James

Privacy Policy

Last updated: 5 April 2025

1. Data Controller

Infinity Blocks Ltd, registered in Bulgaria, EU, is the data controller responsible for your personal data.

Contact: info@james.trading

2. Legal Basis for Processing (GDPR Art. 6)

We process your personal data on the following legal grounds:

  • Contractual Necessity — to provide the Platform services you signed up for (account management, credit system, analysis delivery)
  • Consent — for optional features such as marketing communications (you may withdraw consent at any time)
  • Legitimate Interest — for Platform security, fraud prevention, and service improvement, where our interest does not override your rights
  • Legal Obligation — where we are required to retain data by applicable law (e.g., financial records)

3. Information We Collect

Account data: Depending on your sign-in method, we collect your email address, display name, and profile picture. For Discord users, we also collect your Discord user ID and username. For Telegram users, your Telegram user ID.

Usage data: Credit transactions, analysis history, wallet lookups, ONYX AI conversation threads, and feature usage patterns.

Payment data: Payments are processed by a third-party payment provider. We store your customer ID and subscription status. We do not store credit card numbers, bank details, or other payment credentials — our payment provider handles all sensitive payment data directly.

Technical data: IP address, browser type, and access timestamps for security and rate-limiting purposes.

4. How We Use Your Information

  • Authenticate you and maintain your session
  • Manage your credit balance, subscriptions, and billing
  • Deliver AI-generated analyses and chat responses
  • Display your profile within the Platform
  • Send transactional emails (verification, password reset, payment receipts)
  • Enforce rate limits and prevent abuse
  • Generate aggregated, anonymised usage statistics for internal improvement

5. AI & Automated Processing

Our Platform uses AI models to generate technical analyses, news summaries, and chat responses. When you use these features:

  • Market data (ticker symbols, prices, chart data) is sent to our AI provider — no personal data is included in analysis requests
  • ONYX AI queries may include blockchain addresses you provide — these are publicly available on-chain data, not personal data
  • Your queries and AI responses are stored in your account for conversation history
  • Your data is not used for AI model training by us or our AI providers
  • No fully automated decisions that produce legal effects or significantly affect you are made by the Platform

6. Third-Party Processors

We work with trusted third-party service providers to operate the Platform. These include providers for:

  • Payment processing — email, name, and payment details
  • AI analysis — market data and blockchain addresses only (no personal data)
  • Blockchain data — wallet addresses (publicly available on-chain data)
  • Email delivery — email address and display name for transactional emails
  • Authentication — account identifiers from your chosen sign-in provider
  • Server hosting — EU-based infrastructure, encrypted at rest

All processors are contractually bound to protect your data and process it only on our instructions.

7. International Data Transfers

Our servers are hosted in the EU (Germany). Your data is primarily stored and processed within the EU.

Some third-party processors may process data in the United States. Where data is transferred outside the EU/EEA, it is protected by:

  • EU-U.S. Data Privacy Framework certification (where applicable)
  • Standard Contractual Clauses (SCCs) approved by the European Commission

8. Data Retention

We retain your data for the following periods:

  • Account data — for the duration of your active account, plus 30 days after deletion request
  • Credit transactions & financial records — 5 years (legal/tax obligation)
  • Analysis results & AI conversation history — for the duration of your active account
  • Server access logs — 12 months
  • Payment data — managed by our payment processor per their retention policy

When data is no longer needed, it is securely deleted or anonymised.

9. Cookies & Tracking

We use the following categories of cookies:

  • Essential — session authentication tokens (required for the Platform to function, cannot be disabled)
  • Functional — UI preferences such as sidebar state (stored locally, no data sent to servers)

We do not use analytics cookies, marketing cookies, or any third-party tracking scripts. We do not serve ads.

"Do Not Track" signals: Since we do not engage in cross-site tracking, we do not need to respond to DNT signals. Your privacy is respected by default.

10. Your Rights (GDPR)

As an EU data subject, you have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Data Portability — receive your data in a structured, machine-readable format
  • Restriction — request that we limit the processing of your data
  • Objection — object to processing based on legitimate interest, including profiling
  • Withdraw Consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact info@james.trading. We will respond within 30 days.

You also have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), the Bulgarian supervisory authority, or the supervisory authority of your EU member state of residence.

11. Data Breach Notification

In the event of a personal data breach that poses a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected users without undue delay via email, describing the nature of the breach, the likely consequences, and the measures taken

12. Children's Data

The Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18, we will delete it promptly.

13. Security

We implement appropriate technical and organisational measures to protect your data, including:

  • HTTPS encryption for all data in transit
  • Encrypted database storage on EU-hosted servers
  • Bcrypt password hashing
  • JWT-based session management with automatic expiry
  • Rate limiting and abuse prevention

14. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or an in-platform notification. Continued use of the Platform after changes are published constitutes acceptance of the updated policy.

15. Contact

For any privacy-related questions or to exercise your data rights, contact us at info@james.trading.

Infinity Blocks Ltd — Bulgaria, EU

Terms & ConditionsBack to login