This Privacy Policy explains how personal information is collected, used, stored, and disclosed by Nautech Systems Pty Ltd (ABN 88 609 589 237) (“Nautech Systems”, “we”, “us”, or “our”) in connection with NautilusTrader and our related websites, services, and accounts.

This Privacy Policy applies to visitors to NautilusTrader websites, users who create accounts or access portals operated by Nautech Systems, and communications with Nautech Systems (including email and support requests).

This policy does not apply to third-party exchanges, venues, brokers, platforms, or services not operated by Nautech Systems. Users should review the privacy policies of those third parties.

We collect personal information that is reasonably necessary for the operation, administration, and improvement of NautilusTrader and related services.

2.1 Information You Provide Directly
Depending on how you interact with us, this may include name, email address, account credentials, billing or payment-related details (where applicable), and information provided through support requests or communications. We do not require users to provide personal information to access or use the open-source NautilusTrader software itself.

2.2 Information Collected Automatically
When you visit our websites or access our services, we may automatically collect limited technical information such as IP address, browser type, device information, pages accessed, interaction data, and log or diagnostic information. This information is used for security, operational, and performance purposes.

We will take reasonable steps to notify you of the collection of your personal information at or before the time of collection, or as soon as practicable afterwards.

We collect and use your personal information to run our business and provide our services as set out below:

• to manage our relationship with you as a customer or supplier;
• to manage user accounts and provide access to services;
• to process and deliver our products and services;
• to communicate with users and handle inquiries and support requests;
• to process payments where applicable;
• to maintain system security;
• to improve and enhance our applications, platforms, services, documentation and tooling;
• to inform you about our products or services; and
• to comply with our legal and regulatory obligations.

For users located in the European Economic Area (EEA) or United Kingdom (UK), the legal bases for processing under the General Data Protection Regulation (GDPR) include: performance of a contract or steps taken prior to entering into a contract (such as account creation and service delivery); our legitimate interests in operating, securing, and improving our services, where those interests are not overridden by your rights; compliance with legal obligations; and your consent, where required (for example, in relation to certain cookies or direct marketing communications). Where processing is based on consent, you may withdraw it at any time by contacting us.

We use cookies or similar technologies to support essential functionality, security, and basic analytics. Cookies can maintain session state, improve site performance, and detect misuse or abuse. You may manage these technologies by adjusting your browser settings, using privacy-focused browser extensions or using our cookie preference settings. Blocking all cookies may affect website functionality and your user experience.

Additional information is detailed in our Cookie Policy.

We may disclose personal information to:

• service providers such as IT service providers, data storage providers, web hosting and service providers;
• professional advisers;
• our business partners or contractors;
• related entities, where access or processing is reasonably necessary for limited operational, administrative, security, or compliance purposes (for more information see our Disclosures policy);
• legal and regulatory bodies where required by law; and
• any other third parties you have authorised or as permitted by law.

We take reasonable technical and organizational measures to protect personal information against unauthorized access, misuse, loss, or disclosure. We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we securely destroy or de-identify it.

Your personal information may be accessed from or transferred to locations outside Australia in the following circumstances:

• when our service providers are located overseas;
• when we work with overseas business partners; and
• when using cloud-based services or data storage solutions.

Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information. Where transfers involve personal data of individuals in the EEA or UK, we rely on Standard Contractual Clauses or equivalent transfer mechanisms as required under the GDPR.

You may request access to or correction of your personal information. We aim to respond to valid requests within a reasonable period, generally within 30 days, subject to applicable legal requirements. If we refuse access or correction, we will provide written reasons.

You have the right to lodge a complaint about our handling of your personal information. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner: 1300 363 992.

If you are located in the EEA or UK, you may also have rights under the GDPR to request erasure of your personal data, restriction of processing, data portability, and to object to certain processing activities. To exercise any of these rights, contact us at privacy@nautechsystems.io. You may also lodge a complaint with your local data protection supervisory authority.

In the event of a data breach involving personal information, we will comply with applicable data breach notification obligations, including under the Australian Privacy Act (Notifiable Data Breaches scheme) and, where applicable, the GDPR. This may include notification to relevant authorities and affected individuals where required by law.

NautilusTrader may be used in conjunction with third-party services not operated or controlled by Nautech Systems. We are not responsible for the privacy practices of such third parties, and users should review their respective privacy policies.

This Privacy Policy may be updated from time to time. Updated versions will be published on our website. We recommend that you review our website regularly to stay current with any policy changes.

Questions regarding this document may be directed to privacy@nautechsystems.io.