Privacy Policy
Effective Date: March 1, 2026
Section 1. Introduction and Scope
This instrument constitutes the official Privacy Policy of TTA Capital Group (hereinafter referred to as "TTA," "The Trading Academy," "we," "us," or "our"). This policy governs the collection, processing, and safeguarding of personal data across the website join.thetradingacademy.com and its associated digital infrastructure, including our proprietary Discord community and the educational environment hosted on the Whop platform. We are unequivocally committed to protecting your privacy and ensuring the paramount security of your personal data. This Privacy Policy comprehensively details the categories of personal data we collect, the methodologies and purposes of its utilization, the external entities with whom such data may be shared, and the statutory rights vested in you concerning your data. The provisions set forth herein apply to all visitors, users, and clientele engaging with our website, platforms, and services. By executing access to our website or utilizing our services, you expressly acknowledge that you have read, comprehended, and agree to be bound by the terms of this Privacy Policy. Furthermore, this policy is expressly designed to ensure strict adherence to applicable, multi-jurisdictional data protection frameworks, notably including the General Data Protection Regulation (GDPR) and the Dubai International Financial Centre (DIFC) Data Protection Law No. 5 of 2020.
Section 2. Designation of the Data Controller
For the purposes of applicable data protection legislation, the principal entity acting in the capacity of the Data Controller, bearing ultimate responsibility for the processing of your personal data, is TTA Capital Group. The registered office of the Data Controller is situated at Dubai Silicon Oasis, Building A2, Dubai Digital Park, Dubai, UAE (IFZA Free Zone). All formal inquiries may be directed to our designated contact address at info@thetradingacademy.com.
Section 3. Categories of Personal Data Subject to Processing
Subject to the provisions herein, we may systematically collect, record, and organize multiple categories of personal data. The data you provide directly to us encompasses your full legal name, email address, telephone number, and account credentials, including the username and password explicitly created by you for access. Additionally, we process payment and billing information, which is concurrently processed by our authorized third-party payment providers. We also retain any informational submissions made via contact forms or customer support inquiries, as well as the substantive content of communications you transmit to us, such as emails, direct messages, and formal feedback.
In addition to data provided affirmatively, our systems automatically capture distinct data points during your interaction with our services. This automatically collected data includes your Internet Protocol (IP) address, browser typology and version, device classification, and operating system framework. We systematically record your digital footprint, including pages visited, temporal duration spent on respective pages, navigation patterns, the referring website or source, and the precise date and time of access. This automated data collection is facilitated through the deployment of cookies and analogous tracking technologies. Furthermore, we may receive personal data from authorized third parties, specifically payment confirmation data transmitted from processors such as Whop and Stripe, metric data from advertising platforms including the Meta Pixel and Google Analytics, and profile information retrieved from your Discord account upon your integration into our community.
Section 4. Purposes of Data Processing
Your personal data shall be processed exclusively for specified, explicit, and lawful purposes. The primary objective of such processing is the delivery of our services, specifically to grant you access to our digital courses, training materials, webinars, e-books, Discord community, and the educational environment hosted on Whop. Furthermore, data processing is indispensable for comprehensive account management, which entails the creation and administration of your user profile, the authentication of your identity, and the provision of requisite customer support. We utilize your data to facilitate payment processing for product acquisitions and subscription models via our third-party payment infrastructures. Processing is also executed for communication purposes, enabling us to transmit service-related notifications, structural updates concerning your account or subscription, and formal responses to your inquiries.
Contingent upon your explicit consent or our prevailing legitimate interests where statutorily permissible, we process your contact information to execute email marketing campaigns, delivering promotional communications, newsletters, trading insights, and solicitations regarding new products or services. Analytically, we process data to evaluate website utilization, optimize the user interface, and systematically improve our service offerings. We also deploy data to facilitate targeted advertising and quantitatively measure the efficacy of our marketing campaigns across external networks such as Meta and Google. Finally, data processing is mandated to ensure strict compliance with applicable laws, regulations, and legal obligations, as well as to proactively detect, mitigate, and prevent fraudulent activities, unauthorized system access, and corresponding security vulnerabilities.
Section 5. Lawful Bases for Processing
Pursuant to the stipulations set forth in the General Data Protection Regulation (GDPR) and the DIFC Data Protection Law No. 5 of 2020, the processing of your personal data is legally predicated upon distinct legal grounds. Foremost, processing is legally requisite for the performance of a contract to which you are a party, encompassing the delivery of access to our courses and the learning platform. In specific circumstances, our processing is predicated upon your explicit, informed consent, such as instances where you affirmatively opt-in to receive commercial marketing emails; this consent may be unilaterally withdrawn by you at any juncture. Processing is also executed under the doctrine of legitimate interest, serving our corporate objectives to refine our services, conduct necessary analytics, and prevent fraud, provided that such interests are not superseded by your fundamental constitutional rights and freedoms. Lastly, processing is conducted where it constitutes a legal obligation requisite for our compliance with binding statutory and regulatory requirements.
Section 6. Disclosure and Provision of Data to Third Parties
We expressly declare that we do not engage in the commercial sale of your personal data. However, to operationalize our business, we may disseminate or otherwise make your data available to specific categories of external recipients. This includes independent payment processors, such as Whop and Stripe, to facilitate the secure execution of financial transactions. We also share data with platform providers, namely Whop for the provision of the learning environment and Discord for community infrastructure, both of which govern data under their autonomous privacy frameworks. To execute commercial outreach, data is shared with email marketing providers, and to assess operational metrics, data is transmitted to analytics providers such as Google Analytics and Meta. We rely upon hosting and infrastructure providers to maintain website availability and execute secure data storage. Furthermore, data disclosure may be rendered obligatory to legal and regulatory authorities pursuant to lawful orders, statutory requirements, or legal proceedings. We may also disclose data to professional advisors, encompassing legal counsel, accountants, and auditors, as strictly necessary for our corporate governance. We may also share data with our SMS and messaging service providers for the purpose of delivering text messages you have consented to receive. Our SMS and messaging services are provided by Aircall and/or Close, which act as authorized data processors for message delivery purposes. All aforementioned third-party service providers are contractually bound to process your personal data in strict accordance with applicable data protection laws and solely for the explicit purposes prescribed by TTA Capital Group. Mobile phone numbers and SMS opt-in data will not be sold or shared with third parties or affiliates for marketing or promotional purposes. All other categories of data sharing described in this policy expressly exclude SMS opt-in information and mobile messaging consent records.
Section 7. Cross-Border Data Transfers
By virtue of our operational architecture, your personal data may be subject to cross-border transmission and processing in jurisdictions situated outside the European Economic Area (EEA) and the Dubai International Financial Centre (DIFC). This expressly includes data transfers to the United States, corresponding to the domiciles of essential service providers such as Discord, Stripe, and Google. In instances where such transnational data transfers occur, we are legally mandated to implement and maintain appropriate systemic safeguards. To satisfy both GDPR and DIFC compliance mandates, these safeguards include the execution of Standard Contractual Clauses as promulgated by the European Commission, the adoption of Standard Data Protection Clauses sanctioned by the DIFC Commissioner of Data Protection, or rigorous reliance upon the service provider's certified participation in legally recognized data transfer frameworks, such as the EU-U.S. Data Privacy Framework.
Section 8. Deployment of Tracking Technologies
The technical infrastructure of our website utilizes cookies and analogous tracking technologies designed to optimize your browsing experience, comprehensively analyze website traffic patterns, and facilitate the delivery of targeted commercial advertising. The taxonomy of cookies deployed includes essential cookies, which are strictly necessary for the fundamental operability of the website, including session management and cryptographic security. We also deploy analytics cookies, including those provided by Google Analytics, which allow us to empirically evaluate user interaction methodologies with our interface. Furthermore, marketing cookies, such as the Meta Pixel, are utilized to disseminate relevant advertising collateral and track subsequent campaign performance metrics. You retain the autonomous right to govern your cookie preferences via your respective browser settings or through any integrated cookie consent mechanism displayed upon our interface. You are hereby advised that the systematic disablement of specific cookies may materially impair the functionality and operability of the website.
Section 9. Data Retention Protocol
It is our explicit policy to retain your personal data strictly for a duration no longer than is empirically necessary to fulfill the original purposes for which it was aggregated, or as otherwise prescribed by statutory mandate. Specifically, data pertaining to your account and active subscriptions shall be retained for the entirety of the subscription lifecycle and for a subsequent period of up to 24 months post-termination, barring any legal obligations necessitating protracted retention. In accordance with applicable tax and accounting obligations, financial and payment records shall be preserved for a statutory duration of up to 7 years. Data utilized for marketing purposes shall remain in our custody until such time as you formalize a withdrawal of consent or initiate an opt-out procedure. Data allocated for analytical purposes is perpetually retained in an aggregated or comprehensively anonymized format and is thereby exempt from formal deletion requests. Upon the expiration of the requisite retention period, your personal data will be subjected to secure and irrevocable deletion or total anonymization.
Section 10. Comprehensive Data Subject Rights
Pursuant to the rights codified within the General Data Protection Regulation (GDPR) and the DIFC Data Protection Law No. 5 of 2020, you are vested with substantial, enforceable rights regarding your personal data. You retain the right of access, entitling you to request a formalized copy of the personal data in our custody. You possess the right to rectification, enabling you to compel the correction of data that is substantively inaccurate or incomplete. Subject to overriding legal retention obligations, you may exercise your right to erasure (the right to be forgotten), mandating the deletion of your personal data. You may invoke the right to restriction, requiring us to suspend the processing of your data under stipulated circumstances. You further possess the right to data portability, entitling you to receive your data in a structured, commonly utilized, and machine-readable format. You hold the absolute right to object to the processing of your data for direct marketing objectives or processing predicated upon legitimate interests.
In relation to automated frameworks, you have the right not to be subjected to decisions predicated solely upon automated processing—including digital profiling—that produce legal effects or similarly significant ramifications concerning you. Furthermore, you are guaranteed the right to nondiscrimination, ensuring you face no prejudice or alteration in service quality subsequent to the exercise of any of your data protection rights. In circumstances where processing relies upon your consent, you maintain the continuous right to withdraw said consent without prejudicing the lawfulness of processing that occurred prior to the withdrawal.
To formally invoke any of the aforementioned rights, a formal request must be transmitted to info@thetradingacademy.com, to which we are bound to issue a responsive determination within 30 calendar days. Should you find our administrative response unsatisfactory, you are legally entitled to lodge a formal grievance with the pertinent supervisory authority. For data subjects situated within the European Union, complaints shall be directed to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) via www.autoriteitpersoonsgegevens.nl. For data subjects subject to the jurisdiction of the DIFC, complaints shall be filed with the DIFC Commissioner of Data Protection (www.difc.ae).
Section 11. Security and Integrity of Data
We pledge the implementation of rigorous, enterprise-grade technical and organizational security measures engineered to safeguard your personal data against unauthorized access, malicious alteration, unlawful disclosure, or accidental destruction. Our security architecture incorporates encrypted data transmission protocols (SSL/TLS), highly secure internal storage mechanisms, strict logical access controls, and the execution of periodic, comprehensive security assessments. Notwithstanding the execution of these reasonable technical precautions, it must be acknowledged that no methodology of transmission over the Internet or electronic storage can be warranted as entirely infallible. Consequently, we are legally unable to provide an absolute guarantee regarding the inviolability of your data.
Section 12. Protection of Minors
Our digital services are strictly precluded from utilization by individuals under the legal age of majority, being 18 years. We do not knowingly or intentionally orchestrate the collection of personal data originating from minors. Should it come to our administrative attention that data has been collected from an individual under 18 years of age without requisite parental authorization, immediate and decisive measures shall be executed to permanently expunge such data from our systems. If you possess credible knowledge that a minor has submitted personal data to our platforms, you are instructed to notify our compliance team forthwith at info@thetradingacademy.com.
Section 13. External Platforms and Third-Party Links
The infrastructure of our website and associated platforms may inherently contain hyperlinks to external third-party websites and digital services, including but not limited to Whop, Discord, YouTube, and various social media conglomerates. We expressly disclaim any and all liability pertaining to the privacy protocols or data handling methodologies employed by such independent third entities. You are strongly admonished to undertake a thorough review of the respective privacy policies governed by these external entities prior to the dissemination of any personal data to them.
Section 14. Commercial Communications and Solicitations
Subject to your explicit consent, we reserve the right to transmit commercial marketing emails relating to our products, auxiliary services, proprietary trading insights, and updates concerning our digital community. To ensure compliance with anti-spam legislation, every commercial communication transmitted by our organization incorporates a functional unsubscribe mechanism, thereby affording you the unilateral right to opt out of further marketing communications at any time. You are hereby informed that the execution of an opt-out request strictly applies to marketing collateral and shall not preclude us from transmitting indispensable, service-related correspondence vital to the administration of your account or subscription lifecycle.
Section 15. SMS and Text Messaging
If you provide your mobile phone number and expressly consent, you may receive recurring SMS text messages from The Trading Academy relating to account notifications, customer care, appointment reminders, order updates, and/or marketing communications. Message frequency varies. Message and data rates may apply. You may opt out at any time by replying STOP to any message. For assistance, reply HELP or contact us at info@thetradingacademy.com.
Consent to receive SMS messages is not a condition of purchase. You may purchase any of our products or services without consenting to receive text messages.
We do not share mobile contact information with third parties or affiliates for marketing or promotional purposes. Information obtained through mobile opt-in mechanisms may be shared with subcontractors exclusively in support of service delivery functions, such as customer service operations. All other categories of data sharing expressly exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.
Mobile phone numbers and SMS opt-in data will not be sold or shared with third parties or affiliates for marketing or promotional purposes. All other categories of data sharing described in this policy expressly exclude SMS opt-in information and mobile messaging consent records.
Section 16. Amendments and Modifications to this Policy
We reserve the unilateral right to amend, modify, or wholly revise this Privacy Policy periodically to accurately reflect evolutionary changes in our operational practices, service architecture, or corresponding legislative mandates. Upon the enactment of any material modifications, the "Effective Date" prominently displayed at the commencement of this document shall be immediately updated, and where legally or practically requisite, we shall orchestrate supplementary notifications via email or via a conspicuous pronouncement upon our website interface. You are strongly encouraged to subject this Privacy Policy to periodic review to remain comprehensively informed regarding the mechanisms by which we safeguard your data.
Section 17. Contact Information and Data Protection Officer
Should you harbor any questions, concerns, formal disputes, or specific requests pertaining to the interpretation of this Privacy Policy, the administration of your personal data, or should you require direct communication with our designated Data Protection Officer, you are formally invited to contact us.