unsubscribe link. [OWNER INPUT: confirm whether marketing email is sent and on what basis, e.g. soft opt-in for existing customers or explicit consent at signup.]

9. Children

The Service is for adults. We do not knowingly collect personal data from anyone under 18, and you may not create an account if you are under 18. If we learn that we hold data about a person under 18, we will delete the account and associated data.

10. Complaints and changes to this policy

If you are unhappy with how we handle your data, please contact us first at [OWNER INPUT: privacy contact email] so we can try to put it right. You also have the right to complain to the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or by telephone on 0303 123 1113. If you are in the European Union you may complain to your local supervisory authority.

We may update this policy from time to time. The date at the top shows when it was last revised, and we will notify account holders of material changes by email or through the dashboard.