Join Now →

Privacy Policy

Effective date: 19 April 2026
Last updated: 19 April 2026

1. Who this policy applies to

This Privacy Policy explains how Anthony Lyle trading as Elliott Wave Insights (“Elliott Wave Insights”, “the business”, “we”, “us” or “our”) collects, uses, stores and shares personal data when people use the Elliott Wave Insights website, services, memberships, updates and community access channels.

Elliott Wave Insights is a UK-based trading education business. This policy is intended primarily for UK data protection compliance, but some services may also be accessed by visitors outside the UK.

Data controller contact details
Anthony Lyle trading as Elliott Wave Insights
Email: [email protected]

For general privacy or data protection questions, requests or complaints, use the email address above.

2. Personal data collected

Personal data may be collected directly from users when they contact the business, subscribe to updates, purchase memberships or products, request access to Telegram or Discord communities, or otherwise interact with the website and services.

Depending on how the service is used, the personal data collected may include:

  • Identity and contact data, such as name, email address, username, Telegram handle or Discord username.
  • Account and membership data, such as subscription status, access permissions, plan type and support history.
  • Transaction and payment data, such as purchase records, billing details and payment status; full card details are processed by payment providers and are not stored directly by Elliott Wave Insights.
  • Technical and usage data, such as IP address, browser type, device information, pages viewed, cookie identifiers and analytics data, where permitted.
  • Communications data, such as messages, support requests, emails, and records of preferences for receiving updates by email, Telegram or Discord.

Personal data may also be received from third-party providers where necessary to operate the service, such as payment confirmation from Stripe or Lemon Squeezy, or mailing and hosting-related records from service providers used by the business.

3. How personal data is collected

Personal data is collected in several ways:

  • Directly from users when forms are submitted, purchases are made, or emails and support requests are sent.
  • Automatically through essential website technologies and, where consent has been given, through analytics and similar tools.
  • From third-party providers involved in payment processing, subscriptions, messaging or service delivery.

4. Why personal data is used

Personal data is used to operate, deliver and improve the business’s services. This includes:

  • Creating and managing accounts, memberships and access permissions.
  • Processing orders, subscriptions and payments.
  • Sending product, service or membership-related communications.
  • Sending updates, market analysis, educational content or community notices where the recipient has subscribed or where another lawful basis applies.
  • Providing Telegram and Discord access where these are offered as part of a service or community feature.
  • Responding to enquiries, technical support requests and customer service issues.
  • Maintaining security, detecting abuse, preventing fraud and protecting the website and services.
  • Measuring site performance and usage where appropriate consent has been obtained for non-essential analytics tools.
  • Meeting legal, accounting, tax and regulatory obligations.

Personal data is not sold to third parties.

5. Lawful bases for processing

Under UK GDPR, personal data is processed only where a lawful basis applies. Depending on the context, Elliott Wave Insights may rely on one or more of the following lawful bases:

  • Contract: where processing is necessary to provide a purchased product, subscription, membership, community access or requested service.
  • Consent: where a user has actively agreed, for example to receive marketing updates or to accept non-essential cookies.
  • Legitimate interests: where processing is necessary for running, securing and improving the business, provided those interests are not overridden by the individual’s rights and interests.
  • Legal obligation: where records must be kept or disclosures made to comply with tax, accounting, fraud-prevention or other legal requirements.

Where consent is relied upon, it can be withdrawn at any time. Withdrawal does not affect processing already carried out lawfully before consent was withdrawn.

6. Cookies and similar technologies

The website uses cookies and similar technologies to support core site functions and, subject to consent, to understand usage and improve services.

Cookies may include:

  • Strictly necessary cookies, which are required for core website functionality and security. These do not require consent, although users should still be told about them.
  • Analytics cookies, which help measure website performance and visitor behaviour. These should only be set after valid consent has been given through the cookie banner or consent tool.
  • Marketing or tracking cookies, if used, which should only be set after valid consent has been given.

A cookie banner or consent management tool should be used so that analytics and marketing cookies are blocked unless and until the user gives valid consent. Access to the site should not be made conditional on consenting to non-essential cookies.

Users can also control cookies through browser settings, although disabling certain cookies may affect site functionality.

7. Email, Telegram and Discord communications

Elliott Wave Insights may send service messages, membership notices, community access information and subscribed updates by email, Telegram or Discord, depending on the services a user has joined or requested.

Where messages are marketing in nature, the business should rely on a valid lawful basis such as consent or another permitted basis under applicable rules. Users can unsubscribe from marketing emails at any time and can leave Telegram or Discord channels or communities they no longer wish to follow.

Discord may be offered as an alternative to Telegram for community access or updates. Telegram and Discord are third-party platforms with their own privacy practices, so users should review those providers’ terms and privacy notices before using them.

8. Payments and billing

Payments may be processed through Stripe and Lemon Squeezy. These providers process payment information on the business’s behalf or as separate controllers/processors depending on the service configuration, and they may collect billing, transaction and fraud-prevention data required to complete purchases.

Elliott Wave Insights does not store full payment card details on its own systems. Payment records and order records may still be retained for accounting, tax, chargeback, fraud prevention and legal purposes.

9. Sharing personal data

Personal data may be shared with trusted third parties only where necessary for legitimate business operations, service delivery or legal compliance. These may include:

  • Payment providers, including Stripe and Lemon Squeezy.
  • Email or hosting-related providers, including the business’s CyberPanel email infrastructure or connected service providers, where needed to send or receive communications.
  • Website analytics, consent management or security service providers, where these are enabled and lawfully used.
  • Community and messaging platforms, including Telegram and Discord, where a user chooses to use those services.
  • Professional advisers, regulators, legal authorities or law enforcement, where disclosure is necessary to comply with legal obligations or protect legal rights.

Personal data is shared only to the extent reasonably necessary for the relevant purpose.

10. International transfers

Some service providers or platforms used by Elliott Wave Insights may process personal data outside the UK. When this happens, appropriate steps should be taken to ensure personal data remains protected in line with UK GDPR requirements.

Whether a transfer is restricted under UK GDPR depends on the facts of the transfer and the role of the receiving organisation. Where required, appropriate safeguards should be used.

11. Data retention

Personal data is kept only for as long as reasonably necessary for the purposes described in this policy, including legal, accounting, tax, security and dispute-resolution requirements.

Typical retention periods may include:

  • Membership and customer records: for the duration of the relationship and for a reasonable period afterwards where needed for support, disputes, record-keeping or legal compliance.
  • Payment and transaction records: generally up to 7 years where required for accounting or tax purposes.
  • Marketing records: until consent is withdrawn, the user unsubscribes, or the records are no longer needed.
  • Analytics and cookie-related records: in line with the settings of the tools used and the business’s consent and retention configuration.

Retention periods may be adjusted where necessary to comply with law or to establish, exercise or defend legal claims.

12. Data security

Appropriate technical and organisational measures should be used to help protect personal data from unauthorised access, loss, misuse, disclosure or alteration. These may include encrypted connections, access controls, restricted administration access, password protection, platform-level security measures and routine maintenance practices.

No internet-based system can be guaranteed to be completely secure. Users should also take reasonable steps to protect their own devices, passwords and accounts.

13. Individual rights

Under UK data protection law, individuals may have the right to:

  • request access to their personal data;
  • request correction of inaccurate or incomplete data;
  • request erasure in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain processing, including some direct marketing;
  • request portability of data, where applicable; and
  • withdraw consent where processing relies on consent.

Requests can be sent to [email protected]. Proof of identity may be requested before a response is provided. The business will respond in accordance with applicable legal time limits.

14. Children

The website, services and memberships are not intended for children. Elliott Wave Insights does not knowingly target or provide services to children. If personal data is believed to have been collected from a child in error, contact should be made using the details in this policy so the matter can be reviewed and, where appropriate, the data deleted.

15. Social sharing and third-party platforms

If social sharing buttons, embedded tools or third-party platform links are used on the site, those features may allow third-party providers to receive technical data such as IP address, browser or device information, and information about the content viewed or shared.

Those third-party providers operate under their own terms and privacy policies. Elliott Wave Insights does not control how those third parties use personal data once a user interacts with their services.

16. Complaints

If there is a concern about how personal data is handled, contact should first be made using [email protected] so the matter can be reviewed.

Individuals in the UK also have the right to complain to the Information Commissioner’s Office (ICO). ICO guidance explains that privacy notices should clearly identify contact details and individuals’ rights, including complaint routes.

Information Commissioner’s Office
Website: https://ico.org.uk/
Telephone: 0303 123 1113

17. Changes to this policy

This Privacy Policy may be updated from time to time to reflect changes to the website, services, legal requirements or operational practices. The latest version will be posted on the website with the updated revision date.