Status: Finalized by founder 2026-05-24. Thai legal counsel review pending (non-blocking for publication; will be incorporated on next material update).
Authoritative language: English. A Thai-language version (นโยบายความเป็นส่วนตัว) will be added before Thai market launch (DECISIONS §3.2); when published, both versions will be co-equal under PDPA, with the English text governing in case of conflict pending legal review of the Thai translation.
Effective date: 2026-05-24 Last updated: 2026-05-24
iNakaTrader is a TradingView-to-MetaTrader 5 signal bridge operated by Thanapong Pipattanasak as a sole proprietor. For privacy matters we are the data controller as defined by the Thailand Personal Data Protection Act B.E. 2562 (2019) ("PDPA").
privacy@inakatrader.com (alias of contact@inakatrader.com)We have not appointed a Data Protection Officer (DPO) because our processing does not meet the §41 thresholds in PDPA (we are not a public authority, our core activity is not large-scale monitoring of people, and we do not process sensitive personal data under §26). We will appoint one if our scale crosses those thresholds.
This policy applies to:
We collect only what is necessary to operate the service. Specifically:
customer_id and subscription_id for your account.When TradingView fires an alert through us, or your EA reports back a trade result, we log:
| Data | Why we need it | Lawful basis |
|---|---|---|
| Name, email | Issue your license, send you the license key, contact you about service changes | Contract (§24(3)) |
| Payment data | Charge your subscription | Contract (§24(3)) |
| License key, tier, magic numbers, symbols, expiry | Operate the service you paid for | Contract (§24(3)) |
| Telegram bot token + chat ID | Send you alerts you asked for | Consent (§19) |
| Trading event metadata (audit log) | Debug failures, resolve disputes, detect abuse | Legitimate interest (§24(5)) |
| IP address | Stop brute-force attacks on license keys; investigate incidents | Legitimate interest (§24(5)) |
Where we rely on consent (Telegram linking), you can withdraw it at any time and we will stop using the data for that purpose. Withdrawal does not affect the lawfulness of earlier processing.
Where we rely on legitimate interest, we have weighed our need against your privacy and judged that audit logging and security data are minimal and necessary for a paid service that handles money-adjacent operations.
We use a small number of trusted service providers ("sub-processors"). We share only what each provider needs to do their job.
| Sub-processor | What they receive | Why | Location |
|---|---|---|---|
| Stripe Inc. | Name, email, card data, transaction history | Payment processing | United States |
| Google (Gmail SMTP) | The email we send you (license key, billing portal link) | Email delivery | United States |
| Oracle Cloud | All of the above, in storage and at rest on our server | Hosting (our application server) | Singapore (ap-singapore-1) |
| Backblaze B2 | Encrypted backups of our database | Off-site disaster recovery; backups are encrypted with age and Backblaze cannot read them |
United States |
| Telegram FZ-LLC | The alert messages we send to your chat (if you linked Telegram) | Alert delivery; only if you opted in | UAE / global |
| healthchecks.io | Heartbeat pings — no customer data | Monitoring our own backup jobs | (no customer data) |
We do not sell, rent, or trade your personal data. We do not share it with advertisers or data brokers. We do not use it to train AI/ML models.
Some of the sub-processors above are outside Thailand. Under PDPA §28, we rely on §28(5) — transfer necessary for the performance of a contract between you and us, or for steps you requested before entering a contract. All transfers above are necessary to deliver the service you signed up for.
For Backblaze B2 backups specifically: we encrypt backups with age (X25519) before they leave our server. Backblaze receives only ciphertext.
If you would like additional information about a specific transfer, contact us at privacy@inakatrader.com.
| Data | Retention |
|---|---|
| Active license records | While your subscription is active, plus 24 months after cancellation, after which we anonymize the record (your name, email, and Stripe IDs are removed; the license key is kept for our internal audit chain but is no longer linked to you) |
| Audit log (trading event metadata) | 365 days from the event |
| Server access logs (nginx) | 30 days |
| Database backups | 30 daily snapshots + 12 monthly snapshots, with the same 24-month anonymization downstream applied during quarterly restore drills |
| Failed-login IP tracking | 15 minutes from the last failed attempt |
| Payment records held by Stripe | Per Stripe's retention policy — outside our control; see Stripe's privacy policy |
We may retain data longer than the above when:
You have the following rights with respect to your personal data:
| Right | What it means |
|---|---|
| Access (§30) | Request a copy of the personal data we hold about you |
| Rectification (§35–36) | Ask us to correct inaccurate or incomplete data |
| Erasure (§33) | Ask us to delete your data — subject to legal-retention exceptions (see §7) |
| Portability (§31) | Ask us to send you your data in a machine-readable format (JSON) |
| Object / restrict (§32) | Ask us to stop or limit certain uses |
| Withdraw consent (§19) | For consent-based items only (e.g. Telegram linking) |
| Lodge a complaint | With Thailand's Office of the Personal Data Protection Committee (PDPC) — contact below |
Email privacy@inakatrader.com from the email address on your iNakaTrader license. We will respond within 30 days. For higher-risk requests (such as erasure of an active subscription) we may ask you to confirm the request via the billing-portal magic-link flow as a second factor.
We may refuse a request that is manifestly unfounded or excessive (PDPA §36), or where we are legally required to retain the data. If we refuse, we will tell you why and explain how to complain to the PDPC.
You can also unlink Telegram alerts directly from your dashboard at any time — no email needed.
We use only what is necessary to operate the website and the dashboard. We do not run advertising trackers. Stripe Checkout sets its own cookies during payment; these are governed by Stripe's privacy policy. A more detailed cookie statement will be added once our cookie audit is complete.
iNakaTrader is offered to adults engaged in financial trading. We do not knowingly collect personal data from anyone under 20 years old (the age of majority in Thailand). If you believe we have, contact us at privacy@inakatrader.com and we will delete the record.
We hold your data on an Oracle Cloud server in Singapore with the following safeguards:
...)age before leaving our serverNo security is perfect. If you become aware of a vulnerability, please email security@inakatrader.com and we will respond.
If a personal data breach occurs that poses risk to your rights or freedoms, we will:
We may update this policy as the service evolves or the law changes. The "Last updated" date at the top of this page reflects the most recent change. For material changes (new categories of data collected, new sub-processors, change of lawful basis) we will email active customers in advance.
For privacy questions, data-subject requests, or to report a privacy concern:
- Email: privacy@inakatrader.com
- Mail: Thanapong Pipattanasak, 428/27 Moo 9, Pho Khun Road, Robwiang, Mueang, Chiang Rai 57000, Thailand
To complain to the regulator: - Office of the Personal Data Protection Committee (PDPC) - The Government Complex, Building B, 7th Floor, 120 Moo 3, Chaeng Wattana Road, Thung Song Hong, Lak Si, Bangkok 10210, Thailand - Web: https://www.pdpc.or.th