Privacy Policy for Capital Carrtel

Effective Date: July 16, 2025

Last Updated: July 16,2025

Section 1: Introduction and Scope of This Policy

1.1. Our Commitment to Your Privacy

Welcome to Capital Carrtel. Your privacy is a cornerstone of our operations, and we are steadfastly committed to protecting the personal data you entrust to us. This Privacy Policy, which may also be referred to as a “Privacy Notice,” provides a comprehensive and transparent overview of how Capital Carrtel collects, uses, protects, and discloses your information.

This document is designed to be accessible, clear, and written in plain language, in accordance with global data protection standards.¹ To ensure clarity, certain key terms are used throughout this policy:

Personal Data: Any information that relates to an identified or identifiable individual.
Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
Data Controller: The entity that determines the purposes and means of the processing of Personal Data. For the purposes of this policy, Capital Carrtel is the Data Controller.
Data Subject: The individual to whom the Personal Data relates (i.e., you).

By accessing or using our Services, you acknowledge that you have read and understood the terms outlined in this policy.

1.2. Who We Are and What This Policy Covers

Capital Carrtel (“we,” “our,” or “us”) operates a financial education and trading insight platform. We are the Data Controller responsible for your Personal Data under applicable data protection laws, including the General Data Protection Regulation (GDPR).³

This policy applies to all individuals who interact with our services, including visitors to our website (https://capitalcarrtel.com), subscribers to our products, and users of our educational platform (collectively, the “Services”).

Important Disclaimer: Capital Carrtel provides educational content and a platform for sharing trading insights for informational purposes only. We are not a registered financial advisor, broker-dealer, investment firm, or a fiduciary. The content and services we provide do not constitute financial advice, investment advice, or a recommendation to buy, sell, or hold any security or financial product. You should consult with a licensed financial professional before making any investment decisions. This policy governs our data practices and does not alter this fundamental aspect of our business.

1.3. Our Contact Information

For any questions, concerns, or requests related to this Privacy Policy or your Personal Data, please contact us. Providing clear and accessible contact information is a mandatory requirement under major privacy laws and a key component of our commitment to accountability.¹

Legal Entity: Capital Carrtel
Email for Privacy Inquiries: support@capitalcarrtel.com
Website: https://capitalcarrtel.com

We have appointed a designated privacy lead responsible for overseeing our data protection strategy and compliance. You may reach them through the email address provided above.

Section 2: The Personal Data We Collect and Our Methods of Collection

To provide and improve our Services, we collect Personal Data from various sources. Our collection practices are guided by the principle of data minimization, meaning we only collect data that is necessary for the specified purposes.⁷ This section fulfills the “Right to be Informed” under GDPR and the “Notice at Collection” requirement under the CCPA/CPRA by detailing the categories of data we collect and our methods.⁹

2.1. Information You Provide Directly to Us

When you interact with our Services, you may voluntarily provide us with the following categories of Personal Data:

Account and Profile Information: When you create an account, we collect your full name, email address, and a secure password. You may also choose to provide additional information in your user profile, such as user settings and preferences.¹³
Payment and Subscription Information: To process your subscription, we collect information necessary for billing, such as your billing address and transaction history. Please note that we do not directly collect or store your full credit card number. This information is securely transmitted to and processed by our third-party payment processors, Stripe and Whop.¹⁴
Communications with Us: We retain records and copies of your correspondence when you contact us for customer support, provide feedback, or make other inquiries. This includes emails, support ticket content, and survey responses.¹³
User-Generated Content (UGC): Our platform allows you to create and share content, such as trading insights, market analysis, strategies, and comments. It is important to distinguish the Personal Data associated with your content (e.g., your username, the timestamp of your post) from the intellectual property rights of the content itself. The protection of your Personal Data is governed by this Privacy Policy. The governance, licensing, and use of the content you submit are detailed in our Terms of Use, which should be read in conjunction with this policy. This distinction is critical for platforms that rely on user contributions, ensuring clarity on both privacy and intellectual property rights.¹⁶
Voluntarily Shared Information: You may choose to provide other information, such as social media handles, in your public profile or in communications with us.

2.2. Information We Collect Automatically (Usage and Technical Data)

As you navigate through and interact with our Services, we use automatic data collection technologies, such as cookies, to collect certain information about your equipment, browsing actions, and patterns ¹³:

Device and Connection Information: We collect your Internet Protocol (IP) address, device type, operating system, browser type and version, device identifiers (e.g., mobile advertising IDs), and general geographic location inferred from your IP address.¹⁵
Usage Data: We collect detailed information about your interactions with our Services. This includes the pages you visit, the features you use (e.g., which educational modules you access, which trading insights you view), the time and date of your visits, time spent on pages, clickstream data (the path you take through our site), and other performance metrics. This data is fundamental to our subscription analytics, allowing us to understand user engagement and improve the service.¹⁹
Session Replay and Interaction Data: To improve usability and troubleshoot issues, we may utilize third-party services that employ session-replay technologies. These tools record a video replay of your interactions with our website, including clicks, mouse movements, scrolling, and typing. This helps us understand how users interact with our platform and identify areas for improvement.¹³

2.3. Information We Receive from Third Parties

We may also receive Personal Data about you from other sources:

Payment Processors: Our payment processors (Stripe, Whop) provide us with information related to your subscription status, transaction confirmations, and limited payment details (such as the last four digits of your card and its expiration date) to help us manage your account and resolve billing issues.¹⁴
Analytics Providers: We use third-party analytics services, such as Google Analytics, which collect and process usage data on our behalf. This information is typically provided to us in an aggregated or pseudonymized form to help us analyze platform trends.²²
Social Media Platforms: If you choose to interact with our official pages on social media platforms or link your social media account to our Services, we may receive certain profile information from that service, subject to your privacy settings on that platform.

2.4. Inferences We May Draw

As required by regulations like the CCPA/CPRA, we must inform you that we may draw inferences from the Personal Data we collect.¹⁵ We may analyze your usage data and preferences to create a profile about your likely interests and characteristics. For example, based on the educational content you access or the trading strategies you save, we may infer your interest in specific market sectors (e.g., technology stocks, commodities) or trading styles (e.g., day trading, long-term investing). These inferences are used exclusively to personalize your experience, recommend relevant content and features, and improve our Services.

Section 3: How and Why We Use Your Personal Data (Our Purposes and Lawful Bases)

We are committed to processing your Personal Data lawfully, fairly, and transparently. Under GDPR, we are required to have a valid legal justification, known as a “lawful basis,” for each of our processing activities.³ This section outlines the purposes for which we process your Personal Data and the lawful bases we rely upon, in fulfillment of the principle of “Purpose Limitation”.⁴

The table below provides a clear and comprehensive summary of our data processing activities, as required by GDPR Article 13.¹ This format is designed to make it easy for you and for regulatory authorities to understand and audit our practices.

Table 1: Our Data Processing Activities and Lawful Bases

Purpose of Processing	Categories of Personal Data Used	Lawful Basis under GDPR
To Provide and Manage Your Account and Our Services (e.g., authenticate your access, deliver subscribed content, manage your subscription lifecycle).	Account and Profile Information, Payment and Subscription Information, Usage Data, User-Generated Content.	Performance of a Contract: Processing is necessary to fulfill our contractual obligations to you as a subscriber.
To Process Transactions Securely (e.g., process payments, send invoices and receipts, manage billing issues).	Payment and Subscription Information, Account and Profile Information.	Performance of a Contract: Necessary to process payments for the services you have purchased.
To Communicate with You (e.g., respond to your support requests, send essential service-related announcements, and provide administrative information).	Account and Profile Information, Communications with Us.	Performance of a Contract (for service-critical communications); Legitimate Interests (to provide effective customer support).
To Improve, Personalize, and Develop Our Services (e.g., analyze usage patterns, fix bugs, develop new features, and recommend relevant educational content).	Usage Data, Device and Connection Information, Inferences, Session Replay Data.	Legitimate Interests: We have a legitimate interest in enhancing our commercial service to improve user experience and business viability. This is balanced against your rights, and you have the right to object to this processing.
For Marketing and Promotional Communications (e.g., sending newsletters, information about new features, or special offers).	Account and Profile Information, Communications with Us, Inferences.	Consent: Where required by law (e.g., for new users in certain jurisdictions), we will rely on your explicit, opt-in consent. Legitimate Interests: For existing customers, we may send marketing communications about similar services, which we believe is a legitimate interest. You will always have a clear and easy way to opt-out (unsubscribe) from these communications.
To Ensure Security and Prevent Fraud (e.g., monitoring for suspicious activity, verifying user identity, protecting our platform from cyber threats).	Account and Profile Information, Device and Connection Information, Usage Data, Payment and Subscription Information.	Legitimate Interests: It is in our and our users’ legitimate interest to maintain a secure and trustworthy platform. Legal Obligation: In some cases, we are legally required to implement security measures.
To Comply with Legal and Regulatory Obligations (e.g., responding to lawful requests from authorities, maintaining records for tax purposes).	All relevant categories of Personal Data as required by the specific legal request or obligation.	Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.

While obtaining consent is a valid lawful basis, relying on it for core functions like service improvement can be impractical and lead to a degraded user experience. Therefore, for activities like analytics and security monitoring, we rely on “Legitimate Interests”.⁸ This legal basis requires a careful balancing act: our interest in improving our commercial platform is weighed against your individual rights and freedoms. We believe this balance is met because users who subscribe to a service have a reasonable expectation that it will be maintained, secured, and improved. Furthermore, we mitigate any potential impact by using pseudonymized or aggregated data where feasible and by providing you with the unequivocal

Right to Object to this processing, as detailed in Section 8.

Section 4: Cookies and Other Tracking Technologies

Our website and Services use cookies and similar tracking technologies to function effectively, enhance your experience, and gather analytics data. We are committed to transparency regarding these technologies, in line with the ePrivacy Directive and GDPR consent requirements.

4.1. What Are Cookies?

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They are widely used to “remember” you and your preferences, either for a single visit (using a “session cookie”) or for multiple repeat visits (using a “persistent cookie”).²² In addition to cookies, we may use other similar technologies like web beacons (also known as pixel tags) and local storage to achieve similar functions.¹³

4.2. How We Use Cookies

We categorize the cookies deployed on our Services to provide you with clear, granular control over your data. This approach is a best practice for building user-friendly and compliant cookie consent mechanisms.²⁵

The following table provides detailed information about the types of cookies we use, their purpose, and their duration. This level of detail is essential for obtaining informed consent from our users.

Table 2: Cookies Deployed on Our Services

Category	Example Cookie / Provider	Purpose	Duration
Strictly Necessary Cookies	`sessionid`, `csrftoken`	These cookies are essential for the operation of our Services. They enable core functionality such as user authentication (keeping you logged in), session management, and ensuring the security of our platform. You cannot opt out of these cookies as the website cannot function properly without them.²³	Session
	`__stripe_mid`, `__stripe_sid`	These cookies are set by our payment processor, Stripe, and are necessary for processing payments securely and for fraud detection and prevention.²²	Persistent (1 year)
Performance and Analytics Cookies	`_ga`, `_gid` (Google Analytics)	These cookies collect anonymous information about how visitors use our website, such as which pages are visited most often and if they receive error messages. This helps us improve how our Services work. All data is aggregated and anonymous.²²	Persistent (up to 2 years)
Functional Cookies	`user_preferences`, `wp-settings-{user_id}`	These cookies allow our website to remember choices you make (such as your username, language, or region) and provide enhanced, more personal features. For example, they can remember your display settings.²²	Persistent
Marketing and Advertising Cookies	`_fbp` (Meta/Facebook Pixel), `IDE` (Google Ads)	These cookies are used to track your activity across websites to deliver advertising that is more relevant to you and your interests. They may be set by us or by third-party advertising partners. They can also be used to measure the effectiveness of advertising campaigns.²³	Persistent

4.3. Your Choices and How to Manage Cookies

Upon your first visit to our website, you will be presented with a cookie consent banner that allows you to accept or reject the use of non-essential cookies (Performance, Functional, and Marketing). You can change your preferences at any time by accessing our cookie settings manager, typically found in the footer of our website.

In addition to our consent tool, you can control and manage cookies through your web browser settings. Most browsers allow you to view, manage, delete, and block cookies for a website. You can find instructions for managing cookies in popular browsers via their respective help pages.

Please be aware that if you choose to block or delete cookies, particularly Strictly Necessary cookies, some parts of our Services may become inaccessible or not function correctly.⁸

Section 5: Disclosure and Sharing of Personal Data

We do not sell your Personal Data for monetary compensation. However, we may share your Personal Data with certain third parties under specific circumstances to operate our business and provide our Services. This section details our data sharing practices in compliance with GDPR, CCPA/CPRA, and PIPEDA.

5.1. Our Data Sharing Principles

Our core principle is to limit data sharing to what is necessary. The CCPA/CPRA uses a broad definition of “sell” and “share,” which may include activities like sharing data with advertising partners for cross-context behavioral advertising.¹⁰ To the extent our use of marketing cookies constitutes a “sale” or “share” under this definition, you have the right to opt-out, as described in Section 8.

A critical distinction in data protection law exists between a “data processor” and a “data controller”.³

A processor is a third party that processes data on our behalf and under our strict instructions (e.g., our cloud hosting provider). We remain responsible for your data.
A controller is a third party that determines the purposes and means of processing for itself (e.g., our payment processor, once you provide your payment details to them).

We ensure that any processor we engage is bound by a Data Processing Agreement (DPA) that requires them to safeguard your data and adhere to data protection laws. For third parties acting as separate controllers, we encourage you to review their privacy policies.

5.2. Categories of Recipients

We may disclose your Personal Data to the following categories of third parties:

Service Providers (Data Processors): We engage third-party companies to perform services on our behalf. These include cloud infrastructure and hosting providers (e.g., Amazon Web Services), data analytics providers, customer support software providers, and email service providers. These service providers are contractually prohibited from using your Personal Data for any purpose other than to provide the services we have requested.⁴
Payment Processors (Data Controllers): We share necessary transaction information with our payment processors, Stripe and Whop, to facilitate your subscription payments. These entities act as independent data controllers for the payment information they process and are responsible for their own compliance with data protection laws. We do not have access to your full payment card information.¹⁴
Legal and Regulatory Authorities: We may be required to disclose your Personal Data in response to a subpoena, court order, or other lawful request from public authorities, including to meet national security or law enforcement requirements. We may also disclose data to protect our legal rights, property, or the safety of our users or others.¹⁵
In the Event of a Business Transaction: If Capital Carrtel is involved in a merger, acquisition, financing, reorganization, or sale of all or a portion of its assets, your Personal Data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your Personal Data, and the acquiring entity will be contractually bound to uphold the commitments made in this Privacy Policy.¹³
Advertising Partners: If you consent to marketing cookies, we may share certain technical data (such as cookie IDs, IP addresses, and device information) with third-party advertising networks to facilitate targeted advertising on other platforms. You have the right to opt-out of this sharing.

Section 6: Data Security and Retention

We take the security and longevity of your Personal Data seriously, implementing robust measures to protect it and retaining it only for as long as necessary.

6.1. Our Commitment to Data Security

We have implemented and maintain a comprehensive information security program with technical, administrative, and physical safeguards designed to protect your Personal Data from unauthorized access, use, disclosure, alteration, or destruction. Our approach is based on industry best practices and frameworks.³⁰ Our security measures include:

Technical Safeguards:
- Encryption: We use Transport Layer Security (TLS/SSL) to encrypt all data transmitted between your browser and our servers. Data stored on our servers (“at rest”) is also encrypted.
- Firewalls and Network Security: We utilize firewalls and other network security technologies to prevent unauthorized access to our systems.
- Secure Server Configuration: Our servers are configured according to security best practices to protect against known vulnerabilities.
Organizational Safeguards:
- Access Controls: Access to Personal Data is strictly limited to authorized personnel based on the principle of least privilege. Employees and contractors are only granted access to the data necessary to perform their job functions.³¹
- Employee Training: We provide regular data protection and security training to our employees to ensure they are aware of their responsibilities in protecting your data.
- Incident Response Plan: We have a plan in place to respond to any potential data breaches promptly and effectively, in line with regulatory requirements.³²

Disclaimer: While we are committed to implementing industry-standard security measures, it is important to recognize that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.

6.2. Our Data Retention Policy

Our data retention policies are designed to comply with the principle of Storage Limitation, ensuring that we do not keep your Personal Data for longer than is necessary for the purposes for which it was collected.⁸

General Principle: We retain your Personal Data only for the period required to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Active Subscriptions: We retain your account and profile data for as long as you maintain an active subscription with us, as this data is necessary to provide you with the Services.
Post-Subscription: Upon the cancellation or expiration of your subscription, we will retain certain Personal Data for a limited period. This retention is necessary for purposes such as complying with legal obligations (e.g., financial and tax records), resolving disputes, enforcing our agreements, and preventing fraud. This period will generally not exceed 12 months, unless a specific legal requirement mandates a longer period.
Deletion and Anonymization: After the applicable retention period has expired, we will securely delete or anonymize your Personal Data so that it can no longer be associated with you.
User Requests: The retention periods described above are subject to your right to request the deletion of your data, as detailed in Section 8. We will comply with such requests where legally permissible.

Section 7: International Data Transfers

As a global service, your Personal Data may be processed in countries outside of your country of residence. This section outlines how we ensure your data is protected when it is transferred across borders, a critical requirement under GDPR.³

7.1. Global Data Processing

Capital Carrtel is based in the United States. When you use our Services, your Personal Data will be collected, stored, and processed in the United States. Our service providers may also process data in other countries. These countries may have data protection laws that are different from the laws of your country.

7.2. Safeguards for International Transfers

For individuals located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, we are committed to ensuring that any transfer of your Personal Data to a country that has not been deemed to provide an adequate level of data protection by the relevant authorities is subject to appropriate safeguards.

To legitimize such transfers, we rely on the following mechanisms:

Standard Contractual Clauses (SCCs): We incorporate Standard Contractual Clauses, as approved by the European Commission and the UK’s Information Commissioner’s Office (ICO), into our agreements with third-party service providers and within our corporate group where applicable. These clauses contractually require the recipient of the data to protect it to a standard equivalent to that of the GDPR.³⁴
Transfer Impact Assessments (TIAs): In conjunction with SCCs, we conduct Transfer Impact Assessments to evaluate the laws and practices of the destination country. This assessment helps us verify that the SCCs can be complied with in practice and to implement any supplementary measures necessary to ensure your data remains protected.³⁵

By using our Services, you acknowledge the transfer, storage, and processing of your information in and to the United States and other countries as described in this policy.

Section 8: Your Data Protection Rights and Choices

We respect your right to control your Personal Data. This section provides a comprehensive guide to the data protection rights available to you under various global privacy laws, including GDPR, CCPA/CPRA, and PIPEDA, and explains how you can exercise them.⁵

8.1. How to Exercise Your Rights

To exercise any of the rights described below, please submit a verifiable request to us by emailing our privacy team at: support@capitalcarrtel.com.

For your protection and to ensure the security of your data, we may need to verify your identity before fulfilling your request. We will respond to your request within the timeframes mandated by applicable law, which is typically one month under GDPR and 45 days under CCPA.

8.2. Rights Applicable to All Users

Regardless of your location, we provide you with the following fundamental rights:

Right to Access and Correct: You have the right to access the Personal Data we hold about you and to request that we correct any information you believe is inaccurate or incomplete.
Right to Opt-Out of Marketing: You can unsubscribe from our marketing email list at any time by clicking the “unsubscribe” link located at the bottom of every email.

8.3. Your Rights if You Are in the European Economic Area (EEA) or the UK (under GDPR)

If you are a resident of the EEA or the UK, you have the following data subject rights under the GDPR ¹²:

The Right to be Informed: The right to receive clear, transparent, and easily understandable information about how we process your Personal Data. This Privacy Policy is our primary means of fulfilling this right.
The Right of Access: The right to obtain a copy of your Personal Data, along with other supplementary information.
The Right to Rectification: The right to have inaccurate Personal Data corrected or completed if it is incomplete.
The Right to Erasure (‘Right to be Forgotten’): The right to request the deletion or removal of your Personal Data where there is no compelling reason for us to keep using it. This is not an absolute right and may be subject to legal exceptions.
The Right to Restrict Processing: The right to ‘block’ or suppress further use of your Personal Data in certain circumstances.
The Right to Data Portability: The right to obtain and reuse your Personal Data for your own purposes across different services in a structured, commonly used, and machine-readable format.
The Right to Object: The right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing purposes.
Rights in Relation to Automated Decision-Making and Profiling: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects on you.

8.4. Your Rights if You Are a Resident of California (under CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA ¹⁰:

The Right to Know/Access: The right to request that we disclose the categories and specific pieces of Personal Data we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we have shared it.
The Right to Delete: The right to request the deletion of your Personal Data that we have collected, subject to certain exceptions (e.g., to complete a transaction or comply with a legal obligation).
The Right to Correct: The right to request that we correct inaccurate Personal Data that we maintain about you.
The Right to Opt-Out of Sale / Sharing: The right to direct us not to “sell” or “share” your Personal Data. As noted earlier, this may include sharing data with advertising partners for targeted advertising. You can exercise this right via the “Your Privacy Choices” link in our website footer or by enabling a Global Privacy Control (GPC) signal in your browser.
The Right to Limit Use and Disclosure of Sensitive Personal Information: The right to direct us to limit the use of your sensitive personal information to only that which is necessary to perform the services.
The Right to Non-Discrimination: The right not to be discriminated against for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide you a different level of quality of services for exercising your rights.

8.5. Your Rights if You Are a Resident of Canada (under PIPEDA)

If you are a resident of Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) provides you with the following rights ⁵:

Right of Access: You have the right to be informed of the existence, use, and disclosure of your personal information and to be given access to that information. You are also entitled to be informed of the purposes for which your data is collected and to which third parties it has been disclosed.
Right to Correction: You have the right to challenge the accuracy and completeness of your information and have it amended as appropriate.
Right to Challenge Compliance: You have the right to address a challenge concerning our compliance with the PIPEDA principles to our designated privacy lead.

Section 9: Children’s Privacy

Our Services are not intended for or directed at individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. This policy is in accordance with the Children’s Online Privacy Protection Act (COPPA) in the United States and similar regulations globally, such as the specific conditions for child consent under GDPR.³

If we become aware that we have inadvertently collected Personal Data from a child under the age of 18 without verifiable parental consent, we will take immediate steps to delete that information from our records. If you are a parent or guardian and you believe that your child has provided us with Personal Data, please contact us at support@capitalcarrtel.com so that we can take appropriate action.

Section 10: Policy Updates and Contact Information

10.1. Changes to This Privacy Policy

The digital landscape and privacy laws are constantly evolving. We may update this Privacy Policy from time to time to reflect changes in our data practices, technology, or for other operational, legal, or regulatory reasons.

When we make changes to this policy, we will post the updated version on our website and revise the “Last Updated” date at the top of this page. For any material changes, we will provide more prominent notice, such as by sending an email notification to our subscribers or by displaying a banner on our website. Your continued use of our Services after any such changes are posted will constitute your acknowledgment of the modified policy.

10.2. How to Contact Us and Lodge a Complaint

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us.

Data Controller: Capital Carrtel
Email: support@capitalcarrtel.com
Website: https://capitalcarrtel.com