Privacy Policy

Last Updated: January 2025

This Privacy Policy explains how oneninetynine labs ("we", "us", "our") collects, uses, and protects personal data when you use the Back2Mean platform ("Service").

We are committed to protecting your privacy and processing personal data in accordance with the General Data Protection Regulation (GDPR) and applicable laws.

1. Data Controller

The data controller responsible for processing your personal data is:

oneninetynine labs
Hanna-Kirchner-Strasse 24
64823 Gross-Umstadt
Germany

Email: legal@199labs.tech

2. Personal Data We Collect
2.1 Account & Profile Data

When you create an account, we collect:

• Email address

• Password (stored in encrypted form)

No additional profile data is required.

2.2 Trading & Usage Data

When you use the Service, we process:

• Trade execution events

• Selected risk profile (e.g. conservative, balanced, aggressive)

• Trade history metadata (no custody of funds)

We do not track signal views or clicks for analytics purposes.

2.3 Broker Integration Data

When you connect a brokerage account (e.g. Alpaca):

• Authorization is performed by the broker

• API credentials are stored only in encrypted form

• We receive and process:

• order status

• positions

• balances

This data is processed to provide the Service and may be stored as part of your trade history.

We do not store brokerage login credentials or hold client funds.

2.4 Subscription & Billing Data

Payments are handled by Paddle, which acts as Merchant of Record.

We do not store:

• credit card details

• payment method information

We store:

• subscription status

• plan type

Billing history is handled by Paddle under their Privacy Policy.

3. Analytics & Log Data
3.1 Server Logs

For security and operational purposes, we process:

• IP address

• date and time of access

• technical error information

Server logs are retained for 30 days.

3.2 Analytics

We use Google Analytics 4 (GA4) to understand how visitors use our platform. GA4 collects anonymous usage data to help us improve the user experience.

Data collected by GA4 includes:

• pages visited and navigation patterns

• engagement events (scroll depth, button clicks)

• conversion tracking (signup, checkout, purchase)

• device and browser information

Analytics data:

• is activated only after user consent

• is processed in aggregated and anonymized form

• is not used for marketing profiling

4. Cookies

We use cookies for the following purposes:

• Essential cookies
Required for authentication, session management, and security.

• Analytics cookies
Used only with user consent.

• Marketing cookies
Used for advertising measurement and optimization. We use Meta Pixel (Facebook/Instagram) to measure the effectiveness of our advertising campaigns. Marketing cookies are only activated after you give explicit consent.

You can manage cookie preferences through the cookie consent banner.

5. Emails & Communication

We send:

• transactional emails (account creation, password reset)

• onboarding and product-related emails

• optional marketing emails

Marketing emails:

• require opt-in during account setup

• include an unsubscribe link in every message

6. Data Hosting & Processing

Data is hosted on Railway, with servers located in the European Union.

We may share data with trusted processors only where necessary, including:

• Paddle (billing)

• Alpaca Markets (trade execution)

• Google LLC (Google Analytics 4) - analytics, only with consent

• Meta Platforms, Inc. (Meta Pixel) - advertising measurement, only with consent

All processors are contractually bound to GDPR-compliant data processing.

7. Data Retention

• Account data is retained until the user deletes their account

• Server logs are retained for 30 days

• Subscription data is retained as required for contractual and legal purposes

8. User Rights (GDPR)

You have the right to:

• access your personal data

• correct inaccurate data

• request deletion of your data

• request data portability

• withdraw consent at any time

To exercise these rights, contact us at:

legal@199labs.tech

9. International Users

Back2Mean is available to users outside the European Union.

All personal data is processed in accordance with GDPR standards, regardless of user location.

10. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• encryption

• access controls

• encrypted credential storage

However, no system is completely secure, and absolute security cannot be guaranteed.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated via the Service or by email. Continued use of Back2Mean constitutes acceptance of the updated Privacy Policy.

12. Contact

If you have questions about this Privacy Policy or how we handle personal data, contact:

Email: legal@199labs.tech

Questions? Contact us