Privacy policy

Last updated: 13 May 2026

This policy explains what personal data we collect when you visit privategrade.io, why we collect it, who we share it with, and how to exercise your rights under the EU General Data Protection Regulation. It is kept in plain language deliberately.

Who we are

The controller of personal data processed via this site is Future Ready Consulting Kft. ("we", "us", "privategrade"), a company registered in Hungary.

• Registered office: 1117 Budapest, Váli utca 4. 4. em. 3. ajtó, Hungary
• Company number: 01-09-373306
• EU VAT: HU28770060
• Contact: info@privategrade.io

We have not appointed a Data Protection Officer because we are not required to under Article 37 GDPR. Use the contact email above for any data-protection question.

Personal data we collect

We collect personal data in four ways, each described below. The categories of data, the purposes of processing, the legal basis under Article 6 GDPR, and the retention period are listed for each.

1. Technical data when you visit the site

Our hosting provider (Cloudflare) records standard server-log information for every request to the site: IP address, browser user agent, the URL requested, the response status, and the approximate geographic region derived from the IP.

• Purpose: serving the site, security, abuse prevention, debugging
• Legal basis: legitimate interests (Article 6(1)(f) GDPR) — operating and securing a public website
• Retention: per Cloudflare's standard log retention (typically around 30 days)

2. Contact form submissions

When you submit the form on our contact page, we collect the name and email address you provide together with the topic you select and the body of your message. Submissions are processed on our behalf by Formspree, Inc., who forwards them to info@privategrade.io.

• Purpose: responding to your enquiry
• Legal basis: legitimate interests (Article 6(1)(f) GDPR) — answering reader contact; or performance of pre-contractual steps where you reach out about a possible commercial relationship (Article 6(1)(b))
• Retention: 12 months after the last message in the thread, unless the correspondence is part of a record we are required to keep for longer (for example, a correction logged on a review page)

3. Analytics (after you accept the consent banner)

Once our consent banner is live, you will be asked before any analytics scripts run. If you accept the "Analytics" category, we load Google Analytics 4. GA4 records anonymised information about how the site is used: pages visited, session duration, approximate country, referrer, device category. We do not connect GA4 data to your real identity.

• Purpose: understanding which content is useful and which is not, so we can improve coverage
• Legal basis: consent (Article 6(1)(a) GDPR), which you can withdraw at any time from the consent banner or the cookie policy
• Retention: 14 months in Google Analytics

4. Marketing measurement (after you accept the consent banner)

If you accept the "Marketing" category, we load Meta Pixel and use Meta's Conversions API. These record events such as page views and clicks on affiliate links so that, if you reached the site from a Meta ad, the ad's performance can be measured. Where you submit your email (for example, on the contact form), Meta receives a hashed version of it together with hashed IP and user agent so the event can be matched to the ad click.

• Purpose: measuring the effectiveness of advertising and building advertising audiences
• Legal basis: consent (Article 6(1)(a) GDPR), which you can withdraw at any time
• Retention: per Meta's published retention periods

Marketing measurement (category 4) is not yet wired into the site. It will be added in a future release; until then, only categories 1, 2, and (with your consent) 3 are in operation.

Who we share your data with

We share personal data only with the processors that operate the site on our behalf. We do not sell personal data, and we do not share it for advertising purposes outside the consent-gated processors listed above.

• Cloudflare, Inc. — static hosting and edge security. Privacy policy.
• Formspree, Inc. — contact form processing. Privacy policy.
• Google LLC — Google Analytics 4 (only after consent). Privacy policy.
• Meta Platforms Ireland Ltd. — Meta Pixel and Conversions API (only after consent). Privacy policy.

We may share personal data if compelled by a binding legal order from a competent authority, or where necessary to defend our legal rights.

International transfers

Several of the processors above are based outside the European Economic Area, primarily in the United States. Where personal data is transferred to a third country, we rely on the following safeguards:

• The EU-US Data Privacy Framework, where the processor is certified under it (Google, Meta)
• Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented as required

Formspree and Cloudflare both publish their SCC and transfer-mechanism details on their privacy pages linked above.

Cookies

The cookies and similar technologies we use are listed on our cookie policy page, together with their purpose, provider, and lifetime. Non-essential cookies are loaded only after you grant consent through the banner.

Your rights

Under GDPR Articles 15-22, you have the following rights regarding personal data we hold about you:

• The right of access — to a copy of the data we hold
• The right of rectification — to have inaccurate data corrected
• The right to erasure — to have your data deleted, where the legal basis no longer applies
• The right to restriction — to limit how we process your data while a dispute is resolved
• The right to portability — to receive your data in a machine-readable format
• The right to object — to processing based on legitimate interests
• The right to withdraw consent at any time, where consent is the legal basis

To exercise any of these rights, write to info@privategrade.io. We respond within 30 days of receiving a complete request.

You also have the right to lodge a complaint with a supervisory authority. The Hungarian supervisory authority is the Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH), 1055 Budapest, Falk Miksa utca 9-11., Hungary — naih.hu.

Children

privategrade.io is not directed at children under 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe a child has provided us with personal data, contact us and we will delete it.

Security

We rely on the security controls of our processors (TLS in transit, hardened cloud infrastructure, MFA on administrative accounts) and on the minimisation principle — we do not collect personal data we have no use for. No system is ever fully secure; we will notify affected users and the Hungarian supervisory authority of any personal data breach within the 72-hour window required by Article 33 GDPR.

Changes to this policy

We update this policy when our data practices change — most immediately, when the consent banner and the analytics and marketing tools described above go live. The date at the top of the page reflects the most recent change. Material changes will be flagged on the homepage for at least 30 days.

Contact

Data-protection questions and requests: info@privategrade.io. Controller: Future Ready Consulting Kft., 1117 Budapest, Váli utca 4. 4. em. 3. ajtó, Hungary.