Legal
Privacy Policy
Effective date: January 1, 2026 · Last updated: January 2026
This Privacy Policy describes how XauMinded ("we", "our", or "us") collects, uses, and shares information about you when you use our website at
xauminded.com and any related services, including our integration with the TikTok Content Posting API. By using our services you agree to the practices described in this policy.
1. Who We Are
XauMinded is an automated gold trading signal service operated by AIImperija, a company registered in Lithuania, European Union. We provide algorithmic XAU/USD copy trading signals via MetaTrader 5. We also publish educational and performance-related content on social media platforms, including TikTok, using the TikTok Content Posting API.
Data controller contact: hello@xauminded.com
2. Information We Collect
We collect the following categories of information depending on how you interact with us:
- Contact information — name and email address when you submit a contact or access request form.
- Usage data — IP address, browser type, pages visited, and time spent on site, collected automatically via server logs and analytics tools.
- TikTok account data — when you authorise our application via TikTok Login Kit or Content Posting API, we may receive your TikTok open ID, display name, profile picture URL, and the access token required to post content on your behalf. We do not receive or store your TikTok password.
- Communications — any messages or emails you send to us.
We do not collect sensitive personal data such as financial account numbers, payment card details, or government identification numbers.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To respond to enquiries and provide access to our copy trading signal service.
- To publish trading performance updates and educational content to TikTok on behalf of authorised accounts using the TikTok Content Posting API.
- To monitor and improve the performance and security of our website and services.
- To comply with legal obligations under applicable EU and Lithuanian law.
- To send service-related communications (not marketing) to users who have requested access.
We do not use your information for automated individual decision-making or profiling that produces legal or similarly significant effects.
4. TikTok API Data Usage
Our application uses the TikTok Content Posting API exclusively to post pre-approved trading performance content and educational videos to TikTok. Specifically:
- We request only the minimum TikTok permissions required to post video content.
- We do not read, scrape, or store your TikTok followers, messages, or any data beyond what is strictly required for content posting.
- TikTok access tokens are stored securely and are never shared with third parties.
- You may revoke our application's access to your TikTok account at any time via TikTok's app settings at tiktok.com/settings.
- Upon revocation or account deletion, all stored TikTok tokens associated with your account are permanently deleted from our systems within 30 days.
5. Legal Basis for Processing (GDPR)
As we operate within the European Union, we rely on the following legal bases under the General Data Protection Regulation (GDPR) when processing personal data:
- Consent (Art. 6(1)(a)) — for TikTok API authorisation and any optional communications you opt into.
- Contract performance (Art. 6(1)(b)) — to provide the copy trading signal service you have requested access to.
- Legitimate interests (Art. 6(1)(f)) — for website analytics and security monitoring, where our interests do not override your fundamental rights.
- Legal obligation (Art. 6(1)(c)) — where processing is necessary to comply with applicable law.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We may share data in the following limited circumstances:
- TikTok Inc. — solely to execute content posting actions via the Content Posting API as authorised by you.
- Hosting and infrastructure providers — our website is hosted on servers subject to standard data processing agreements.
- Legal authorities — where required by applicable law, court order, or regulatory request.
Any third-party processor we engage is subject to a Data Processing Agreement (DPA) ensuring GDPR-compliant handling of personal data.
7. Data Retention
We retain personal data only for as long as necessary for the purpose it was collected:
- Contact enquiry data is retained for up to 2 years.
- TikTok access tokens are retained only while the authorisation is active and deleted within 30 days of revocation.
- Server logs are retained for up to 90 days for security purposes.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption for data in transit, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.
9. Your Rights Under GDPR
If you are located in the European Economic Area, you have the following rights regarding your personal data:
- Right of access — request a copy of the data we hold about you.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your data where no legitimate basis for retention exists.
- Right to restriction — request that we limit processing of your data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact us at hello@xauminded.com. You also have the right to lodge a complaint with the State Data Protection Inspectorate of Lithuania (vdai.lrv.lt).
10. Cookies and Analytics
Our website may use cookies or similar tracking technologies for functional and analytical purposes. No advertising or cross-site tracking cookies are used. You can control cookie preferences through your browser settings. We do not use cookies that require consent under the ePrivacy Directive for strictly necessary functions.
11. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it promptly. If you believe we have collected data from a minor, please contact us at hello@xauminded.com.
12. International Data Transfers
Our operations are based in Lithuania, EU. If personal data is transferred outside the EEA (for example, to TikTok's infrastructure), such transfers are conducted under appropriate safeguards such as Standard Contractual Clauses (SCCs) as approved by the European Commission.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via a prominent notice on our website at least 14 days before taking effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
14. Contact Us
For any questions, data requests, or concerns regarding this Privacy Policy or our data practices, please contact:
XauMinded / AIImperija
Email: hello@xauminded.com
Website: xauminded.com
Jurisdiction: Republic of Lithuania, European Union