Privacy Policy
Effective date: 1 June 2025 · Last updated: 24 March 2026
1. Who we are
Anton Ladnyi · A.L. Capital Advisory
Berlin, Germany
Email: [email protected]
Website: alcapitaladvisory.com
We are an independent private investment advisory practice operating under German law and subject to the EU General Data Protection Regulation (GDPR). We are not subject to MiFID II licensing requirements as we do not hold client assets or execute trades. This service is not directed at residents of Finland, Sweden, Norway, Denmark, Iceland, or Poland.
2. What data we collect and why
| Category | Data collected | Legal basis | Purpose | Retention |
|---|---|---|---|---|
| Contact enquiry | Name, email address, message content | Art. 6(1)(b) — pre-contractual steps | Responding to your enquiry about advisory services | 3 years from last contact |
| Newsletter / research updates | Email address, first name (optional) | Art. 6(1)(a) — consent | Sending research publications and updates | Until you unsubscribe or withdraw consent |
| Asset Lens / tool access | Email address (voluntary gate) | Art. 6(1)(a) — consent | Unlocking gated data sections and sending the equity report | Session or until consent withdrawn; email list max 3 years |
| Working paper download | Email address, name (optional) | Art. 6(1)(a) — consent | Providing access to the PDF and adding to research list | Until you unsubscribe |
| Analytics (with consent) | Pseudonymous page-view, session, and navigation data via Google Analytics | Art. 6(1)(a) — consent | Understanding site usage; improving content and UX | 26 months (GA4 default) |
| Marketing pixels (with consent) | Pseudonymous ad interaction data via LinkedIn Insight Tag and Meta Pixel | Art. 6(1)(a) — consent | Measuring ad campaign performance; lookalike audiences | 90–180 days per platform |
| Session / browser storage | Consent preferences, grade-change alerts, tool unlock state | Art. 6(1)(f) — legitimate interest (functionality) | Remembering your preferences within and across sessions | sessionStorage clears on tab close; localStorage max 6 hours for cache, indefinite for consent |
| UTM parameters | Source, medium, campaign values from URL (e.g. utm_source=linkedin) | Art. 6(1)(f) — legitimate interest (marketing attribution) | Understanding which channels drive enquiries; included in form submissions | Session only (sessionStorage) |
| Portfolio Health Check purchase | Name (optional), email address, portfolio size category | Art. 6(1)(b) — pre-contractual steps / contract performance | Stripe checkout initiation and report delivery | 3 years (contractual records) |
| Risk DNA questionnaire | Name (optional), 20-question financial profile, drawdown tolerance, investment horizon, initial investment, target wealth, portfolio tickers | Art. 6(1)(a) — consent | Computing risk aversion coefficient A and delivering personalised risk report | Until deletion requested; max 2 years inactive |
| Risk DNA email report | Email address, name (optional), risk profile summary | Art. 6(1)(a) — consent | Delivering PDF risk report by email | Until unsubscribe or consent withdrawn |
| Client portfolio dashboard | Authenticated portfolio positions, allocations, risk metrics, Monte Carlo results | Art. 6(1)(b) — contract performance (advisory service delivery) | Providing personalised portfolio analytics to advisory clients | Duration of advisory relationship + 3 years |
| AI portfolio analysis | Anonymised portfolio summary (positions, weights, metrics — no name or email) | Art. 6(1)(b) — contract performance | AI-generated anomaly detection and Q&A in client dashboard | Processed in real-time; not retained by AI provider per enterprise terms |
| Session booking (Calendly) | Name, email address, background profile, message | Art. 6(1)(b) — pre-contractual steps | Scheduling the Strategic Session and pre-filling booking form | 3 years from last contact |
3. Third-party processors
We share data with the following processors under Data Processing Agreements where required:
| Processor | Purpose | Personal data shared | Country | Safeguard |
|---|---|---|---|---|
| Google LLC (GA4) | Analytics — page views, sessions, navigation (consent required) | Pseudonymous identifiers, IP address (anonymised) | USA | Standard Contractual Clauses · DPA |
| Meta Platforms Inc. | Advertising pixel — ad performance, retargeting (consent required) | Pseudonymous browser identifiers | USA | Standard Contractual Clauses · DPA |
| LinkedIn Ireland UC | Advertising pixel — campaign measurement (consent required) | Pseudonymous member identifiers | Ireland / USA | Standard Contractual Clauses · DPA |
| Stripe Inc. | Payment processing for Portfolio Health Check (€150) | Name (optional), email, payment card data | USA / Ireland | Standard Contractual Clauses · DPA available — sign in Stripe dashboard |
| Anthropic PBC (Claude API) | AI-generated portfolio anomaly detection and Q&A in client dashboard | Anonymised portfolio summary only — no name, email, or direct identifiers | USA | Standard Contractual Clauses · Anthropic enterprise terms prohibit training on submitted data |
| Calendly LLC | Session booking scheduling | Name, email, background profile pre-filled from booking form | USA | Standard Contractual Clauses · DPA |
| Formspree Inc. | Fallback email delivery for Risk DNA reports (only if primary backend unavailable) | Name, email, risk report summary | USA | Standard Contractual Clauses · DPA required — under review |
| Cloudflare Inc. | CDN, DNS, DDoS protection, email obfuscation | IP addresses, request metadata (no application data) | USA | Standard Contractual Clauses · DPA |
| Yahoo Finance (read-only API) | Market data source for Asset Lens calculations | No personal data transferred — ticker symbols only | USA | No personal data transferred |
Tracking processors (Google, Meta, LinkedIn) only receive data if you have given explicit consent via the cookie banner. All other processors receive only the minimum data necessary for their specific function.
4. Cookies and browser storage
We use the following storage mechanisms:
| Name / key | Type | Purpose | Duration |
|---|---|---|---|
| alc_consent_v1 | localStorage | Stores your cookie consent choices | 1 year |
| al_email_unlocked, al_sm_unlocked, al_captured_email | sessionStorage | Remembers that you have unlocked gated content in this session | Tab session |
| al_grade_* (ticker-specific) | localStorage | Stores the last viewed investment grade to trigger change notifications | Indefinite (grade data only, no PII) |
| al_ai_cache_* (ticker-specific) | localStorage | 6-hour cache of AI analyst output to reduce API calls | 6 hours TTL, then deleted |
| utm_source, utm_medium, utm_campaign, utm_content, utm_term | sessionStorage | Attribution data from inbound links | Tab session |
| _alc_intro_shown | sessionStorage | Suppresses the intro animation after first view | Tab session |
| _ga, _ga_*, _fbp, li_sugr (consent required) | Cookies (third-party) | Analytics and advertising pixel identifiers | Per provider settings (26 months / 90 days) |
You can manage your preferences at any time:
5. Your rights under GDPR
As a data subject in the EU/EEA, you have the following rights. To exercise any of them, contact us at [email protected]. We will respond within 30 days.
6. Data security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or damage. These include TLS encryption in transit, access controls on backend systems, and periodic review of data minimisation practices.
No method of transmission over the internet is 100% secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify UODO within 72 hours and affected individuals without undue delay where required by Art. 33–34 GDPR.
7. Children's data
Our services are directed at professional and retail investors aged 18 and over. We do not knowingly collect personal data from persons under 18. If you believe a minor has submitted data through our site, please contact us immediately and we will delete it.
8. Changes to this policy
We may update this policy to reflect changes in law, our data practices, or the services we offer. Material changes will be indicated by a new effective date at the top of this page. We encourage you to review this policy periodically.
9. Contact
Anton Ladnyi · A.L. Capital Advisory
[email protected]
Supervisory authority (Poland):
Urz