Privacy Policy

Market Software Limited

Last updated: 23.4.2026 Effective date: 1.1.2025

1. Introduction
This Privacy Policy explains how Market Software Limited ("Market Software", "we", "us", or "our") — a company incorporated and registered in Gibraltar with company number 121747 whose registered office is at Unit G02, Eurocity, Europort Avenue, GX11 1AA, Gibraltar — collects, uses, shares, and protects personal data in connection with the website located at marketsoftware.co (the "Website") and the services, datasets, APIs, and tools made available through it (the "Services").

This Privacy Policy applies to visitors to the Website, users of the Free Tier, subscribers of paid tiers (including the Pro Subscription), and any other person whose personal data we process in connection with the Services.

Market Software is the data controller for personal data processed in connection with the Services. You can contact us at info@marketsoftware.co for any question about this Privacy Policy.
1.1 Applicable Law
We process personal data in accordance with:

the Gibraltar General Data Protection Regulation ("Gibraltar GDPR") and the Data Protection Act 2004 (Gibraltar);
the EU General Data Protection Regulation (Regulation (EU) 2016/679, "EU GDPR"), where applicable to the processing of personal data of individuals located in the European Economic Area ("EEA");
the UK General Data Protection Regulation and the Data Protection Act 2018, where applicable to the processing of personal data of individuals located in the United Kingdom;
the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), where applicable to the processing of personal data of California residents; and
other data protection laws applicable to us.

References in this Privacy Policy to "personal data" have the meaning given in the Gibraltar GDPR and, where applicable, include "personal information" under the CCPA/CPRA.
1.2 Relationship to the Terms of Service
This Privacy Policy is incorporated into, and forms part of, our Terms of Service, available on the Website. Capitalised terms used but not defined in this Privacy Policy have the meaning given in the Terms of Service.

2. Personal Data We Collect
We collect personal data in three ways: (a) information you give us directly; (b) information we collect automatically when you use the Services; and (c) information we receive from third parties.
2.1 Information You Give Us Directly
When you register an Account, purchase a Subscription, contact us, or otherwise interact with the Services, you may provide us with:

(a) Identification and contact data — your name, email address, username, company name (if applicable), and job title;

(b) Account credentials — a password (stored in hashed form) and, where applicable, API keys (which we hash and store in a manner that does not allow us to recover them in plain form after issuance);

(c) Subscription and billing-related data — the fact that you have purchased a Subscription, the tier, the start and end dates, and a reference to the corresponding transaction at Creem (see Clause 5 on Creem as Merchant of Record; we do not collect or store payment card numbers, CVV codes, or bank account details);

(d) Communications data — the content of any message, email, support request, or other communication you send to us, together with the time and any metadata;

(e) Feedback — any survey response, feature request, bug report, or other feedback you voluntarily provide.
2.2 Information We Collect Automatically
When you visit the Website or use the Services, we automatically collect:

(a) Device and connection data — your IP address, browser type and version, operating system, screen resolution, device identifiers, language preferences, and referring URL;

(b) Usage data — pages viewed, features used, API endpoints called, request parameters (excluding any sensitive payload content), request timestamps, response codes, data volumes transferred, and session duration;

(d) Cookies and similar technologies — as described in Clause 8.
2.3 Information We Receive from Third Parties
We may receive personal data from:

(a) Creem, our Merchant of Record, including the fact that a transaction has been completed, the Subscription tier purchased, the billing country (for tax and fraud purposes), and an opaque customer reference (but not your payment card details);

(b) Analytics and security providers, as described in Clauses 3 and 6;

(d) Sanctions screening providers, where we are required to verify that you are not a Restricted Person (see Terms of Service, Clause 3.1).
2.4 What We Do Not Collect
We do not knowingly collect:

payment card numbers, CVV codes, or bank account numbers (these are handled exclusively by Creem and its payment partners);
special categories of personal data (such as data concerning health, religion, political opinion, or biometrics);
personal data of children under the age of 18 (the Services are not intended for, and are not offered to, minors; see Clause 12); or
private keys, seed phrases, or other wallet credentials (and we ask you never to share these with us).

3. How We Use Personal Data and Legal Bases
We process personal data for the following purposes and on the following legal bases under the Gibraltar GDPR, EU GDPR, and UK GDPR:

#
Purpose
Legal basis
(a)
To create and manage your Account, deliver the Services, provide API access, and enforce rate limits and usage quotas
Performance of a contract (Article 6(1)(b)) with you, or steps taken at your request prior to entering into a contract
(b)
To process subscriptions and coordinate with Creem as Merchant of Record
Performance of a contract (Article 6(1)(b))
(c)
To respond to your enquiries, provide customer and technical support, and manage our business relationship with you
Performance of a contract (Article 6(1)(b)) and, for general enquiries, our legitimate interest (Article 6(1)(f)) in operating our business
(d)
To ensure the security of the Services, including to detect, prevent, and investigate fraud, abuse, unauthorised access, scraping, bulk-downloading beyond quota, and breaches of our Terms of Service
Our legitimate interest (Article 6(1)(f)) in protecting the Services, our customers, and our business, and compliance with legal obligations (Article 6(1)(c))
(e)
To monitor, improve, and develop the Services, including troubleshooting, capacity planning, and analysing usage trends
Our legitimate interest (Article 6(1)(f)) in operating and improving our business
(f)
To comply with legal, regulatory, tax, and accounting obligations, including record-keeping, sanctions screening, and responding to lawful requests from authorities
Compliance with legal obligations (Article 6(1)(c))
(g)
To send service-related communications (such as security alerts, billing notices, updates to these documents, or information about your Subscription)
Performance of a contract (Article 6(1)(b)) and our legitimate interest (Article 6(1)(f)) in keeping you informed
(h)
To send marketing communications about products and features similar to those you have subscribed to
Our legitimate interest (Article 6(1)(f)) in promoting our business, subject to your right to object, or — where required by applicable law — your consent (Article 6(1)(a))
(i)
To establish, exercise, or defend legal claims
Our legitimate interest (Article 6(1)(f)) in protecting our legal rights, and compliance with legal obligations (Article 6(1)(c))

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your interests or fundamental rights. You can request further information about this assessment by contacting us.

4. How We Share Personal Data
We share personal data only as described below. We do not sell personal data, and we do not share personal data for cross-context behavioural advertising within the meaning of the CCPA/CPRA.
4.1 Service Providers (Processors)
We share personal data with carefully selected third-party service providers who process personal data on our behalf under a written data processing agreement. These include:

(a) Creem — Merchant of Record and payment processing; (b) Cloud and hosting providers — for storage, compute, and application hosting; (c) Email and communications providers — for transactional and service communications; (d) Analytics and monitoring providers — for usage analytics, error tracking, and performance monitoring; (e) Customer support tools — for managing support tickets and enquiries; (f) Security and fraud prevention providers — including sanctions screening, anti-abuse, and anti-bot services.

Before engaging a processor, we assess its security posture and require contractual safeguards consistent with applicable data protection law.
4.2 Creem as Merchant of Record
As described in our Terms of Service, Creem is the Merchant of Record for all paid Subscriptions and the legal seller of the Services to you. Creem is a separate data controller for the personal data it processes in connection with the payment transaction, including your payment method details, billing address, and transaction history. Creem's processing of your personal data is governed by Creem's own privacy policy, available on its website, which you should review carefully.

For the purposes of this Privacy Policy, Market Software receives from Creem only the minimum information necessary to grant you access to the Services (such as your email address, Subscription tier, billing country, and opaque transaction references).
4.3 Legal and Regulatory Disclosures
We may disclose personal data where we believe in good faith that disclosure is necessary to:

(a) comply with applicable law, regulation, court order, or lawful request of a governmental authority; (b) enforce our Terms of Service, including to investigate suspected breaches; (c) detect, prevent, or address fraud, security incidents, or technical issues; (d) protect the rights, property, or safety of Market Software, our users, or others.
4.4 Corporate Transactions
If Market Software is involved in a merger, acquisition, financing, reorganisation, insolvency, bankruptcy, receivership, or sale of all or a portion of its business or assets, personal data may be transferred to the successor entity, subject to the commitments in this Privacy Policy and applicable law.
4.5 With Your Consent
We may share personal data for any other purpose with your prior consent.
4.6 Aggregated and De-Identified Data
We may aggregate or de-identify personal data in a manner that does not reasonably permit re-identification of any individual, and we may use and share such aggregated or de-identified data for any lawful business purpose, including publishing usage statistics, benchmarking, and product development.

5. International Transfers of Personal Data
Market Software is based in Gibraltar. Our service providers may be located in the European Economic Area, the United Kingdom, the United States, or other jurisdictions.

Where we transfer personal data from Gibraltar, the EEA, or the United Kingdom to a country that has not been the subject of an adequacy decision by the relevant authority, we rely on appropriate safeguards under the Gibraltar GDPR, EU GDPR, and UK GDPR, which may include:

(a) the Standard Contractual Clauses approved by the European Commission, the UK Information Commissioner (including the International Data Transfer Agreement or the UK Addendum to the EU SCCs), or the Gibraltar Regulatory Authority;

(b) supplementary technical, organisational, and contractual measures where required following a transfer impact assessment; or

You may request a copy of the applicable safeguards by contacting info@marketsoftware.co. Copies may be redacted to protect commercial confidentiality.

6. Security
We implement technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to it. These measures include encryption in transit (TLS), encryption at rest for sensitive fields, access controls based on the principle of least privilege, multi-factor authentication for administrative access, logging and monitoring, regular security reviews, and vendor due diligence.

No system is completely secure, however, and we cannot guarantee the absolute security of personal data. You are responsible for keeping your Account credentials confidential and for notifying us immediately at info@marketsoftware.co of any suspected unauthorised use of your Account.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected individuals, we will notify the competent supervisory authority and, where required, affected individuals, in accordance with applicable law.

7. Retention
We retain personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law. In general:

(a) Account data — for the duration of your Account, plus up to twelve (12) months after closure for operational and dispute resolution purposes;

(b) Subscription and billing-related data — for the duration of the Subscription, plus the period required by applicable tax, accounting, and commercial law (typically six (6) to ten (10) years);

(c) Communications data — for up to twenty-four (24) months after the last communication, unless a longer period is required for the defence of legal claims;

(d) Log and security data — typically for up to thirteen (13) months;

(e) Analytics data — typically for up to twenty-six (26) months, often in aggregated or de-identified form;

(f) Marketing preferences and suppression lists — for as long as necessary to honour your preferences.

Where personal data is no longer needed, we will delete it or irreversibly anonymise it.

8. Cookies and Similar Technologies
The Website uses cookies and similar technologies (such as local storage, pixels, and SDKs) to operate and to analyse usage.
8.1 Categories of Cookies
(a) Strictly necessary cookies — required for basic functionality such as authentication, session management, security, load balancing, and remembering your cookie choices. These cookies are always used and do not require consent under applicable law.

(b) Functional cookies — remember your preferences and settings. Used where you consent (or, in some jurisdictions, as permitted without consent on the basis of legitimate interest).

(c) Analytics cookies — help us understand how the Website and Services are used, so that we can improve them. Used only where you consent (in jurisdictions where consent is required) or on the basis of legitimate interest (where permitted).

(d) Security cookies — used for fraud prevention, abuse detection, and anti-bot protection.
8.2 Managing Cookies
You can manage cookies via the cookie preferences tool available on the Website (where displayed) and via your browser settings. Blocking strictly necessary cookies may prevent parts of the Website from functioning. A current, more detailed list of cookies we use, including their names, purposes, and retention, is available in the cookie preferences tool.
8.3 Do Not Track
The Website does not currently respond to "Do Not Track" browser signals, as no common industry standard has emerged. We do, however, honour Global Privacy Control signals where required by applicable law.

9. Your Rights
Subject to applicable law and to the conditions and exceptions set out in that law, you have the following rights in relation to your personal data:

(a) Right of access — to obtain confirmation of whether we process your personal data and, if so, a copy of that data;

(b) Right to rectification — to have inaccurate or incomplete personal data corrected;

(d) Right to restriction of processing — to have the processing of your personal data restricted in certain circumstances;

(e) Right to data portability — to receive certain personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller;

(f) Right to object — to object to processing based on our legitimate interests (including for direct marketing, where you have an unconditional right to object);

(g) Right not to be subject to automated decision-making — we do not use personal data for decisions with legal or similarly significant effects that are based solely on automated processing;

(h) Right to withdraw consent — where processing is based on consent, you can withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal;

(i) Right to lodge a complaint — with a supervisory authority (see Clause 11).

To exercise any of these rights, contact us at info@marketsoftware.co. We may need to verify your identity before responding. We will respond within the time period required by applicable law (typically one month under the Gibraltar, EU, and UK GDPR, which may be extended by a further two months for complex or numerous requests). There is no fee for reasonable requests; we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive.
9.1 Additional Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the CCPA/CPRA, including:

(a) the right to know the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purpose, and the categories of third parties with whom we share it;

(b) the right to request deletion of personal information;

(d) the right to opt out of the "sale" or "sharing" of personal information and the right to limit the use and disclosure of sensitive personal information — we do not sell or share personal information for cross-context behavioural advertising, and we do not process sensitive personal information for purposes that would trigger the right to limit; and

(e) the right to non-discrimination for exercising your rights.

To exercise these rights, contact us at info@marketsoftware.co. You may designate an authorised agent to make a request on your behalf, in accordance with the CCPA/CPRA.
9.2 Additional Rights for Residents of Other US States
Residents of US states that have enacted comprehensive privacy laws (including, as applicable, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others) may have rights similar to those described in Clauses 9 and 9.1. To exercise such rights, contact us at info@marketsoftware.co.

10. Marketing Communications
Where permitted by applicable law, we may send you electronic marketing communications about the Services and related products and features. You can opt out of marketing communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at info@marketsoftware.co. Opting out of marketing communications does not affect service-related communications (such as billing notices, security alerts, or updates to legal documents), which you will continue to receive for as long as you have an Account or a Subscription.

11. Supervisory Authorities and Complaints
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes applicable data protection law.

(a) Gibraltar — the Gibraltar Regulatory Authority, 2nd Floor, Eurotowers 4, 1 Europort Road, Gibraltar, GX11 1AA. Website: www.gra.gi.

(b) European Economic Area — the supervisory authority of your country of residence, place of work, or place of the alleged infringement. A list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

(c) United Kingdom — the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Website: www.ico.org.uk.

We would, however, appreciate the opportunity to address any concern directly, and encourage you to contact us at info@marketsoftware.co in the first instance.

12. Children
The Services are intended for users who are at least 18 years old. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without verifiable parental consent, we will take steps to delete that data. If you believe we may have collected data from a child under 18, please contact us at info@marketsoftware.co.

13. Third-Party Websites and Applications
The Services may contain links to, or display content from, third-party websites, applications, or services. We are not responsible for the privacy practices of third parties. As noted in our Terms of Service, data originating from Market Software may also be displayed by third parties on their own websites and applications; such display is outside our control, and the privacy practices of those third parties are governed by their own privacy policies. We encourage you to review the privacy policy of any third party before providing them with personal data.

14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be posted on the Website with an updated "Last updated" date. If the changes are material, we will notify you by email or by prominent notice on the Website before the changes take effect, to the extent required by applicable law. Your continued use of the Services after the effective date of an update constitutes your acceptance of the updated Privacy Policy.

15. Contact
For any question, request, or concern about this Privacy Policy or our processing of personal data, please contact:

Market Software Limited Unit G02, Eurocity Europort Avenue GX11 1AA, Gibraltar

Email: info@marketsoftware.co

Privacy Policy

Subscribe to Our Newsletter