Privacy Policy

Last Updated: June 8, 2026

‍This Privacy Policy explains how AAG Research, a commercial name operated by MATICA, SLU, an Andorran company with NRT L-720844-F, represented by Alberto Álvarez González, collects, uses, stores, shares, protects, and otherwise processes personal data when you access or use aagresearch.com and any related websites, newsletters, emails, subscriptions, digital content, reports, market commentary, research-style publications, account features, checkout pages, contact forms, communities, webinars, downloads, and other services provided by or on behalf of AAG Research.For clarity, MATICA, SLU, AAG Research, we, us, and our refer to the operator of the Website and Services. User, you, and your refer to any person whose personal data we process.This Privacy Policy is intended to provide clear and detailed information for users in Andorra, the European Union, the European Economic Area, the United Kingdom, Switzerland, Canada, the United States, and other jurisdictions where users may access the Services. It is drafted to be broad and protective, but it must be reviewed by qualified Andorran and EU privacy counsel before publication.

‍1. Who We Are & European Representation Status
‍
The data controller responsible for the processing described in this Privacy Policy is:

‍MATICA, SLU, trading as AAG Research
‍NRT: L-720844-F
‍Representative: Alberto Álvarez González
‍Email: legal@aagresearch.com
‍EU/EEA Data Protection Representative Statement: > Pursuant to Article 27 of the EU General Data Protection Regulation (GDPR), a designated EU-based representative is not required. MATICA, SLU’s processing of EU/EEA data subjects' personal data is occasional, does not include large-scale processing of special categories of data (as defined in Article 9 GDPR), and is highly unlikely to result in a risk to the rights and freedoms of natural persons. EU and EEA residents may direct all privacy queries, data access requests, or complaints directly to our primary privacy email at legal@aagresearch.com.

‍2. Laws and Standards Considered

‍We operate from the Principality of Andorra and may process personal data in accordance with applicable Andorran data protection law, including Qualified Law 29/2021 of 28 October on personal data protection and its implementing regulations, as amended from time to time.Where we offer goods or services to, monitor the behaviour of, or otherwise process personal data of individuals in the European Union or European Economic Area in a way that brings such processing within the territorial scope of the GDPR, we will seek to comply with applicable GDPR obligations.Where applicable, we also consider requirements relating to electronic communications, cookies, direct marketing, consumer protection, cybersecurity, cross-border data transfers, and platform or payment-provider rules.Nothing in this Privacy Policy is intended to limit rights that cannot be limited under mandatory law.

‍3. Scope of This Privacy Policy

‍This Privacy Policy applies to personal data processed through or in connection with:the Website at aagresearch.com;free and paid newsletters;subscription sign-ups, account creation, billing, and checkout flows;financial education content, market commentary, research-style publications, reports, charts, videos, webinars, downloads, and other digital materials;email communications, marketing campaigns, customer support, surveys, testimonials, and contact forms;analytics, advertising, retargeting, behavioural metrics, heatmaps, session replay, and security tools, where used;social media pages, embedded content, and third-party platforms used to deliver or promote the Services; andany other interaction where this Privacy Policy is linked or referenced.This Privacy Policy does not apply to third-party websites, platforms, brokers, exchanges, payment processors, analytics providers, advertising networks, social media platforms, or other services that we do not control. Their own privacy policies apply.

‍4. Personal Data We May Collect

‍Depending on how you interact with the Services, we may collect the categories of personal data listed below.

‍4.1 Identity and Contact Data

‍name;email address;phone number, if provided;company name, job title, or professional role, if provided;billing address, country, region, postal code, and tax location information;social media handle or public profile information if you interact with us publicly; andany other contact details you voluntarily provide.

‍4.2 Account and Subscription Data

‍account username or login identifier;subscription status, plan type, renewal date, cancellation status, and access rights;newsletter preferences, communication preferences, and unsubscribe history;purchase history, order numbers, invoices, receipts, discounts, coupons, refunds, and chargeback information;support history, account notes, and customer-service interactions; andauthentication, security, and account-access logs.

‍4.3 Payment and Transaction Data

‍We may collect transaction-related data such as purchase amount, currency, product purchased, subscription period, payment status, billing details, and payment processor identifiers.We generally do not store full payment card numbers. Card and payment details are usually processed by third-party payment processors. We may receive limited payment information such as the last four digits of a card, card brand, expiry month/year, payment token, billing country, fraud score, and payment status.

‍4.4 Usage, Device, and Technical Data

‍IP address;browser type and version;device type, operating system, screen size, language, and time zone;referring and exit pages;pages viewed, links clicked, scroll depth, session duration, and navigation paths;email opens, email clicks, delivery status, bounce data, and unsubscribe events;log files, timestamps, diagnostic data, and error reports;cookie identifiers, advertising IDs, analytics identifiers, and similar online identifiers; andapproximate location derived from IP address or billing information.

‍4.5 Content, Communications, and Support Data

‍messages you send through contact forms, email, chat, community features, or social media;attachments, screenshots, documents, or files you voluntarily provide;survey responses, testimonials, reviews, questions, comments, and feedback;records of your preferences, interests, and requested topics; andinformation needed to investigate complaints, enforce terms, prevent fraud, or respond to legal requests.

‍4.6 Marketing and Advertising Data

‍marketing consent records;newsletter subscription source;campaign attribution data;ad interaction data;audience segment information;retargeting, remarketing, lookalike, and conversion event data where used; andpreferences about the communications you want to receive.

‍4.7 Sensitive Personal Data

‍We do not intentionally request sensitive personal data such as health information, biometric data, political opinions, religious beliefs, trade union membership, precise geolocation, government identification numbers, or information about criminal offences unless strictly necessary and lawful.You should not send us sensitive personal data unless we specifically request it and provide a lawful basis and appropriate safeguards.

‍5. Personal Data We Do Not Intend to Collect

‍The Services are for financial education and market commentary. We do not intend to collect full brokerage account credentials, trading account passwords, private keys, seed phrases, wallet recovery phrases, national identification documents, bank login details, or other highly sensitive financial access credentials.You must not provide this information to us. If you accidentally provide it, we may delete it and may restrict communication or access for security reasons.

‍6. How We Collect Personal Data

‍We may collect personal data in the following ways:directly from you when you subscribe, purchase, create an account, complete a form, contact us, reply to an email, comment, participate in a community, or otherwise communicate with us;automatically through cookies, pixels, tags, log files, analytics tools, advertising technologies, session-replay tools, security tools, and similar technologies;from payment processors, email service providers, subscription platforms, CRM tools, analytics tools, advertising networks, fraud-prevention providers, hosting providers, and other service providers;from social media platforms or public sources where you interact with our pages, posts, advertisements, or public profiles;from business partners, affiliates, referral sources, or promotional partners, where lawful; andfrom legal, regulatory, security, fraud-prevention, or compliance sources where necessary.

‍7. Purposes for Processing Personal Data

‍We may process personal data for the following purposes:to provide, operate, maintain, and improve the Website and Services;to create and manage accounts and subscriptions;to deliver newsletters, research-style content, market commentary, educational resources, downloads, and paid materials;to process payments, invoices, renewals, cancellations, refunds, disputes, and tax obligations;to communicate with you about your account, subscription, purchases, support requests, legal notices, policy updates, and service changes;to send marketing communications where permitted by law and subject to consent where required;to personalize content, remember preferences, and improve user experience;to analyze traffic, engagement, conversion performance, email performance, product demand, and business metrics;to run advertising, retargeting, conversion measurement, attribution, and audience-building campaigns where lawful;to conduct surveys, collect feedback, display testimonials, and improve Services;to detect, prevent, investigate, and respond to fraud, abuse, unauthorized sharing, scraping, account misuse, payment disputes, security incidents, and legal violations;to protect our intellectual property, confidential information, systems, users, legal rights, and commercial interests;to comply with tax, accounting, legal, regulatory, consumer-protection, data-protection, sanctions, and court obligations;to evaluate or complete business transactions such as restructuring, sale, merger, acquisition, financing, or transfer of assets; andfor any other purpose disclosed to you at the time of collection or with your consent.

‍8. Legal Bases for Processing

‍Where GDPR, Andorran data protection law, or similar laws require a lawful basis, we may rely on one or more of the following legal bases:

‍8.1 Contract

‍We process personal data where necessary to enter into or perform a contract with you, including providing subscriptions, account access, paid content, invoices, customer support, cancellation handling, and service-related communications.

‍8.2 Legitimate Interests

‍We may process personal data where necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not overridden by your rights and freedoms. These interests may include operating and improving the Services, preventing fraud, securing systems, enforcing terms, protecting intellectual property, measuring business performance, handling customer support, and conducting limited direct marketing where legally permitted.

‍8.3 Consent

‍We rely on consent where required, including for certain marketing communications, non-essential cookies, advertising pixels, session replay, behavioural analytics, or other tracking technologies. You may withdraw consent at any time where processing is based on consent.

‍8.4 Legal Obligation

‍We process personal data where necessary to comply with applicable laws, including tax, accounting, consumer protection, data protection, court, regulatory, sanctions, and recordkeeping obligations.

‍8.5 Vital Interests and Public Interest

‍In rare cases, we may process personal data to protect vital interests or where necessary for a task carried out in the public interest, if applicable under law.

‍9. Cookies, Pixels, and Advanced Tracking Technologies

The Website utilizes essential, functional, analytical, and marketing tracking technologies—including cookies, web beacons, tracking tags, and marketing pixels. These tools allow us to keep you logged in, secure checkout tracks, remember your explicit site preferences, and measure exact conversion performance from ad campaigns.Non-essential tracking technologies (including third-party marketing pixels and tracking scripts) are disabled by default and will only activate upon your explicit, affirmative consent via our cookie consent banner. You may update, modify, or revoke your cookie tracking consent preferences at any time through the setting manager integrated into our footer.

‍10. Behavioral Analytics, Heatmaps, and Session Replay

We utilize advanced behavioral analytics platforms, including Microsoft Clarity and dedicated tracking tools, to study user engagement. These systems capture technical behavioral metrics, layout heatmaps, scroll activity, and session replays (including click paths, page switching, and navigational drop-offs).This data is used solely to identify technical site bugs, combat subscription fraud, optimize UI performance, and tailor marketing audiences. No sensitive input data or plain-text payment parameters are logged during session replays. These tools will not execute unless you have provided explicit consent for analytical cookies.

‍11. Email Marketing and Newsletters

‍If you subscribe to a newsletter, download materials, create an account, purchase a subscription, or otherwise opt in, we may send you financial education content, market commentary, research updates, product announcements, promotional offers, and related communications.We may process data about email delivery, opens, clicks, bounce rates, unsubscribe events, device type, approximate location, and campaign performance.You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us. Unsubscribing from marketing emails will not stop transactional, legal, billing, account, security, or service-related communications.

‍12. Financial Education and User Profiling

‍We may use information such as content preferences, subscription status, engagement history, email interactions, and Website behaviour to understand what topics users are interested in and to improve or personalize the Services.We do not use personal data to provide personalized investment advice, suitability assessments, regulated financial recommendations, portfolio management, brokerage services, or automated financial decision-making.Any personalization is for content delivery, marketing, analytics, user experience, and operational purposes only. It should not be interpreted as financial advice or a recommendation tailored to you.

‍13. Automated Decision-Making

‍We do not intend to make decisions that produce legal or similarly significant effects about you based solely on automated processing.We may use automated tools for ordinary business purposes such as spam filtering, fraud detection, payment-risk screening, account security, email segmentation, analytics, advertising audiences, content recommendations, and customer-support routing.Where applicable law gives you rights in relation to automated decision-making, you may contact us to exercise those rights.

‍14. Shared Data & Service Providers

We share your data with trusted vendor categories to maintain operations. Crucially, your transactional and billing information is routed through our payment processor, Alonso de Ojeda LLC (US), which acts as our direct data processor for subscriptions, transaction authorization, fraud prevention, and invoicing logistics. All payment handling is governed strictly by their corporate privacy standards and security compliance protocols.

‍15. International Data Transfers and US Transfer Safeguards

Because MATICA, SLU utilizes US-based service providers and payment infrastructure (including Alonso de Ojeda LLC), personal data collected from individuals within the EU, EEA, UK, or Switzerland will be transferred to and stored within servers located in the United States.To guarantee a continuous level of data protection equivalent to the GDPR, all data transfers to US-based entities are safeguarded using European Commission-approved Standard Contractual Clauses (SCCs) integrated directly into our vendor data processing agreements, alongside validation that recipients comply with relevant international frameworks such as the EU-U.S. Data Privacy Framework where certified.

‍16. Data Retention

‍We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.Retention periods may depend on the type of data, the purpose of processing, the nature of the relationship, legal obligations, limitation periods, tax and accounting requirements, dispute risk, fraud prevention, security needs, backup cycles, and whether you have requested deletion.Examples of retention practices may include:account and subscription data retained while your account is active and for a reasonable period afterward;billing, invoice, tax, and accounting records retained for legally required periods;support communications retained for customer-service, legal, quality, and dispute-resolution purposes;marketing consent and unsubscribe records retained to prove compliance and respect preferences;security logs retained for a limited period unless needed for investigation; andanalytics data retained in aggregated or de-identified form where possible.When personal data is no longer needed, we will delete, anonymize, aggregate, or securely archive it according to applicable law and operational requirements.

‍17. Security Measures

‍We use reasonable technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, misuse, and other security risks.These measures may include access controls, authentication, encryption in transit, secure hosting, firewalls, monitoring, backups, least-privilege access, vendor due diligence, staff confidentiality obligations, incident response procedures, and security reviews.No website, email system, payment system, transmission method, or storage system is completely secure. You are responsible for securing your own devices, accounts, passwords, browsers, email inbox, and network connections.

‍18. Your Privacy Rights

‍Depending on your location and applicable law, you may have some or all of the following rights:the right to be informed about how we process personal data;the right to access personal data we hold about you;the right to receive a copy of your personal data;the right to correct inaccurate or incomplete personal data;the right to request deletion of personal data;the right to restrict processing;the right to object to processing based on legitimate interests or direct marketing;the right to data portability;the right to withdraw consent at any time where processing is based on consent;the right to object to certain automated decision-making, where applicable;the right to opt out of certain sales, sharing, targeted advertising, or profiling where applicable; andthe right to lodge a complaint with a competent data protection authority.These rights may be subject to conditions, exceptions, identity-verification requirements, legal limitations, and retention obligations.

‍19. How to Exercise Your Rights

‍To exercise privacy rights, contact us at [Insert privacy/legal email]. Please include:your full name;the email address associated with your account or subscription;the right you want to exercise;enough information for us to understand and process your request; andproof of identity if reasonably required.We may ask for additional information to verify your identity, protect your account, prevent fraud, and confirm that we are responding to the correct person.We will respond within the timeframe required by applicable law. In many cases, this is one month, subject to lawful extensions where requests are complex or numerous.

‍20. Complaints and Supervisory Authorities

‍You may contact us first so we can try to resolve your concern.If you are in Andorra, you may have the right to contact the Andorran Data Protection Agency or other competent Andorran authority.If you are in the EU or EEA and GDPR applies, you may have the right to lodge a complaint with the data protection authority in your Member State of residence, place of work, or place of the alleged infringement.If you are in another jurisdiction, you may have the right to contact your local privacy, consumer protection, or data protection authority.

‍21. Children and Minors

‍The Services are not intended for children or minors. You must be at least 18 years old, or the age of legal majority in your jurisdiction if higher, to use the Services.We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child without appropriate legal basis or parental consent where required, we will take reasonable steps to delete it.If you believe a child has provided personal data to us, contact us at [Insert privacy/legal email].

‍22. Third-Party Websites, Platforms, and Embedded Content

‍The Services may link to or embed content from third-party websites, platforms, brokers, exchanges, charting tools, video platforms, social media networks, payment processors, newsletter platforms, analytics providers, advertising networks, or other services.We are not responsible for the privacy practices, security, content, or policies of third parties. When you interact with third-party services, their own privacy policies and terms apply.

‍23. Social Media and Public Interactions

‍If you interact with us on social media or public platforms, your username, profile information, comments, messages, reactions, shares, and other public interactions may be visible to us, the platform, and other users.Do not post private financial information, personal data, sensitive data, trading account information, or confidential information in public comments or community spaces.We may use public comments, feedback, or testimonials for marketing or service-improvement purposes where lawful and appropriate, and we may ask for additional consent where required.

‍24. User-Generated Content

‍If the Services allow comments, community posts, replies, reviews, testimonials, or other user-generated content, any personal data you include may be visible to other users or the public depending on the feature.You are responsible for the personal data you choose to share. We may moderate, remove, or restrict user-generated content to protect users, enforce our Terms, comply with law, or protect our rights.

‍25. Business Transfers

‍If MATICA, SLU, AAG Research, or any part of our business is involved in a merger, acquisition, restructuring, financing, sale of assets, change of control, insolvency, or similar transaction, personal data may be disclosed to or transferred to relevant parties, advisers, buyers, successors, or authorities as part of that transaction.Where required by law, we will provide notice or obtain consent before personal data is transferred in a way that materially changes how it is processed.

‍26. Do Not Track and Global Privacy Controls

‍Some browsers provide “Do Not Track” signals or global privacy controls. Because standards and legal treatment vary, the Website may not respond to every browser-based signal unless legally required.Where applicable law requires recognition of a specific opt-out preference signal, we will seek to comply.

‍27. Regional Notices

27.1 EU/EEA Users

‍If GDPR applies to our processing of your personal data, you may have the GDPR rights described in this Privacy Policy. We will process personal data according to applicable GDPR principles, including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.

‍27.2 Andorran Users

‍If Andorran data protection law applies, you may have rights under Andorran law, including rights of access, rectification, erasure, opposition, portability, restriction, and other rights recognised by the applicable Andorran framework.

‍27.3 United Kingdom Users

‍If UK data protection law applies, references to GDPR may be interpreted to include the UK GDPR and Data Protection Act 2018 where relevant. You may have the right to complain to the UK Information Commissioner’s Office.

‍27.4 California and Other U.S. State Privacy Rights

‍If you are a resident of California or another U.S. state with applicable privacy laws, you may have additional rights, including rights to know, access, correct, delete, opt out of certain sales or sharing, limit certain uses of sensitive personal information, and not be discriminated against for exercising privacy rights.We do not knowingly sell personal data in the ordinary sense of selling customer lists for money. However, certain advertising or analytics activities may be considered “sharing,” “sale,” targeted advertising, or profiling under some U.S. state laws. Where applicable, we will provide the required opt-out mechanism.

‍28. Data Processing Agreements and Service Providers

‍Where required, we enter into data processing agreements or similar contractual protections with service providers that process personal data on our behalf. These agreements may require service providers to process personal data only according to our instructions, protect personal data, assist with legal obligations, and return or delete data at the end of the relationship.We remain responsible for choosing appropriate service providers and applying reasonable safeguards, but we are not responsible for independent processing by third parties acting as separate controllers.

‍29. Accuracy of Personal Data

‍You are responsible for providing accurate and current personal data. You should update your account, billing, and contact information when it changes.We may suspend or restrict access if we reasonably believe information is false, misleading, outdated, incomplete, fraudulent, or creates legal, tax, security, or operational risk.

‍30. Changes to This Privacy Policy

‍We may update this Privacy Policy from time to time for legal, regulatory, operational, security, commercial, or service-related reasons.When we make changes, we will update the “Last Updated” date. Where required by law or where changes are material, we may provide additional notice by email, Website notice, account notice, or another reasonable method.Your continued use of the Services after an updated Privacy Policy becomes effective means you acknowledge the updated Privacy Policy. Where consent is required for a new processing activity, we will request consent separately.

‍31. Contact Us

‍For privacy questions, requests, complaints, or concerns, contact:
AAG Research / MATICA, SLU
NRT: L-720844-F
Representative: Alberto Álvarez González
Website: https://aagresearch.com
Privacy & Support Email: legal@aagresearch.com
Registered Address: Passatge Arnaldeta de Caboet 11, Edif. La Torre, 2-1. AD700, Escaldes-Engordany. Andorra