GDPR Notice

Sep, 30 2025

Data Controller and Contact Details

The data controller for personal data processed in connection with the website buyfakemoney.net ("Buy Fake Money") is Alma Viva, 4801 Main St, Kansas City, MO 64112, United States of America.

Contact email: [email protected].

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, this notice explains how we process your personal data under the General Data Protection Regulation (GDPR) and related laws. Processing is primarily conducted in the United States in alignment with applicable U.S. federal and state privacy laws.

Scope and Relationship to U.S. Law

This GDPR notice applies to personal data we process when you access or use our services, including our paper-trading features for crypto and stocks, portfolio simulators, educational content, and market tracking tools. We align our practices with applicable United States privacy laws (including state laws) while extending GDPR-consistent rights and disclosures to individuals in the EEA/UK/Switzerland where GDPR applies extraterritorially.

Categories of Personal Data We Process

  • Identifiers: Account credentials (username), email address, IP address, cookie identifiers, device identifiers.
  • Commercial and Service Data: Simulation activity (watchlists, demo portfolios, test trades), preferences, settings, in-app interactions, and saved strategies.
  • Technical and Usage Data: Log files, device type, browser type, operating system, timestamps, pages viewed, referral URLs, session metrics, crash/error diagnostics.
  • Blockchain-Related Data: Public testnet wallet addresses you choose to link for testing; we do not request or store private keys or recovery phrases.
  • Communications: Support requests, feedback, survey responses, and marketing preferences.
  • Inferred Data: Insights derived from usage (for example, content interests or likely feature preferences) to personalize the experience.

We do not intentionally collect sensitive personal data (such as government IDs, precise geolocation, or real financial account numbers) and do not process real-money transactions through our services.

Sources of Personal Data

  • Directly from you when you create an account, configure settings, submit content, or contact support.
  • Automatically from your device and browser via cookies, SDKs, and similar technologies.
  • From service providers (e.g., analytics, hosting) that assist us in operating the services.

Purposes of Processing and Legal Bases

We process personal data for the following purposes under the legal bases recognized by GDPR:

  • To provide and maintain the services, including account creation, feature delivery, and customer support (performance of a contract; Art. 6(1)(b)).
  • To personalize content, portfolios, and educational materials; to analyze usage; and to improve our services (legitimate interests; Art. 6(1)(f)).
  • To secure our services, prevent fraud and abuse, ensure availability, and enforce terms (legitimate interests; Art. 6(1)(f)).
  • To conduct research, testing, and product development using aggregated or pseudonymized data (legitimate interests; Art. 6(1)(f)).
  • To send service communications and, if you opt in where required, marketing communications (legitimate interests or consent; Art. 6(1)(f) or Art. 6(1)(a)).
  • To comply with legal obligations and respond to lawful requests (legal obligation; Art. 6(1)(c)).

Where processing relies on consent, you may withdraw your consent at any time without affecting the lawfulness of processing before withdrawal.

Cookies and Similar Technologies

We use cookies, local storage, and similar technologies to enable core functionality, remember preferences, measure performance, and understand usage. Where required by law, we request your consent for non-essential cookies. You can manage cookies through your browser settings and, where available, through our on-site preferences. Disabling certain cookies may affect service functionality.

Recipients and International Transfers

We share personal data with the following categories of recipients for the purposes described above:

  • Service providers and processors that host, store, analyze, and support the services (e.g., cloud infrastructure, analytics, email delivery, customer support).
  • Professional advisors (legal, compliance, accounting) under confidentiality obligations.
  • Authorities, courts, or parties to legal proceedings when required by law or necessary to protect rights, safety, or property.
  • Successors in the event of a corporate transaction (e.g., merger or acquisition) subject to contractual safeguards.

Personal data is primarily processed in the United States. When we transfer personal data from the EEA/UK/Switzerland to the U.S. or other countries without an adequacy decision, we rely on appropriate transfer mechanisms (such as Standard Contractual Clauses) and implement supplementary safeguards as appropriate.

Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this notice, including providing the services, complying with legal obligations, resolving disputes, and enforcing agreements. Typical retention periods are tied to the life of your account and for a reasonable period thereafter (e.g., 24 months of inactivity), unless a longer period is required by law or needed for legitimate business purposes. Backup copies and logs may persist for a limited time consistent with our backup and security policies. We may retain aggregated or de-identified data for analytics and product improvement.

Security of Processing

We implement appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, least-privilege practices, secure development lifecycles, logging, and monitoring. Despite these measures, no system can be guaranteed to be fully secure.

Automated Decision-Making and Profiling

We do not make decisions based solely on automated processing that produce legal or similarly significant effects on you. We may use profiling (e.g., recommending content or features) to personalize your experience. You may object to profiling used for direct marketing at any time.

Your GDPR Rights

Subject to applicable law and certain limitations, you have the following rights:

  • Access: Obtain confirmation and a copy of personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete personal data.
  • Erasure: Request deletion of personal data where grounds apply (e.g., withdrawal of consent, no longer necessary).
  • Restriction: Request restriction of processing under certain circumstances.
  • Portability: Receive personal data you provided in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Objection: Object to processing based on our legitimate interests, including profiling, and object at any time to processing for direct marketing.
  • Consent Withdrawal: Withdraw consent where processing is based on consent.
  • Complaint: Lodge a complaint with an EEA/UK supervisory authority if you believe your rights have been infringed.

Exercising Your Rights

To exercise your rights or to submit a privacy inquiry, contact us at [email protected] or write to: Alma Viva, 4801 Main St, Kansas City, MO 64112, United States of America.

We may need to verify your identity before fulfilling your request. If we cannot comply with a request, we will explain the reasons subject to legal constraints. Authorized agents may submit requests where permitted by law with sufficient proof of authorization and identity.

Additional Disclosures for U.S. Residents

Depending on your state of residence, you may have rights under state privacy laws (e.g., California, Colorado, Connecticut, Utah, Virginia), such as access, deletion, correction, portability, and the right to opt out of certain processing (e.g., targeted advertising). We do not sell personal information for money. We may share limited identifiers and usage data with analytics and advertising partners to improve and promote our services; where required, you may opt out by adjusting cookie preferences or contacting us. We do not use or disclose sensitive personal information for purposes that require a right to limit under applicable law. We will not discriminate against you for exercising your privacy rights. Where technically feasible, we honor legally recognized opt-out signals (such as certain browser-based signals) that we can detect and process.

Children’s Privacy

Our services are intended for users who are at least 13 years old. We do not knowingly collect personal data from children under 13 years of age. If you believe a child under 13 has provided personal data, contact us at [email protected] for prompt deletion.

Updates to This Notice

We may update this GDPR notice to reflect changes in our practices or legal requirements. Material changes will be indicated by updating the effective date and, where appropriate, by providing additional notice.

Effective Date

This notice is effective as of the date of publication and remains in effect until superseded by an updated version.