Version: 1.1
Effective date: March 26, 2026
This Privacy Policy explains how NextBatch B.V. ("NextBatch", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our websites, software products, online services, and related platforms (collectively, the "Services"). NextBatch is the data controller for the processing activities described in this policy.
This policy applies to all users of our Services, including visitors, customers, trial users, and affiliates.
Company & Contact. NextBatch B.V., De Nieuwe Erven 3 Unit 14014, 5431NV Cuijk, KvK 99510456, VAT NL869020626B01, [email protected].
We collect the minimum data necessary to provide, secure, and improve our Services. The categories below describe what we may collect depending on how you interact with us.
1.1 Account & License Data. Email address, name (if provided), user/account ID, order/transaction ID, license key(s), product/edition purchased, and subscription status.
1.2 License Server Data. MT5 account number(s), demo/live account flag (as reported by the platform), activation timestamps, number of activations, product/version identifiers, and IP address at activation. We do not store MT5 passwords.
1.3 Purchase & Billing Data. If you purchase through a Merchant of Record (MoR) or third-party marketplace, the MoR collects and processes your payment details (credit card, billing address, tax information) under its own privacy policy. We receive only the data necessary to fulfill your order: email, order ID, product purchased, and transaction reference. We do not process or store your payment card details.
1.4 Support Data. When you contact support, we collect your email address, the content of your messages, any attachments you provide, and metadata such as timestamps. If you contact us via Discord or Telegram, your username and message content on those platforms are visible to us.
1.5 Website & Technical Data. When you visit our websites or use our online services, we may collect: IP address, browser type and version, operating system, referring URL, pages visited, and timestamps. This data is collected through server logs. We use cookieless, privacy-focused analytics that do not track individual users, do not use cookies, and only produce anonymous, aggregated statistics (see Section 3.2).
1.6 Online Services Data (SaaS, Web Portals, APIs). If you use our online services (when available), we may additionally collect: user identifiers and profile data provided by our third-party authentication provider (such as user ID, email address, name, and profile picture), session tokens, usage logs, API call metadata, preferences, and configuration data necessary to provide the service. We do not store passwords; authentication is handled entirely by our external identity provider (see Section 4.5).
1.7 Communication Data. If you subscribe to updates or notifications (e.g., via email or Telegram), we collect the contact details necessary to deliver those communications.
We process your personal data for the following purposes:
2.1 Contract Performance (Art. 6(1)(b) GDPR).
2.2 Legitimate Interests (Art. 6(1)(f) GDPR).
2.3 Legal Obligations (Art. 6(1)(c) GDPR).
2.4 Consent (Art. 6(1)(a) GDPR). Where we send marketing communications or use non-essential cookies, we do so only with your prior consent. You can withdraw consent at any time (see Section 8). Our website analytics do not require consent as they are cookieless and do not process personal data (see Section 3.2).
3.1 Functional Cookies Only. Our websites use only strictly necessary/functional cookies required for the operation of the service (e.g., session management, authentication). These do not require consent under applicable law. We do not use advertising, marketing, or third-party tracking cookies.
3.2 Website Analytics. We use a self-hosted, privacy-focused analytics tool to collect anonymous, aggregated usage statistics about our websites (e.g., page views, referrer, browser type, country). This tool does not use cookies, does not collect personal data, does not track individual users across sessions, and does not fingerprint devices. All data is aggregated and cannot be used to identify you. Because our analytics are cookieless and do not process personal data, no consent is required under GDPR, ePrivacy Directive, or similar regulations. Analytics are hosted on our own infrastructure within the EU; no data is shared with third parties.
3.3 Affiliate Referral Tracking. We operate an affiliate program through our Merchant of Record. When you visit our website via an affiliate link, you may be redirected through our domain before arriving at the MoR's checkout. During this process, the MoR may place a cookie on its own domain to attribute the referral to the correct affiliate partner. NextBatch does not place affiliate tracking cookies on its own domain and does not store affiliate tracking data in its own systems. For details on how the MoR handles this data, refer to their privacy policy.
3.4 Future Marketing Tools. If we introduce marketing or advertising cookies in the future, we will update this policy and implement a cookie consent mechanism before activating them. Non-essential cookies will only be placed with your prior consent.
We do not sell your personal data. We share data only as described below.
4.1 Merchant of Record (MoR). Purchases are processed through our Merchant of Record. When you proceed to checkout, you are redirected to the MoR's secure payment environment where you enter your payment details. The MoR acts as an independent data controller for billing, payment, tax, and invoicing data under its own privacy policy. We do not process or store your payment card details. We receive only the data necessary to coordinate order fulfillment and support (email, order ID, product purchased).
4.2 Hosting & Infrastructure. Our servers and services are hosted within the European Union. We use reputable hosting, CDN, and security providers (such as reverse proxies and DDoS protection services) who may process technical data (including IP addresses and request metadata) as part of delivering and protecting our Services. These providers act as data processors under a Data Processing Agreement (DPA).
4.3 Support & Communication Tools. We use email for support. If you contact us via third-party platforms (Discord, Telegram), those platforms process your data under their own privacy policies. We recommend not sharing sensitive personal data through those channels.
4.4 Service Providers. We may use third-party processors for email delivery, monitoring, and other operational services. All processors are bound by DPAs and are selected for their compliance with applicable data protection law.
4.5 Authentication Provider. We use a third-party authentication provider to manage user sign-in for our online services. This provider processes authentication data (such as email, name, and login credentials) under its own privacy policy and Data Processing Agreement. We do not store or have access to your passwords. This provider is certified under the EU-U.S. Data Privacy Framework (see Section 5).
4.6 Legal Requirements. We may disclose personal data if required by law, court order, or to protect our legal rights.
Our core infrastructure is EU-based. Our authentication provider is based in the United States and is certified under the EU-U.S. Data Privacy Framework (DPF). Authentication data may be transferred to the United States on the basis of the DPF. If any other data processing involves a transfer outside the EEA, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission.
We retain personal data only as long as necessary for the purposes described in this policy.
| Data category | Retention period |
|---|---|
| Account & license data | Life of your license/subscription + 24 months |
| Activation & audit logs | Up to 24 months |
| Support correspondence | Up to 24 months after last interaction |
| Purchase/order records | As required by Dutch tax law (7 years) |
| Website/server logs | Up to 12 months |
| Website analytics | Aggregated, anonymous data only; no personal data retained |
After the applicable retention period, data is deleted or anonymized. If you request deletion of your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and access controls. We do not store user passwords; authentication is handled by a third-party provider (see Section 4.5). No system is 100% secure; we cannot guarantee absolute security but we take reasonable precautions appropriate to the sensitivity of the data.
Under the GDPR, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at [email protected] with your request and sufficient information to verify your identity (e.g., your email address and order/license key).
We will respond within 30 days. If we need more time (up to 60 additional days for complex requests), we will inform you.
Our Services are not intended for anyone under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will delete it promptly.
If you purchase through a Merchant of Record or third-party marketplace, that party is an independent data controller for the data it collects (payment details, billing address, tax information). Their privacy policy governs that data. We have no control over and accept no responsibility for how the MoR processes your payment data.
Similarly, if you interact with us through third-party platforms (Discord, Telegram, social media), those platforms have their own privacy policies. We encourage you to review them.
Where NextBatch processes personal data on your behalf as a data processor (for example, in the context of SaaS or API services where you provide data), a Data Processing Agreement applies. A standard DPA is available upon request at [email protected].
We may update this Privacy Policy from time to time. For material changes, we will notify you via email and/or in-product notification at least 14 days before the changes take effect. The updated policy will be posted on our website with a revised effective date. Continued use of our Services after the effective date constitutes acceptance of the updated policy.
If you have questions about this policy or want to exercise your rights: