TICKPROOF

Legal

Privacy policy

This Privacy Policy explains how Centaurian OU (“we”, “us”, “TickProof”) collects, uses, and shares personal information when you visit tickproof.io, sign up for our waitlist, or use the TickProof product (collectively, the “Service”). We are the data controller for the personal information described in this policy.

Centaurian OU Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Registration number: 16275733
VAT number: EE102500301
Contact: [email protected]

If you have questions about this policy or want to exercise any of the rights described below, email us at [email protected].

Information we collect

Information you give us directly

  • Email address — when you join the waitlist or, in the future, create a TickProof account.
  • Profile information — when accounts go live, this may include your name, display name, time zone, and password (we never see the password in plain text; it is stored as a salted hash).
  • Payments — if you take a paid plan in future, payment information is handled by our payment processor (currently planned: Stripe). We do not store full card numbers on our servers.
  • Support correspondence — anything you send us by email or other support channels.

Information from your connected trading accounts

When you connect a broker or prop firm account to TickProof (initially Tradovate, NinjaTrader® and others later), we access trade and account data via OAuth or equivalent authorisation. This may include:

  • Account identifiers, account type (live, evaluation, paper), and broker
  • Executed trades (instrument, entry/exit prices, timestamps, contract size, direction, commission, P&L)
  • Account balances and equity changes
  • Position and order information

We only access data you authorise us to access. You can disconnect your accounts at any time from your TickProof account settings — when you disconnect, we stop pulling new data immediately.

Information collected automatically

When you visit our website or use the Service we may automatically collect:

  • IP address and approximate geographic location
  • Device and browser information (user agent, operating system, screen size)
  • Pages visited, links clicked, time spent on the site
  • Referring website
  • Cookie identifiers (see Cookies below)

We use this information to operate, secure, and improve the Service. We do not use this information to build advertising profiles or sell to third-party advertisers.

Information from third parties

If you sign up for a connected service through a TickProof referral link (for example, a prop firm affiliate link), the third-party service may share confirmation that you signed up so we can be credited for the referral. This is typically limited to a referral ID — not your account details or trading activity at the third party.

How we use your information

We use the information we collect to:

  • Provide and operate the Service, including syncing your trade data, calculating analytics, and rendering verified shares
  • Send you the emails you have asked for (waitlist updates, product notifications, account notifications)
  • Respond to support requests and communicate with you about your account
  • Maintain the security of the Service and detect abuse, fraud, or unauthorised access
  • Improve and develop the Service — including understanding how features are used in aggregate
  • Comply with legal obligations and enforce our Terms and Conditions
  • Operate referral and affiliate relationships in a transparent and accurate way

We do not sell your personal information. We do not share your trade data with third-party advertisers or marketers.

Who we share your information with

We share personal information only with the following categories of recipient:

Service providers (data processors)

We use third parties to operate the Service. They process personal data on our behalf under written data-processing agreements, and only as instructed by us. Current and planned providers include:

ProviderPurposeLocation
Cloudflare, Inc.Website hosting, CDN, DDoS protectionUnited States / global
Beehiiv, Inc.Waitlist email delivery and list managementUnited States
Supabase Inc.Application database and authentication (planned)Various
Fly.ioApplication hosting (planned)Various
Amazon Web Services (SES)Transactional email delivery (planned)Various
Tradovate, LLC / NinjaTrader GroupBroker data access via authorised APIUnited States
Stripe, Inc.Payment processing (planned, when paid plans launch)United States

This list may change as we add or replace providers. We will update this policy when material changes occur.

Affiliate partners

Where you click an affiliate link to a proprietary trading firm (Apex Trader Funding, MyFundedFutures, Take Profit Trader, Bulenox, NinjaTrader, and others) and sign up, the firm may share a confirmation of the referral with us so we can be paid an affiliate commission. We do not receive your trading activity, balance, or personal details from the firm through this channel.

Legal and safety

We may share personal information if we believe in good faith that it is necessary to:

  • Comply with a legal obligation, court order, or lawful request from a public authority
  • Protect the rights, property, or safety of TickProof, our users, or others
  • Investigate or prevent suspected fraud, abuse, or violations of our Terms

Business transfers

If Centaurian OU is involved in a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred as part of that transaction. We will notify users before personal information is transferred and becomes subject to a different privacy policy.

International transfers

We are based in Estonia (European Union). Some of our service providers are based in or process data from the United States and other countries outside the European Economic Area (EEA).

Where we transfer personal data outside the EEA, we rely on appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where they exist
  • Other lawful transfer mechanisms

You can request a copy of the safeguards we rely on by emailing [email protected].

How long we keep your information

We keep personal information only as long as we need it for the purposes described in this policy, or as required by law. In practice:

  • Waitlist emails — until you unsubscribe, or until we close the waitlist (whichever is sooner), plus a short retention period for record-keeping.
  • Account data — for as long as your account is active. If you delete your account, we delete or anonymise associated personal data within 90 days, except where we are required to retain it for legal, accounting, or fraud-prevention reasons.
  • Trade data — kept while your account is active. Deleted with your account, or earlier on request.
  • Verified shares — public verification pages stay live for 90 days from creation, then expire automatically. You can delete a verified share at any time before that.
  • Support correspondence — kept for up to 2 years for service quality and audit purposes.
  • Aggregate, anonymised analytics — kept indefinitely.

Your rights

Depending on where you live, you have some or all of the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete information.
  • Erasure — ask us to delete your personal data (“right to be forgotten”).
  • Restriction — ask us to limit how we process your data.
  • Portability — ask us to provide your data in a structured, machine-readable format, or to transfer it to another controller where technically feasible.
  • Object — object to processing based on our legitimate interests, including marketing-related processing.
  • Withdraw consent — where we rely on consent, withdraw it at any time. Withdrawing consent does not affect the lawfulness of processing before withdrawal.
  • Lodge a complaint — with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee, or with the supervisory authority in your country of residence.

To exercise any of these rights, email [email protected]. We will respond within 30 days. We may need to verify your identity before acting on requests involving personal data.

Verified shares — public information

The verified-shares feature on TickProof lets you create a public web page that displays performance information drawn from your connected account(s). When you create a verified share:

  • The verification page is publicly accessible to anyone with the link or QR code
  • The page shows the trade data and summary metrics you have chosen to include
  • The page is labelled with the underlying account type (live, evaluation, or paper)
  • The page is automatically refreshed against your source account or expires after 90 days

You should only create verified shares from accounts and time windows you are comfortable sharing publicly. You can delete a verified share at any time, which removes the public page within 24 hours.

Cookies and similar technologies

We use a small number of cookies and similar technologies on tickproof.io. These fall into the following categories:

  • Strictly necessary — required to operate the site (e.g., session management, security). These do not need consent.
  • Functional — remember your preferences (e.g., theme, language). Set only with consent.
  • Analytics — help us understand how the site is used in aggregate. Set only with consent.

We do not use advertising or cross-site tracking cookies.

You can change your cookie preferences at any time via the cookie banner or your browser settings.

Security

We use industry-standard security measures to protect your personal information, including:

  • TLS encryption in transit
  • Encryption at rest for sensitive fields
  • Access controls and audit logging on our internal systems
  • Regular security reviews of our infrastructure and third-party providers

No system can be 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and (where required) you, in line with our legal obligations.

Children

The Service is not directed to children. You must be at least 18 years old (or the age of majority in your jurisdiction) to use the Service. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, email [email protected] and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page shows when the most recent changes took effect. If we make material changes, we will notify you by email (if you have given us your email) or by a prominent notice on the Service before the changes take effect.

Contact us

For privacy questions, data requests, or any other matter related to this policy:

Centaurian OU Sepapaja tn 6, 15551 Tallinn, Harju Maakond, Estonia
Email: [email protected]

If you are in the EU/EEA, you can also lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) at aki.ee.

Last updated: June 2026.