CrestAlgo

Privacy Policy

Last updated: April 2026

CrestAlgo ("we", "our", or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy informs you about how we look after your personal data when you visit our website (regardless of where you visit it from) and tells you about your privacy rights.

This policy is drafted in accordance with the General Data Protection Regulation (EU Regulation 2016/679, "GDPR") and the Dutch GDPR Implementation Act (Uitvoeringswet AVG, "UAVG").

1. Data Controller

The data controller responsible for your personal data is:

CrestAlgo (a trade name of Sky Pioneers)
KVK: 92956076
Almere, Netherlands
Email: privacy@crestalgo.com

For any questions about this Privacy Policy or to exercise your data rights, please contact us at the email address above.

2. What Data We Collect

We collect and process only the personal data that is necessary for the purposes described in this policy. We follow the principle of data minimisation — we do not collect more data than we need.

Data you provide directly:

  • Email address (when subscribing to a newsletter, contacting us, or creating an account via Whop)
  • Name (if provided when contacting us)
  • Communication content (when you send us an email or message)

Data collected automatically when you visit our website:

  • IP address (anonymised where possible)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on pages
  • Referring website URL
  • Date and time of visit

Data processed by third parties on our behalf:

  • Payment and subscription data (processed and stored by Whop — we do not store your payment card details)
  • TradingView and NinjaTrader access data (processed by the respective platforms)

3. Why We Collect Your Data (Legal Bases)

Under the GDPR, we must have a valid legal basis for processing your personal data. We rely on the following:

  • Performance of a contract (Article 6(1)(b) GDPR): To deliver the products and services you have purchased, manage your subscription, and provide customer support.
  • Legitimate interest (Article 6(1)(f) GDPR): To improve our website, analyse usage patterns, ensure security, and communicate about product updates. Our legitimate interest does not override your fundamental rights and freedoms.
  • Consent (Article 6(1)(a) GDPR): For optional activities such as sending marketing newsletters. You can withdraw consent at any time.
  • Legal obligation (Article 6(1)(c) GDPR): To comply with Dutch tax, accounting, and legal requirements (e.g., invoice retention).

4. How We Use Your Data

We use your personal data for the following purposes:

  • Delivering and managing access to purchased products
  • Processing transactions (via Whop)
  • Responding to your enquiries and providing customer support
  • Sending transactional emails (purchase confirmations, subscription updates)
  • Sending marketing communications (only with your explicit consent)
  • Improving our website, products, and user experience
  • Analysing website traffic and usage patterns
  • Complying with legal and regulatory obligations
  • Preventing fraud and ensuring security

We will never sell, rent, or trade your personal data to third parties for their marketing purposes.

5. Third-Party Processors

We share your data with the following third-party processors who help us operate our business. Each processor is bound by data processing agreements and handles your data in accordance with GDPR:

ProcessorPurposeData SharedLocation
Whop, Inc.Payment processing, subscription management, product deliveryEmail, name, payment dataUnited States (EU-US Data Privacy Framework certified)
Vercel, Inc.Website hostingIP address, usage dataUnited States (EU-US Data Privacy Framework)
Google (Analytics)Website analytics (if implemented)Anonymised IP, usage dataUnited States (EU-US Data Privacy Framework)
Namecheap, Inc.Email forwardingEmail addressUnited States (EU-US Data Privacy Framework)
Formspree, Inc.Form submission handlingEmail address, form dataUnited States (EU-US Data Privacy Framework)

We will update this table as we add or change processors. Where data is transferred to the United States, we rely on the EU-US Data Privacy Framework adequacy decision, Standard Contractual Clauses (SCCs), or other appropriate safeguards.

6. Cookies and Tracking

Essential cookies: Our website uses essential cookies that are strictly necessary for the website to function correctly (e.g., session management, security). These do not require your consent under Dutch law (Telecommunicatiewet).

Analytics cookies: If we implement analytics tracking (e.g., Google Analytics), we will only activate analytics cookies after obtaining your explicit consent through a cookie consent banner. You may decline analytics cookies without any impact on your use of the website.

No advertising cookies: We do not use advertising or marketing cookies. We do not engage in behavioural advertising or retargeting.

Your cookie preferences can be changed at any time through the cookie settings on our website.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Account and subscription data: For the duration of your subscription and up to 12 months after cancellation, unless a longer retention period is required by law.
  • Invoice and financial records: 7 years, as required by Dutch tax law (Algemene wet inzake rijksbelastingen).
  • Communication records (support emails): Up to 24 months after the last communication.
  • Website analytics data: Anonymised and retained for up to 26 months.

After the retention period expires, your data will be securely deleted or anonymised.

8. Your Rights Under the GDPR

As a data subject, you have the following rights under the GDPR:

  • Right of access (Article 15): You can request a copy of the personal data we hold about you.
  • Right to rectification (Article 16): You can ask us to correct inaccurate or incomplete data.
  • Right to erasure (Article 17): You can ask us to delete your personal data ("right to be forgotten"), subject to legal retention obligations.
  • Right to restrict processing (Article 18): You can ask us to temporarily restrict how we use your data.
  • Right to data portability (Article 20): You can request your data in a structured, machine-readable format.
  • Right to object (Article 21): You can object to processing based on legitimate interest or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@crestalgo.com. We will respond to your request within 30 days, as required by the GDPR. We may ask you to verify your identity before processing your request.

If you are not satisfied with how we handle your request, you have the right to file a complaint with the Dutch Data Protection Authority:

Autoriteit Persoonsgegevens (AP)
Website: https://autoriteitpersoonsgegevens.nl
Postal address: Postbus 93374, 2509 AJ Den Haag, Netherlands

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption on all pages of our website
  • Secure hosting infrastructure via Vercel
  • Access controls limiting who can access personal data
  • Regular review of security practices

While we take reasonable steps to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our products and services are not directed at individuals under the age of 16 (the age of digital consent in the Netherlands under the UAVG). We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have inadvertently collected data from a child under 16, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will make reasonable efforts to notify you (e.g., via email or a notice on our website).

We encourage you to review this policy periodically.

12. Contact

For any privacy-related questions, concerns, or to exercise your data rights, please contact:

CrestAlgo (a trade name of Sky Pioneers)
Data Controller
KVK: 92956076
Email: privacy@crestalgo.com
Website: https://crestalgo.com

← Back to Home