Your data, on your terms.

Who we are

This website (wxywaves.com) and the RiskLogged desktop application are operated by WXYwaves (“we”, “us”, “our”). You can reach us at [email protected].

We are the “data controller” for the personal data described in this policy.

What we collect when you visit this website

When you browse wxywaves.com, our hosting provider records standard server logs — your IP address, the pages you requested, the time of the request, and the user agent your browser reports. These logs exist for security, abuse prevention, and basic site analytics. They are typically rotated within 30 days.

We use cookies and similar technologies to remember your cookie consent preferences and to run a small number of analytics measurements. Our cookie banner (powered by Complianz) gives you granular control before any non-essential cookie is set. You can change your preferences at any time from the cookie banner footer.

For details of every cookie used on this site, see our Cookie Policy.

What we collect when you join the waitlist

When you submit the RiskLogged waitlist form, we collect:

• The email address you provide.
• The timestamp of the submission and the page the form was on.

That is all. We do not ask for, and do not store, your name, address, phone number, broker details, or any trading information at this stage.

The form is built with WPForms. Submissions are delivered to [email protected] by email, and a backup copy is stored on WPForms’ Lite Connect service (operated by Awesome Motive, Inc.) so that we can restore submissions if email delivery fails. WPForms’ Lite Connect backups expire after twelve months. Their privacy policy is available at wpforms.com/privacy-policy.

What the RiskLogged desktop application stores

RiskLogged is a local-first desktop application. When installed on your computer, it stores all of its data in a single SQLite database file located at %USERPROFILE%\.risklogged\risklogged.db on Windows. This file contains:

• The trade history pulled from any MT5 accounts you connect.
• Your journal entries, notes, tags, and chart annotations.
• Your configuration settings for TradeGuard, Impulse Radar, and the other layers of the app.
• Encrypted copies of any MT5 credentials you choose to save for auto-sync. The encryption key is stored alongside the database on your machine.

This file never leaves your machine. RiskLogged does not upload your trade data, journal entries, or credentials to any cloud service operated by us or by a third party. There is no account login, no synchronization server, and no telemetry.

If you choose to send us a screenshot, log file, or database export for support purposes, you are sharing that information with us voluntarily. We treat anything you send to support as confidential, use it only to resolve your issue, and delete it once the issue is closed.

Legal bases for processing (GDPR)

Where the GDPR applies, we rely on the following lawful bases:

• Consent — for non-essential cookies and for emailing you about RiskLogged after you submit the waitlist form. You can withdraw consent at any time.
• Legitimate interests — for security logging and fraud prevention on the website, where these interests do not override your rights.
• Contract — for delivering the RiskLogged service once you become a paying subscriber. Subscription terms will reference this policy.
• Legal obligation — where we are required by law to retain certain records (for example, billing records for tax purposes once a paid subscription exists).

Who we share your data with

We only share personal data with the small set of service providers required to run the site and the waitlist:

• Hosting — Bluehost (a brand of Newfold Digital, Inc.) hosts wxywaves.com and processes server logs on our behalf.
• WPForms / Lite Connect — Awesome Motive, Inc. backs up waitlist submissions for restoration purposes.
• Email delivery — our outbound email passes through the SMTP infrastructure configured for the wxywaves.com domain.

Each of these providers acts as a “processor” under GDPR, handles data only on our written instructions, and has its own published privacy practices. We do not sell personal data, and we do not share it with advertisers or data brokers.

How long we keep data

• Server logs: typically rotated within 30 days.
• Waitlist email submissions: retained until you unsubscribe or ask us to delete them. The WPForms Lite Connect backup of any individual submission expires automatically after twelve months.
• Subscriber records (when you start a paid subscription): retained for the duration of your subscription, plus the period required by applicable tax and accounting law.
• Local RiskLogged data on your computer: retained for as long as you keep the application installed. We do not control this — it is on your machine.

Your rights

Under the GDPR (and equivalent laws in other jurisdictions), you have the right to:

• Access — request a copy of any personal data we hold about you.
• Rectification — ask us to correct inaccurate data.
• Erasure — ask us to delete your data (“right to be forgotten”), subject to lawful retention obligations.
• Restriction — ask us to stop processing your data in certain situations.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interests, or to direct marketing at any time.
• Withdraw consent — where we rely on consent, you can withdraw it without affecting the lawfulness of processing carried out before the withdrawal.
• Complain — lodge a complaint with your local data protection authority.

To exercise any of these rights, email [email protected]. We respond within thirty days. We do not charge a fee unless a request is manifestly unfounded or excessive.

International transfers

Some of the service providers listed in Section 6 are based in the United States. Where personal data is transferred outside the European Economic Area, we rely on the European Commission’s Standard Contractual Clauses (SCCs) and the supplementary measures published by those providers to ensure a level of protection essentially equivalent to that guaranteed within the EEA.

Children

RiskLogged is intended for adult traders. We do not knowingly collect personal data from anyone under sixteen. If you believe a child has provided us with personal data, contact us at [email protected] and we will delete it.

Security

We use HTTPS across the site, keep our hosting and software stack patched, and follow standard hardening practices. MT5 credentials stored inside the RiskLogged desktop application are encrypted at rest using a key stored locally on your machine.

Changes to this policy

If we make material changes — for example, adding a new processor, or changing how we use waitlist emails — we will update the effective date above and, where the change affects active users, contact you directly. Older versions are retained on file and available on request.

Contact us

Privacy questions, data-subject requests, or anything else:

Email: [email protected]
Operator: WXYwaves