Privacy Policy
This policy is a placeholder aligned to the Australian Privacy Principles. Have it reviewed by an Australian privacy lawyer before publication.
Introduction
DarkStellar respects your privacy.
This Privacy Policy explains how [LEGAL ENTITY NAME], trading as DarkStellar, collects, holds, uses and discloses personal information in connection with:
- the DarkStellar website;
- strategy submissions;
- research and backtesting services;
- trading-log uploads;
- waitlists and enquiries;
- payments;
- report delivery;
- the DarkStellar Terminal; and
- related communications.
This policy is structured to follow the matters addressed by the Australian Privacy Principles where they apply. APP entities are required to maintain a clearly expressed, up-to-date privacy policy that covers the kinds of information collected, collection methods, purposes, access and correction, complaints and likely overseas disclosures.
Most Australian small businesses with annual turnover of $3 million or less are not automatically covered by the Privacy Act, although exceptions apply and businesses may opt in. DarkStellar nevertheless aims to apply reasonable privacy practices from the beginning.
Who we are
DarkStellar is operated by:
- Legal entity: [LEGAL ENTITY NAME]
- ABN: [ABN]
- Location: [STATE/ADDRESS]
- Privacy email: [PRIVACY EMAIL]
Personal information we may collect
Depending on how you interact with us, we may collect:
Identity and contact information
- name;
- email address;
- telephone number;
- country, state or time zone;
- business or organisation name; and
- preferred contact method.
Account information
- username;
- encrypted or hashed authentication credentials;
- account preferences;
- subscription or access level; and
- security and login records.
Strategy and research information
- strategy descriptions;
- indicators and settings;
- entry and exit rules;
- risk assumptions;
- instruments and timeframes;
- testing requirements;
- research questions;
- notes and correspondence; and
- report feedback.
Trading records
Where voluntarily provided:
- trade timestamps;
- instruments;
- entry and exit prices;
- position direction;
- position size;
- profit and loss;
- fees;
- stop-loss and take-profit information;
- journal notes;
- screenshots; and
- broker or platform exports.
We do not need your broker password, exchange password, private key, seed phrase or API secret. Do not provide them.
Files and intellectual property
- PDFs;
- spreadsheets;
- CSV files;
- screenshots;
- written trading plans;
- Pine Script or other code;
- indicator documentation; and
- other uploaded materials.
Transaction information
- purchased service;
- payment status;
- billing contact details;
- invoice records;
- transaction identifier; and
- limited payment metadata supplied by our payment processor.
We generally do not receive or store complete payment-card numbers.
Technical and usage information
- IP address;
- browser and device information;
- operating system;
- referring page;
- pages viewed;
- approximate location derived from IP;
- session and event data;
- diagnostic information;
- cookie identifiers; and
- security logs.
Communications
- enquiry forms;
- support correspondence;
- survey responses;
- waitlist details; and
- records of consent and marketing preferences.
Sensitive and unnecessary information
Please do not submit information that is unnecessary for the service, including:
- account passwords;
- private cryptographic keys;
- seed phrases;
- full credit-card details;
- government identification documents;
- tax file numbers;
- detailed medical information; or
- another person’s personal information without permission.
If unsolicited information is received, we may delete or de-identify it where lawful and appropriate.
How we collect information
We may collect personal information:
- directly from you through forms, accounts, uploads, email or calls;
- when you purchase a service;
- through the DarkStellar Terminal;
- automatically through cookies and technical logs;
- through payment, authentication or hosting providers;
- from someone authorised to act for you; or
- from publicly available sources where lawful and reasonably necessary.
Personal information should be collected by lawful and fair means and, where reasonable and practicable, directly from the individual concerned.
Why we use personal information
We may use information to:
- assess whether a strategy is testable;
- provide quotes and accept engagements;
- reconstruct and backtest submitted strategies;
- compare trading records with strategy rules;
- generate and deliver reports;
- communicate with you;
- operate user accounts;
- provide beta or Terminal access;
- process payments and invoices;
- improve product usability and reliability;
- maintain security and prevent misuse;
- troubleshoot technical issues;
- maintain business and compliance records;
- respond to complaints;
- enforce our Terms;
- comply with legal obligations; and
- send marketing where you have consented or where otherwise permitted.
We will not use your identifiable strategy to create a product for another user without your permission.
De-identified and aggregated information
We may create aggregated or de-identified statistics that do not reasonably identify you, such as:
- usage totals;
- common strategy categories;
- system performance;
- average processing times; and
- broad analytical trends.
We may use properly de-identified information for product improvement, research and business planning.
We will not intentionally publish your identifiable strategy rules or trading history as part of aggregated material.
Artificial intelligence and automated tools
We may use software or artificial-intelligence tools to assist with tasks such as:
- document classification;
- rule extraction;
- coding assistance;
- data validation;
- drafting summaries;
- customer support; and
- software development.
Where strategy files or personal information may be processed by an external AI provider, we will take reasonable steps to limit the information provided and select appropriate business or privacy settings.
Human review remains part of the manual research service.
When we disclose information
We may disclose personal information to:
- employees and authorised contractors;
- cloud-hosting and storage providers;
- database and authentication providers;
- payment processors;
- email and customer-support platforms;
- analytics and security providers;
- specialist analysts engaged for your project;
- legal, accounting and professional advisers;
- regulators, courts and law-enforcement bodies where required; and
- a purchaser or successor in connection with a genuine business sale or restructure.
Service providers may only receive information reasonably required for their function.
We do not sell identifiable personal information or submitted trading strategies.
Overseas processing
Some technology providers may store or process information outside Australia, potentially including in:
- the United States;
- European Union member states;
- the United Kingdom;
- Singapore; and
- other locations used by our providers.
Where the Privacy Act applies, privacy policies must address likely overseas disclosure and, where practicable, identify relevant countries. APP 8 may also require reasonable steps regarding overseas recipients.
Security
We take reasonable steps appropriate to our size and operations to protect information from misuse, interference, loss and unauthorised access, modification or disclosure.
Measures may include:
- encrypted data transmission;
- access controls;
- multi-factor authentication;
- restricted staff access;
- provider security reviews;
- backups;
- logging and monitoring;
- staff confidentiality obligations; and
- deletion or de-identification processes.
No internet-based system is completely secure. You should avoid sending unnecessary or highly sensitive information.
Data breaches
We maintain processes to assess and respond to suspected data breaches.
Where DarkStellar is subject to the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC when required for an eligible breach likely to result in serious harm.
Retention
We retain information only for as long as reasonably required for:
- providing services;
- maintaining reports and customer records;
- responding to disputes;
- security;
- tax and accounting;
- legal compliance; and
- legitimate business needs.
Indicative retention periods may be:
- rejected enquiries: [6–12 months];
- completed research submissions and reports: [3–7 years];
- invoices and accounting records: as required by law;
- waitlist records: until withdrawal or the waitlist purpose ends;
- account records: while active and for a reasonable period afterward;
- security logs: [30 days–2 years], depending on risk and purpose.
Once no longer required, information may be deleted, securely destroyed or de-identified.
Cookies and analytics
We may use:
- essential cookies;
- authentication cookies;
- security cookies;
- preference cookies; and
- analytics technologies.
Essential technologies are used to operate and secure the website.
Where required, optional analytics or marketing technologies will be managed through a consent tool.
You can restrict cookies through your browser, although parts of the website may not function correctly.
Direct marketing
We may send product news, research updates or invitations where:
- you have consented;
- you joined a relevant waitlist; or
- applicable law otherwise permits it.
You may unsubscribe at any time using the link in the message or by contacting us.
We will not require you to log in, pay a fee or provide unnecessary additional information to unsubscribe. Australian unsubscribe requests must generally be honoured within five working days.
Service messages about purchases, security, reports and account access are not marketing communications.
Access and correction
You may request access to personal information we hold about you or ask us to correct inaccurate or outdated information.
Send requests to [PRIVACY EMAIL].
We may need to verify your identity. In some circumstances, access may be refused or limited where permitted by law. If so, we will explain the reason where required.
Deletion requests
You may request deletion of personal information.
We will consider the request, but may retain information where reasonably required for:
- legal or accounting obligations;
- dispute resolution;
- fraud prevention;
- security;
- enforcing agreements; or
- establishing or defending legal claims.
Deletion of strategy files may prevent us from completing or revising a report.
Confidentiality and other users’ information
Where your files contain information about another person, you must ensure you have authority to provide it.
You should redact unnecessary:
- names;
- account identifiers;
- email addresses;
- telephone numbers;
- addresses; and
- other identifying details.
Children
DarkStellar services are not directed to individuals under 18.
We do not knowingly collect personal information from children. Contact us if you believe a child has provided information without appropriate authority.
External links
Our website may link to third-party websites. Their privacy practices are governed by their own policies, not this policy.
Privacy complaints
Send privacy complaints to:
- Privacy Officer
- DarkStellar / [LEGAL ENTITY NAME]
- Email: [PRIVACY EMAIL]
Include:
- your contact details;
- the issue;
- relevant dates;
- the outcome sought; and
- supporting information.
We will aim to acknowledge complaints within [5] business days and respond within a reasonable time.
Where the Privacy Act applies and you are dissatisfied with our response, you may be entitled to complain to the Office of the Australian Information Commissioner.
Changes to this policy
We may update this policy when our services, providers or legal obligations change.
The current version will be published with an updated effective date. Where appropriate, we may provide additional notice of material changes.
Contact
- DarkStellar / [LEGAL ENTITY NAME]
- ABN: [ABN]
- Privacy email: [PRIVACY EMAIL]
- Address: [ADDRESS OR STATE]
