Privacy Policy

01 Introduction

Mueasa Ltd ("Mueasa", "we", "us", or "our") is the data controller responsible for the personal data processed through the website mueasa.com and the Mueasa financial analytics platform. We are a company registered in England and Wales, with our registered office located at 71 Queen Victoria Street, London, EC4V 4AY, United Kingdom.

This Privacy Policy applies to all visitors, registered users, and subscribers of our website and platform services. It describes the categories of personal data we collect, the purposes for which we process that data, the legal grounds we rely upon, and the choices and rights available to you regarding your personal information.

We take our responsibilities under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR) seriously. Where our services are used by individuals in the European Economic Area, we also comply with the EU General Data Protection Regulation (EU GDPR). Our goal is to process only the data we genuinely need, to keep it secure, and to be transparent about everything we do with it.

By accessing our website or using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, we ask that you refrain from using our website and services.

02 What Data We Collect

We collect several types of personal data depending on how you interact with our website and platform. Below is a detailed breakdown of the categories of data we may process:

Account and Identity Data

When you create an account or subscribe to our services, we collect your full name, email address, and the password you choose (stored in hashed form). If you subscribe to a paid plan, we also collect your billing address and payment card details, though payment card information is processed directly by our payment processor (Stripe) and is never stored on our servers.

Contact Data

When you reach out to us through our contact form, email, or telephone, we collect the information you provide, including your name, email address, phone number (if supplied), and the content of your message. If you subscribe to our newsletter, we collect the email address you provide for that purpose.

Technical and Usage Data

When you visit our website, our servers and analytics tools automatically collect certain technical information. This includes your Internet Protocol (IP) address, browser type and version, operating system, device type and screen resolution, time zone setting, referring URL, pages visited on our site, time spent on each page, click patterns, and the date and time of your visit. We also collect data on how you interact with specific features of our platform, such as which tools you use, how frequently you access certain dashboards, and your preferred settings.

Cookie Data

We use cookies and similar tracking technologies to collect data about your browsing behavior on our website. The types of cookies we use and their purposes are described in detail in the Cookies section of this policy below.

Financial Platform Data

If you use our portfolio tracking features and choose to link external brokerage or financial accounts, we receive read-only access to your account holdings, transaction history, and balance information through secure API connections provided by third-party aggregation services. We do not have the ability to execute trades or transfer funds from your linked accounts. This data is used exclusively to provide you with portfolio analytics and related services within the Mueasa platform.

03 How We Collect Data

We collect personal data through the following methods:

Direct interactions: You provide data directly when you create an account, fill out a contact form, subscribe to our newsletter, submit a support request, or communicate with us via email or telephone.
Automated technologies: As you navigate our website, we automatically collect technical and usage data through cookies, server logs, and analytics tools. We use Google Analytics (with IP anonymization enabled) to understand overall traffic patterns and user behavior on our site. If you have given consent for marketing cookies, we may also use the Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram.
Third-party integrations: When you choose to link external financial accounts through our platform, we receive data from third-party account aggregation providers who act as intermediaries between your financial institution and our platform. These connections are initiated only at your explicit request and can be revoked by you at any time.
Payment processors: Our payment processor, Stripe, collects and processes your payment card details on our behalf. Stripe is certified as a PCI Level 1 Service Provider, the most rigorous level of certification in the payment industry. We receive only a truncated version of your card number (last four digits) and your billing address from Stripe.

04 Legal Basis for Processing

Under the UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal grounds, depending on the specific processing activity:

Contract Performance (Article 6(1)(b))

We process your account data, billing data, and financial platform data as necessary to provide you with the services you have subscribed to. Without this data, we cannot create your account, deliver platform features, or manage your subscription.

Consent (Article 6(1)(a))

We rely on your consent for sending marketing emails and newsletters, placing non-essential cookies (analytics and marketing cookies), and processing data through the Meta Pixel. You can withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

Legitimate Interest (Article 6(1)(f))

We rely on our legitimate interests to process technical and usage data for improving our website performance and user experience, ensuring the security of our platform, responding to your inquiries and support requests, and conducting internal analytics to understand how our services are used. We have performed a balancing test for each of these activities to confirm that our interests do not override your fundamental rights and freedoms.

Legal Obligation (Article 6(1)(c))

We may process certain data to comply with legal obligations, such as maintaining financial records for tax purposes or responding to lawful requests from regulatory authorities.

05 How We Use Your Data

We use the personal data we collect for the following specific purposes:

Service delivery: To create and manage your account, provide access to portfolio analytics, market screening tools, risk assessment features, and other platform functionality you have subscribed to.
Communication: To respond to your inquiries, send account-related notifications (such as subscription confirmations, billing receipts, and security alerts), and provide customer support.
Marketing: To send you our weekly newsletter and occasional product updates, but only if you have explicitly opted in to receive marketing communications. Every marketing email includes a clear unsubscribe link.
Analytics and improvement: To understand how visitors use our website and platform, identify areas for improvement, test new features, and optimize the user experience. Analytics data is aggregated and anonymized wherever possible.
Security: To detect and prevent fraud, unauthorized access, and other malicious activity on our platform. This includes monitoring login patterns, flagging unusual account behavior, and maintaining audit logs.
Legal compliance: To fulfill our obligations under applicable laws and regulations, including financial reporting requirements, tax obligations, and responses to valid legal process.

We do not use your personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on you. Our platform provides analytical tools and data to support your own decision-making, but all investment decisions remain entirely yours.

06 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Below are the specific retention periods we apply to each category of data:

Data Category	Retention Period
Account data	Duration of account + 12 months after deletion
Billing and transaction records	7 years (UK tax and accounting requirements)
Contact form submissions	2 years from the date of submission
Newsletter subscription data	Until you unsubscribe + 30 days
Analytics and usage data	26 months (anonymized after this period)
Server logs	90 days
Cookie data	Up to 13 months (varies by cookie type)
Linked financial account data	Until you disconnect the account + 30 days

When the retention period for a particular category of data expires, we securely delete or anonymize the data so that it can no longer be associated with you. In some cases, we may retain anonymized, aggregated data indefinitely for statistical and research purposes, as this data cannot be used to identify any individual.

07 Data Sharing

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We share your data only with the following categories of recipients, and only to the extent necessary for the specified purposes:

Hosting and infrastructure providers: Our website and platform are hosted on cloud infrastructure provided by Amazon Web Services (AWS), with data centers located in the European Union (Frankfurt, Germany). AWS processes data on our behalf under a Data Processing Agreement that includes Standard Contractual Clauses.
Payment processor: Stripe processes payment transactions on our behalf. Stripe receives your billing details and payment card information directly and is subject to PCI DSS Level 1 compliance requirements. Stripe's privacy policy governs their handling of your payment data.
Analytics providers: Google Analytics receives anonymized usage and traffic data from our website. We have enabled IP anonymization so that your full IP address is never transmitted to Google. We have a Data Processing Agreement in place with Google.
Financial data aggregation services: If you choose to link external financial accounts, third-party aggregation providers facilitate the secure, read-only connection between your financial institution and our platform. These providers are contractually obligated to process your data only as instructed by us and in compliance with applicable data protection laws.
Email service provider: We use a third-party email service provider to deliver newsletters and account-related notifications. This provider receives only the email addresses and names necessary to send these communications.
Professional advisors: We may share data with our legal counsel, accountants, or auditors when necessary for legal, tax, or regulatory compliance purposes. These advisors are bound by professional obligations of confidentiality.
Law enforcement and regulators: We may disclose your data if required to do so by law, regulation, legal process, or enforceable government request. We will notify you of such disclosure unless we are legally prohibited from doing so.

All third-party service providers who process data on our behalf are bound by Data Processing Agreements that require them to implement appropriate technical and organizational security measures, process data only in accordance with our instructions, and delete or return data upon termination of the service agreement.

08 International Transfers

Our primary data storage is within the European Union. However, some of our third-party service providers may process data outside the EEA or the United Kingdom. When personal data is transferred to a country that has not been deemed to provide an adequate level of data protection by the UK Government or the European Commission, we ensure that appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses, supplemented by additional technical and organizational measures, for transfers to countries without an adequacy decision. This applies to transfers to our analytics and email service providers.
Adequacy decisions: Where a country has received an adequacy decision from the UK Government or the European Commission, we rely on that decision as the legal basis for the transfer.
UK International Data Transfer Agreement (IDTA): For transfers originating from the UK, we use the UK IDTA or the UK Addendum to the EU SCCs as required under UK data protection law.

You may request a copy of the safeguards we have put in place for international data transfers by contacting us at the details provided below.

09 Your Rights

Under the UK GDPR and EU GDPR (Articles 15 through 22), you have the following rights in relation to your personal data:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will provide this information within 30 days of receiving your verified request.

Right to Rectification (Article 16)

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you. You can also update most of your account information directly through your account settings.

Right to Erasure (Article 17)

You have the right to request that we delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when there is no other legal basis for continued processing. Certain data may be retained if we have a legal obligation to do so.

Right to Restrict Processing (Article 18)

You have the right to request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you do not want the data to be erased.

Right to Data Portability (Article 20)

You have the right to receive the personal data you provided to us in a structured, commonly used, machine-readable format (such as CSV or JSON), and to transmit that data to another controller without hindrance.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop processing your data for that purpose immediately.

Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before you withdrew consent.

How to exercise your rights: You can submit a request by emailing us at [email protected]. We may need to verify your identity before processing your request. We will respond to all valid requests within 30 days. If your request is complex or we receive a large number of requests, we may extend this period by an additional 60 days, in which case we will inform you of the extension and the reasons for it.

Right to lodge a complaint: If you believe that our processing of your personal data violates your rights under data protection law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection matters. The ICO can be contacted at ico.org.uk or by telephone at 0303 123 1113. If you are located in the EEA, you may also contact your local data protection authority.

10 Cookies

Cookies are small text files that are placed on your device when you visit our website. We use cookies for several purposes, categorized as follows:

Essential Cookies

These cookies are strictly necessary for the operation of our website and platform. They enable core functionality such as page navigation, access to secure areas of the site, and remembering your cookie consent preference. Essential cookies do not require your consent, as the website cannot function properly without them. These cookies are session-based or expire within 12 months.

Analytics Cookies

We use Google Analytics to collect anonymized data about how visitors interact with our website, including pages visited, time spent on each page, and traffic sources. These cookies help us understand usage patterns so we can improve the website experience. Analytics cookies are placed only if you have given your consent through our cookie banner. These cookies have a maximum duration of 13 months. Google Analytics is configured with IP anonymization, meaning your full IP address is never stored by Google.

Marketing Cookies

If you consent, we may place the Meta Pixel on our website to measure the effectiveness of advertising campaigns we run on Facebook and Instagram. This cookie collects data about your visit, such as pages viewed and actions taken, which is shared with Meta Platforms in hashed or aggregated form. Marketing cookies are placed only with your explicit consent and have a maximum duration of 13 months.

Managing Your Cookie Preferences

When you first visit our website, you will see a cookie consent banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time by clearing your browser cookies and revisiting the site, which will trigger the consent banner to appear again. You can also configure your browser settings to block or delete cookies, though this may affect the functionality of certain features on our website.

Most web browsers allow you to manage cookies through their settings. Refer to your browser's help documentation for instructions on how to block, delete, or manage cookies. Please note that disabling essential cookies will prevent you from using certain parts of our website.

11 Children's Privacy

Our website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have inadvertently collected personal data from a child under 16, we will take immediate steps to delete that data from our systems. If you believe that a child under 16 has provided us with personal data, please contact us at [email protected] so we can investigate and take appropriate action.

In addition, our financial analytics services require users to be at least 18 years of age, as access to investment-related tools and data is intended for adults who are legally able to make financial decisions in their jurisdiction.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date at the top of the page. For significant changes that materially affect how we process your personal data, we will also notify registered users via email at least 14 days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data. Your continued use of our website and services after the effective date of an updated policy constitutes your acceptance of the revised terms. If you do not agree with any changes, you should discontinue use of our services and contact us to request deletion of your data.

13 Contact Details

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your personal information, please contact us using the details below:

Data Controller

Mueasa Ltd

Registered Address

71 Queen Victoria Street, London, EC4V 4AY, United Kingdom

Privacy Contact Email

[email protected]

General Contact Email

[email protected]

Telephone

+44 20 7183 4500

Supervisory Authority

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk | Telephone: 0303 123 1113