Privacy Policy
Last updated: April 2026
Who we are
Stenor Lab is an automated trading research service operated by Damian Jawor, based in Poland (EU jurisdiction). We research and distribute MetaTrader 5 Expert Advisors for retail traders. We are not a broker, investment advisor, or portfolio manager.
Data we collect
We collect minimal personal data, depending on how you use the site:
- Email address — only if you sign up for our waitlist or newsletter (via MailerLite)
- IP address — automatically logged by our hosting provider (Cloudflare) and analytics service
- Browser fingerprinting data — standard analytics tracking (user agent, screen resolution, referrer, visited pages)
- Cookies — stored on your device to remember your consent preferences and provide analytics
We do not collect payment data directly (you are redirected to secure payment processors). We do not collect location data, phone numbers, or sensitive personal categories.
Purpose of processing
- To deliver the website and its functionality
- To respond to your inquiries and manage your waitlist/newsletter signup
- To understand how the site is used and improve performance (analytics)
- To comply with legal obligations (e.g. anti-fraud, tax, regulatory record-keeping)
- To send you educational content if you opted in to our newsletter
Legal basis for processing
Under GDPR (EU Regulation 2016/679), we process your data on one or more of these legal bases:
- Consent (Art. 6(1)(a)): Email signup, newsletter, analytics, and marketing cookies are processed only after you explicitly consent via our cookie banner.
- Legitimate interest (Art. 6(1)(f)): We analyze site usage to improve security, detect abuse, and optimize performance. We balance this against your privacy expectations on a public website.
- Contract (Art. 6(1)(b)): If you purchase an EA license, we process your data to deliver the service and fulfill our obligations.
- Legal obligation (Art. 6(1)(c)): We retain records required by Polish tax and regulatory law.
Retention periods
| Data type | Retention period | Reason |
|---|---|---|
| Email (newsletter signup) | Until you unsubscribe or 36 months | Newsletter delivery and consent audit trail |
| IP address / analytics | {{LEGAL_REVIEW_PENDING}} | Site performance analysis |
| Cookies (analytics) | 13 months or until browser cleared | GDPR guideline for anonymous analytics |
| Cookies (consent preferences) | 13 months or until browser cleared | Respect user's consent choice across visits |
| License purchase data | {{LEGAL_REVIEW_PENDING}} | Tax, audit, dispute resolution |
| Server logs (Cloudflare) | 30 days (Cloudflare default) | Security and abuse prevention |
Third parties and data transfers
We share personal data with:
- Cloudflare: Hosting and CDN provider. Processes IP addresses and request logs. See Cloudflare Privacy Policy.
- MailerLite: Email marketing platform (only if you sign up for our newsletter). Processes email addresses and engagement data. See MailerLite Privacy Policy.
- Analytics service: {{LEGAL_REVIEW_PENDING}} (specify: Plausible, Fathom, Matomo self-hosted, etc.).
- Payment processors: Stripe, PayPal, or other PCI-DSS compliant processors. We never store your payment card data.
All processors are either in the EU or have appropriate safeguards (EU Standard Contractual Clauses, Privacy Shield equivalents). We do not sell or rent your data to third parties.
Your rights under GDPR
You have the right to request, at any time:
- Access (Art. 15): A copy of all personal data we hold about you.
- Rectification (Art. 16): Correction of inaccurate data.
- Erasure / "Right to be forgotten" (Art. 17): Deletion of your data, except where we have a legal obligation to retain it.
- Restrict processing (Art. 18): Ask us to limit how we use your data while you dispute its accuracy.
- Data portability (Art. 20): Receive your data in a portable, machine-readable format.
- Object (Art. 21): Opt out of direct marketing and processing based on legitimate interest.
- Withdraw consent: At any time, without affecting the lawfulness of prior processing.
To exercise any of these rights, contact us at the address below.
Data Protection Officer
{{LEGAL_REVIEW_PENDING}} (Determine whether a Data Protection Officer is required under GDPR Art. 37. As a small trading research business, you likely do not need a formal DPO unless processing constitutes a core activity or involves large-scale systematic monitoring. If required, insert contact details here.)
Cookies and tracking
We use cookies and similar technologies to recognize your device, remember your preferences, and understand how you use the site. See our Cookie Policy for a detailed list of all cookies, including purpose, retention, and how to disable them.
You can manage your cookie consent at any time by clicking "Manage preferences" in the cookie banner or visiting the Preferences section of our Cookie Policy.
Children's data
Stenor Lab is not intended for children under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately so we can delete it.
Changes to this policy
We may update this Privacy Policy to reflect legal changes or improvements to our practices. We will notify you by email (if you have opted in) and update the "Last updated" date on this page. Your continued use of the site after changes constitute acceptance of the updated policy.
Questions or requests?
To exercise your rights or ask questions about how we handle your data, please contact:
Stenor Lab
Damian Jawor
Poland
Email: biznes.djawor@gmail.com
You also have the right to lodge a complaint with your local data protection authority. In Poland, this is the Urząd Ochrony Danych Osobowych (UODO) uodo.gov.pl.