Last updated: January 1, 2025
Allasso ("we," "us," or "our") is a financial technology company incorporated in Zurich, Switzerland. We operate the Allasso options analytics platform for commodity derivatives traders, accessible at aIIasso.com and through our API services.
This Privacy Policy explains how we collect, use, store, share, and protect personal data when you visit our website, register for an account, use the Allasso platform, or communicate with us. It also describes your rights under the General Data Protection Regulation (GDPR) and applicable Swiss data protection law (nDSG — the revised Federal Act on Data Protection, effective September 1, 2023).
By using our website or platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, you should discontinue use of our services and contact us at info@aIIasso.com to request account deletion.
We are committed to protecting the personal data of our users and treating it with the care and security it deserves. This policy was written to give you clear, specific information about our data practices — not to obscure them.
The data controller for personal data processed through aIIasso.com and the Allasso platform is:
Allasso
Zurich, Switzerland
Email: info@aIIasso.com
Contact: Felix Euler, Chief Executive Officer — felix@aIIasso.com
As data controller, we determine the purposes and means of processing your personal data. Where we engage third-party processors, we enter into data processing agreements that bind those processors to appropriate data protection standards consistent with GDPR Article 28.
We collect personal data through several channels depending on how you interact with Allasso. The categories of data we may collect include:
Account registration data: When you create an Allasso account, we collect your full name, business email address, company name, job title, country, and phone number. This data is necessary to create and maintain your account and to verify that you are a professional user of financial derivatives services.
Payment data: When you subscribe to a paid Allasso plan, we collect billing information including company name, billing address, VAT registration number (where applicable), and payment card details. Payment card data is processed by our payment processor Stripe, Inc., and we do not store raw card numbers on our own infrastructure. We retain billing records, invoice data, and subscription history for accounting and tax compliance purposes.
Communications data: When you contact us by email, through our contact form, or for customer support, we collect the content of your messages, your name, and your email address. If you participate in a product demonstration, we may collect notes from that meeting and any information you provide about your trading operation.
Configuration and preference data: When using the Allasso platform, you configure pricing models, set risk limit parameters, specify commodity groups and counterparty names, and create saved configurations. This configuration data is associated with your account and stored as part of your platform profile.
Usage data: When you access the Allasso platform or website, we automatically collect log data including your IP address, browser type and version, operating system, referring URL, pages visited, features accessed, actions performed within the platform, and session duration. This data is collected through our server logs and through analytics tools.
Device data: We collect information about the device you use to access Allasso, including device type, hardware model, screen resolution, and browser capabilities. This data helps us optimize the platform for different device types and diagnose compatibility issues.
Cookies and tracking technologies: We use cookies and similar technologies to maintain session state, remember user preferences, and analyze site usage. Please see our Cookie Policy at aIIasso.com/legal/cookies.html for a complete description of the cookies we use and your options for managing them.
The Allasso platform processes data about commodity derivatives positions, option structures, forward curves, volatility parameters, and risk metrics that users input or connect via API. This data relates to financial positions and trading activity. Where this data constitutes personal data (e.g., where it identifies a specific individual's trading activity), we process it under the lawful basis of contract performance and apply the same security standards as to other personal data.
We do not use your trading or position data for any purpose other than providing the Allasso service to you. We do not sell, share, or aggregate trading data across customers for any commercial purpose.
Under GDPR Article 6, we process personal data on the following lawful bases:
Contract performance (Article 6(1)(b)): Processing necessary to provide the Allasso platform and services you have subscribed to, including account management, platform access, customer support, and billing. Without this processing, we cannot provide the service.
Legitimate interests (Article 6(1)(f)): Processing for our legitimate business interests, including security monitoring and fraud prevention, improving the reliability and performance of the platform, aggregated analytics to understand how the platform is used (without identifying individual users), and communicating with you about service updates, security notices, and operational changes. We balance these interests against your privacy rights and only rely on legitimate interests where the processing is proportionate and does not override your fundamental rights.
Legal obligation (Article 6(1)(c)): Processing required to comply with applicable law, including financial record-keeping requirements, tax obligations, regulatory reporting requirements, and responses to lawful requests from competent authorities.
Consent (Article 6(1)(a)): Where we send you optional marketing communications or use non-essential analytics cookies, we rely on your consent. You may withdraw consent at any time by contacting us at info@aIIasso.com or using the cookie preference settings on our website.
We use the personal data we collect for the following purposes:
Providing the Allasso service: Creating and managing your account, authenticating your login sessions, providing access to the options analytics platform, processing your subscriptions, and delivering customer support. This is the primary purpose for which we collect most personal data.
Platform improvement and development: Analyzing aggregated usage patterns to understand which features are most used, where users encounter difficulties, and where platform performance can be improved. This analysis is performed on aggregated data and does not involve automated decision-making about individual users.
Security and fraud prevention: Monitoring for unusual access patterns, unauthorized access attempts, suspicious activity, and potential security incidents. We maintain security logs for 12 months to support incident investigation and forensic analysis where required.
Billing and financial administration: Processing subscription payments, issuing invoices, managing renewals and cancellations, and maintaining financial records as required by Swiss and applicable EU accounting standards.
Legal and regulatory compliance: Retaining records as required by law, responding to lawful requests from regulatory authorities, and cooperating with legal processes where required. Allasso operates in the financial services technology sector and is subject to applicable Swiss financial market regulations.
Marketing communications: Sending you information about Allasso product updates, new features, industry events, and insights articles, where you have opted in to receive such communications. We do not send marketing communications to users who have not opted in.
We do not sell your personal data to third parties. We share personal data with the following categories of recipients only to the extent necessary to operate the Allasso service:
Infrastructure providers: We host the Allasso platform on cloud infrastructure provided by Amazon Web Services (AWS). Your data is stored in AWS data centers located in the European Union (Frankfurt, eu-central-1). AWS processes data on our behalf under a data processing agreement that meets GDPR requirements.
Payment processor: Stripe, Inc. processes payment card transactions on our behalf. Stripe is PCI DSS Level 1 certified. When you enter payment details, they are transmitted directly to Stripe's servers using TLS encryption. We receive a tokenized payment reference from Stripe but do not receive or store your full card number.
Email services: We use transactional email services to deliver account notifications, invoices, and password reset emails. These providers process your name and email address on our behalf under data processing agreements.
Analytics: We use analytics tools to understand website and platform usage. Where these tools process personal data (e.g., IP addresses in server logs), we have configured them to anonymize data where technically feasible and have entered into data processing agreements.
Legal and professional advisers: In certain circumstances, we may share personal data with our lawyers, auditors, or other professional advisers who are bound by professional confidentiality obligations.
Law enforcement and regulatory authorities: We may disclose personal data to law enforcement agencies, courts, or regulatory bodies where required by law, subject to a valid legal process, or where we believe disclosure is necessary to prevent serious harm or illegal activity.
Allasso is based in Switzerland, and our primary data storage is in the EU (Frankfurt). Switzerland is recognized by the European Commission as providing adequate data protection under GDPR Article 45. Transfers of personal data between Switzerland and the EU therefore do not require additional safeguards under GDPR.
Where we use service providers based outside the EU or Switzerland (for example, where certain support or analytics services involve data processing in the United States), we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission under GDPR Article 46(2)(c), supplemented by appropriate technical and organizational measures where required following the CJEU judgment in Schrems II.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, subject to applicable legal retention requirements. Our retention periods are as follows:
Account data: Retained for the duration of your subscription plus 3 years following account closure, to handle post-termination disputes, requests, and legal claims. After this period, account data is deleted or anonymized.
Financial and billing records: Retained for 10 years following the date of the transaction, as required by Swiss accounting law (Obligationenrecht/Code of Obligations, Article 958f) and applicable VAT regulations.
Security and access logs: Retained for 12 months from collection date, then deleted. Extended retention (up to 5 years) applies only where a security incident has occurred and the logs are needed for investigation or legal proceedings.
Marketing communications data: Retained until you unsubscribe or withdraw consent, plus 6 months to process the opt-out and resolve any queries. After this period, we retain only a suppression record (email address and opt-out date) to ensure we do not re-add you to marketing lists.
Customer support communications: Retained for 3 years from the date of the support interaction, to support continuity of service and handle follow-up queries.
Cookies and tracking data: Session cookies expire at the end of your browser session. Persistent cookies have lifetimes as specified in our Cookie Policy. Analytics data is retained per our analytics provider's default retention settings, which we configure to a maximum of 14 months for detailed session data.
If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights regarding your personal data:
Right of access (Article 15): You may request a copy of the personal data we hold about you, together with information about how we process it. We will respond to access requests within 30 days.
Right to rectification (Article 16): You may request correction of inaccurate personal data. Users can correct most account data directly through the Allasso account settings. For other corrections, contact info@aIIasso.com.
Right to erasure (Article 17): You may request deletion of your personal data. We will comply except where retention is required by law (e.g., financial records) or where we have a legitimate basis for retention (e.g., pending legal claims). Deletion requests for active accounts will be processed following account closure.
Right to restriction (Article 18): You may request that we restrict the processing of your data while a rectification or objection request is being assessed.
Right to data portability (Article 20): You may request a copy of your personal data in a machine-readable format (JSON or CSV) for transfer to another service provider. This applies to data you provided to us directly and to data generated by your use of the platform.
Right to object (Article 21): You may object to processing based on our legitimate interests, including profiling. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests or rights.
Right to withdraw consent (Article 7(3)): Where processing is based on consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, contact us at info@aIIasso.com with the subject line "Data Rights Request." We may ask you to verify your identity before processing your request. There is no charge for exercising these rights. If you believe we have not complied with your rights, you have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) at fdpic.ch, or the supervisory authority in your EU member state.
We implement technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. Our security measures include:
All data transmitted between your browser or API client and Allasso servers is encrypted using TLS 1.2 or 1.3. Data stored in our database infrastructure is encrypted at rest using AES-256 encryption. Access to production systems and personal data is restricted to authorized Allasso personnel who require access for their job functions, and all access is logged. We perform regular penetration testing and security reviews of our infrastructure. We maintain an incident response procedure and will notify affected users and the relevant supervisory authority within 72 hours in the event of a data breach that poses a risk to your rights and freedoms, as required by GDPR Article 33.
Despite these measures, no data transmission or storage system is 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately at info@aIIasso.com.
We use cookies and similar tracking technologies to operate the Allasso website and platform, maintain session state, and analyze usage. Our Cookie Policy at aIIasso.com/legal/cookies.html describes all cookies we use, their purpose, and how you can manage your cookie preferences. You may withdraw consent to non-essential cookies at any time using the cookie preference panel accessible on our website.
The Allasso platform is intended for professional users of financial derivatives services. It is not directed to or intended for use by persons under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a person under 18 without appropriate verification, we will delete that data promptly. If you believe we have collected data from a minor, please contact us at info@aIIasso.com.
We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or platform features. When we make material changes, we will notify registered users by email to the address on file and post a notice on the Allasso website. The updated policy will be effective from the date indicated at the top of the document. We encourage you to review this policy periodically. Your continued use of the Allasso platform following notice of a material change constitutes acceptance of the updated policy.
For questions, concerns, or requests related to this Privacy Policy or our data practices, contact us at:
Allasso — Data Privacy
Zurich, Switzerland
Email: info@aIIasso.com
Data Protection Contact: Felix Euler — felix@aIIasso.com
We aim to respond to all privacy-related inquiries within 10 business days. For requests that require research or involve complex issues, we may take up to 30 days and will notify you of the extended timeline.