Skip to main content

Privacy Policy (Markets.Capital) - GDPR (EU) / Germany

Controller (data controller): Magton GmbH, Wolfserlen 41, 56237 Breitenau, RLP, Germany
Contact: markets.capital@magton.com (general), legal@magton.com (privacy/legal)
Last updated: 2025-12-28

This Privacy Policy explains how we process personal data when you use the Markets.Capital mobile application (“App”).

1) What data we process

Depending on how you use the App, we may process:

  • Account data: name (if provided), email address, authentication identifiers (e.g., UID “User ID”).
  • Preferences and settings: language, theme, notification preferences, and other profile settings.
  • User-generated app data: watchlists, price alerts, and related configuration you create in the App.
  • Push notification data: device push token (e.g., FCM token) and metadata necessary to deliver notifications (e.g., platform/locale).
  • Subscription data: subscription status/entitlements and purchase-related identifiers as needed to validate and provide paid features.
  • Technical and security data: device/app information, logs and diagnostic data (e.g., crash reports), IP address/server logs when you interact with our backend services.

We do not intentionally collect special categories of data (Art. 9 GDPR).

2) Purposes of processing

We process personal data for the following purposes:

  • Provide and operate the App (authentication, core features, syncing across devices).
  • Deliver notifications you enable (including critical product updates if applicable).
  • Manage subscriptions and payments and provide premium features.
  • Security and abuse prevention (fraud detection, protecting accounts and infrastructure).
  • Reliability and debugging (crash and error monitoring).
  • Customer support and communication when you contact us.

Depending on the context, we rely on one or more of the following legal bases:

  • Performance of a contract (Art. 6(1)(b) GDPR) — to provide the App and requested features.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to secure and improve the service, prevent abuse, and maintain reliability.
  • Consent (Art. 6(1)(a) GDPR) — where required, e.g. for certain optional notification categories. You can withdraw consent at any time via the App settings where available.
  • Legal obligation (Art. 6(1)(c) GDPR) — where we must comply with mandatory legal requirements (e.g., accounting obligations).

4) Recipients and processors

We use service providers (“processors”) to operate the App. Depending on your usage, this may include:

  • Firebase (Google): authentication and push messaging (FCM).
  • Payment providers: Apple App Store / Google Play (in-app purchases) and Stripe (where used).
  • Infrastructure providers: hosting and database/infrastructure services required to run our backend (e.g., Hasura/PostgreSQL hosting).
  • Error monitoring: Sentry (crash/error reporting).
  • AI content providers: where applicable, we may use AI providers (e.g., OpenAI) to generate or assist with generating insights.

We only share data with processors to the extent necessary for the purposes described above, and we require appropriate contractual safeguards (e.g., data processing agreements where applicable).

5) International transfers

Some processors may process data outside the European Economic Area (EEA). Where this occurs, we use appropriate safeguards such as adequacy decisions or Standard Contractual Clauses (SCCs), as applicable.

6) Data retention

We keep personal data only as long as necessary for the purposes described in this policy:

  • Account and settings data: for the duration of your account, unless you delete it.
  • Subscription records: as required to provide services and comply with legal obligations (e.g., accounting).
  • Logs/diagnostics: retained for a limited period necessary for security and troubleshooting.

You can request deletion (see “Your rights” below). Some data may need to be retained where legally required.

7) Security

We use appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit where applicable, and least-privilege practices. No method of transmission or storage is completely secure, but we continuously work to protect data.

8) Your GDPR rights

Subject to GDPR conditions and applicable law, you may have the right to:

  • access your personal data (Art. 15),
  • rectify inaccurate data (Art. 16),
  • delete your data (Art. 17),
  • restrict processing (Art. 18),
  • data portability (Art. 20),
  • object to processing based on legitimate interests (Art. 21),
  • withdraw consent at any time (Art. 7(3)).

To exercise your rights, contact us at legal@magton.com. We may need to verify your identity before fulfilling requests.

9) Complaints to a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

For Germany (Hesse), the competent authority is typically the Hessian Commissioner for Data Protection and Freedom of Information (HBDI).

10) Children

The App is not intended for users under 18. We do not knowingly collect personal data from children.

11) Cookies / local storage / device storage

The App uses local device storage (e.g., AsyncStorage) to store preferences and settings necessary for functionality (e.g., language, theme). This is not “cookies” in a browser sense, but serves similar functional purposes in an app context.

12) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date indicates when changes were made. Continued use of the App after changes means you acknowledge the updated policy.

13) Contact

If you have questions about privacy or this policy, contact: