Privacy Policy

Last updated: May 7, 2026

AI Cash Systems ("we", "our", or "us"), operated by Alex Otvos, based in the European Union, is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable EU privacy laws. This Privacy Policy explains how we collect, use, store, and protect your personal information when you visit aicashsystem.space or purchase our digital products.

1. Data Controller

The data controller responsible for your personal data is:

Business name: AI Cash Systems
Operated by: Alex Otvos
Location: Târgu Mureș, Romania, European Union
Contact: supportaicashsystem@gmail.com

2. What Data We Collect

We collect only the minimum data necessary to provide our services:

Account data: your name and email address when you purchase or register
Payment data: processed securely by Stripe — we never store card numbers or payment details on our servers
Usage data: course progress, login timestamps, and activity within the Blueprint Studio platform
Technical data: IP address, browser type, and device information for security and fraud prevention

We do not collect sensitive personal data (race, health, religion, etc.) and we do not use your data for advertising profiling.

2a. Trading Bot Products (Apex Trade Bot / Apex Forex Bot)

If you purchase our trading bot software, the following applies in addition:

Self-hosted software: the bots run entirely on your own server or computer. Your exchange/broker API keys, account balances, positions, and trading history are processed locally on your infrastructure and are never transmitted to our servers. We have no access to your exchange or broker accounts, your API keys, or your funds at any time.
License verification: the bot software periodically verifies your license key against our server. This request contains only the license key — no trading data, no API keys, no balances.
Third-party services you configure: if you choose to enable optional features, your bot communicates directly (from your server, with your own accounts) with: your chosen exchange/broker, AI providers (Anthropic or Groq) for signal generation, and Telegram for notifications. These connections use your own API keys and are governed by those providers' privacy policies, not ours.
What we store about bot customers: your purchase email, your license key, and payment records (via Stripe) — nothing else.

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal bases:

Contract performance (Art. 6(1)(b)): to deliver your purchased course and manage your account
Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, and platform improvement
Legal obligation (Art. 6(1)(c)): to comply with applicable tax and financial regulations
Consent (Art. 6(1)(a)): for optional marketing communications (you can withdraw consent at any time)

4. How We Use Your Data

Your data is used exclusively to:

Deliver your purchased course and access credentials
Send transactional emails (access codes, receipts, important account notifications)
Provide customer support and resolve issues
Prevent fraud and ensure platform security
Comply with legal and tax obligations
Improve our products and services (using anonymized analytics only)

We never sell, rent, or share your personal data with third parties for their marketing purposes.

5. Data Sharing and Third-Party Processors

We share your data only with trusted processors who help us deliver our services, all bound by data processing agreements:

Stripe, Inc. (USA) — payment processing. Stripe is certified under EU-US Data Privacy Framework. Privacy policy: stripe.com/privacy
Supabase, Inc. (USA) — database hosting. Data stored on EU servers where possible. Privacy policy: supabase.com/privacy
Brevo SAS (France) — transactional email delivery. EU-based processor. Privacy policy: brevo.com/legal/privacypolicy
OpenAI, Inc. (USA) — AI features within the Blueprint Studio platform. Privacy policy: openai.com/privacy
Render Services, Inc. (USA) — hosting infrastructure. Privacy policy: render.com/privacy

6. Cookies and Local Storage

We use only essential cookies and browser storage necessary for the platform to function:

Access cookie (af_access): an HttpOnly, signed cookie that verifies your course purchase — required for access to course content
localStorage tokens: short-lived session data stored locally in your browser to maintain app state — these are not cookies and are not transmitted to third parties

We do not use advertising cookies or tracking pixels. Page fonts are loaded from Google Fonts (fonts.googleapis.com), which may process your IP address as part of the request; no personal data beyond the IP is shared with Google for this purpose.

No cookie consent banner is required as we only use strictly necessary cookies.

7. Data Retention

We retain your personal data as follows:

Account and course data: for the lifetime of your account plus 2 years after account closure
Payment records: 7 years as required by EU tax regulations
Support communications: 2 years after the last interaction

Upon account deletion request, we delete all personal data within 30 days, except data we are legally required to retain.

8. Your Rights Under GDPR

As an EU resident, you have the following rights which you can exercise at any time by contacting us:

Right of access (Art. 15): request a copy of all personal data we hold about you
Right to rectification (Art. 16): request correction of inaccurate or incomplete data
Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten")
Right to restriction (Art. 18): request that we restrict processing of your data
Right to data portability (Art. 20): receive your data in a machine-readable format
Right to object (Art. 21): object to processing based on legitimate interests
Right to withdraw consent: withdraw consent at any time without affecting prior processing

To exercise any of these rights, email us at supportaicashsystem@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.

9. Data Security

We implement appropriate technical and organizational security measures including:

HTTPS encryption for all data in transit
Encrypted database storage via Supabase
Access tokens with expiration dates
No storage of payment card data on our servers
Regular review of access permissions

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected users without undue delay, as required by GDPR Art. 33-34.

10. International Data Transfers

Some of our service providers are based outside the EU (USA). All transfers are conducted with appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms such as the EU-US Data Privacy Framework.

11. Children's Privacy

Our Services are intended for individuals aged 18 and over. We do not knowingly collect personal data from minors under 18. If you believe a minor has provided us with personal information, please contact us immediately and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. We will notify you of material changes via email or a prominent notice on our website at least 7 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact and Complaints

For privacy-related questions, data subject requests, or complaints:

Email: supportaicashsystem@gmail.com
Response time: within 30 days (as required by GDPR)
Supervisory authority: You have the right to file a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at dataprotection.ro, or with the supervisory authority in your country of residence.