Privacy Policy.

The data controller is COF Trading / Burak Okyay (see legal notices). Requests about personal data can be sent to <mail/>.

• Contract performance (Art. 6.1.b GDPR) — activation and maintenance of VIP access.
• Legal obligation (Art. 6.1.c) — retention of accounting and tax records.
• Legitimate interest (Art. 6.1.f) — service security, fraud prevention.
• Consent (Art. 6.1.a) — non-essential cookies and optional marketing communications.

• Stripe Payments Europe Ltd. — payment processing (Ireland, EU).
• Vercel Inc. — website hosting (United States, transfer governed by SCCs).
• Telegram FZ-LLC — signal broadcasting (UAE, transfer governed by SCCs).
• Supabase Inc. — customer database (United States / EU, encryption at rest).
• No data is resold to third parties for commercial purposes.

Some technical service providers are established outside the EU. Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, and/or additional encryption measures, in accordance with the Schrems II ruling.

You have the following rights, exercisable at any time via <mail/>:

• Right of access, rectification, and erasure.
• Right to restriction and data portability.
• Right to object on legitimate grounds.
• Right to define post-mortem directives regarding your data.
• Right to lodge a complaint with the Spanish Data Protection Agency, AEPD (aepd.es), or another competent EU supervisory authority.

Data is transmitted via HTTPS (TLS 1.3), passwords are never stored in plaintext, and admin access is protected by two-factor authentication. Databases are encrypted at rest. Backups are retained for 30 days.

The cookie policy is detailed on a dedicated page: Cookie Policy.