TL;DR — LunaVector is GDPR-compliant, ISO 27001-ready, and designed around data minimisation. We only collect what we need to run your indices securely.

What we collect

• Account data: name, email, country, plan.
• Exchange integration data: API keys (encrypted), balances, trade history needed for rebalancing.
• Operational logs: limited telemetry for security and reliability.

What we do not collect

• Private keys or seed phrases.
• Exchange passwords.
• Withdrawal credentials.

Your rights (GDPR)

• Access — download all personal data we hold.
• Rectify — correct inaccurate data.
• Erase — request deletion (subject to legal retention).
• Port — receive data in a machine-readable format.
• Object — to processing for specific purposes.

Contact [email protected] to exercise any right. We respond within 30 days.

Security posture

• Encryption at rest and in transit (TLS 1.2+).
• Strict role-based access control internally.
• Regular third-party penetration tests.