MM3← Back

Privacy Policy

Last updated: March 25, 2026

This Privacy Policy explains how GTG Soft collects, uses, stores, shares, and protects personal data when you use MM3 (MM3).

1. Who we are

MM3 is a software platform operated by GTG Soft that provides AI-powered technical analysis tools and market data aggregation for the Vietnamese stock market.

MM3 is a software tool only. It is not a licensed securities advisory firm, broker, bank, or financial institution.

2. Scope of this Policy

This Privacy Policy applies to personal data processed through:

  • the MM3 website and application;
  • user registration, login, and account management;
  • AI chat, watchlists, portfolio-related features, and analytics features;
  • subscriptions, billing, and invoice issuance; and
  • customer support and security operations.

3. What data we collect

Depending on how you use MM3, we may collect the following categories of data:

3.1 Account and identity data

  • Full name
  • Email address
  • Profile photo or avatar, if provided
  • Login provider identifier, such as Google OAuth ID
  • Account preferences and settings

3.2 User content and feature data

  • Watchlists
  • Portfolio inputs and self-entered investment tracking data
  • Saved filters, notes, alerts, and interface preferences
  • AI chat prompts, messages, and generated outputs
  • Requests made to market analysis or recommendation features

3.3 Billing and transaction data

  • Subscription plan information
  • Payment status and transaction references
  • Billing contact information
  • Tax code, invoice details, and related accounting records where required

3.4 Device, technical, and usage data

  • IP address
  • Device type, browser, OS, app version
  • Log data, timestamps, session events, and feature usage
  • Security and abuse-detection signals
  • Cookies and similar technologies

3.5 Support and communications data

  • Messages you send to support
  • Feedback, bug reports, and survey responses
  • Communication preferences

4. Sources of data

We collect data:

  • directly from you when you register, log in, subscribe, contact us, or use MM3;
  • automatically from your use of the platform;
  • from authentication providers such as Google, when you choose to log in through them; and
  • from payment, invoicing, or infrastructure providers that support core platform operations.

5. Why we process your data

We process personal data for the following purposes:

  1. To provide the service — create and maintain your account, authenticate access, operate watchlists, portfolio tools, AI chat, and analytics features.
  2. To improve performance and reliability — monitor service quality, diagnose bugs, maintain availability, and improve user experience.
  3. To maintain security — detect abuse, suspicious activity, fraud, unauthorized access, scraping, and other prohibited conduct.
  4. To manage billing and invoices — process subscriptions, track payment status, generate invoices, and comply with accounting and tax requirements.
  5. To communicate with you — send account notices, service updates, policy changes, security alerts, and support responses.
  6. To comply with law — retain records, respond to lawful requests from competent authorities, and meet legal, accounting, audit, or regulatory obligations.
  7. To develop and improve product features — evaluate system usage, improve prompts, models, and workflows, and optimize feature design.

6. Legal bases

Where applicable under law, we rely on one or more of the following legal bases:

  • your consent;
  • performance of a contract or steps related to providing the service you requested;
  • compliance with legal obligations; and
  • our legitimate interests in operating, securing, improving, and defending the platform, provided those interests do not override your rights.

7. AI and analytics data

When you use AI-powered features, your prompts, inputs, and related context may be processed to generate outputs, maintain service quality, investigate abuse, and improve product performance.

You should not submit confidential third-party information, inside information, or data you are not authorized to share.

AI outputs may be retained for a limited period for quality assurance, abuse prevention, troubleshooting, and product improvement.

8. Cookies and similar technologies

We may use cookies, local storage, SDKs, and similar technologies to:

  • keep you signed in;
  • remember preferences;
  • analyze traffic and feature usage;
  • detect abnormal or abusive activity; and
  • improve security and performance.

You may be able to control cookies through your browser settings, but disabling certain cookies may affect the functionality of MM3.

9. How we share data

We do not sell your personal data.

We may share personal data only in the following circumstances:

9.1 Service providers

We may share data with vendors and processors that support core operations, such as:

  • cloud hosting and infrastructure providers;
  • authentication providers;
  • payment processors;
  • invoicing providers;
  • analytics, monitoring, logging, customer support, or security vendors.

9.2 Legal compliance

We may disclose data where required by law, court order, lawful request, audit requirement, or request from a competent state authority.

9.3 Business protection

We may share data where reasonably necessary to enforce our Terms, investigate violations, protect rights, prevent fraud, respond to security incidents, or defend legal claims.

9.4 Corporate transactions

If GTG Soft undergoes a merger, acquisition, investment, restructuring, asset transfer, or similar transaction, personal data may be transferred as part of that transaction, subject to applicable law.

10. International storage and transfers

MM3 may use infrastructure located outside Vietnam, including cloud infrastructure in AWS ap-southeast-1 (Singapore), to store and process data. By using MM3, you acknowledge that your data may be processed or stored outside Vietnam, subject to contractual, technical, and organizational safeguards.

Where local law requires additional procedures, notices, registrations, assessments, or safeguards for cross-border transfers, we will seek to comply with those requirements.

11. Data retention

We retain data only for as long as reasonably necessary for the purposes described in this Policy, unless a longer period is required or permitted by law.

Indicative retention periods may include:

  • Google OAuth profile data: for the lifetime of the account and up to 30 days after account closure.
  • Watchlist and portfolio-related data: for the lifetime of the account, unless deleted earlier by the user or required for dispute resolution.
  • Credit, billing, invoice, and tax records: up to 10 years, or longer if required by accounting, tax, audit, or legal obligations.
  • AI chat conversations and related prompts: generally up to 90 days for quality, safety, troubleshooting, and improvement purposes, unless longer retention is necessary for security, disputes, or legal compliance.
  • Usage logs and market data query logs: generally up to 30 days, or longer if needed for abuse detection, incident investigation, or legal compliance.
  • Support records: for as long as reasonably necessary to resolve the request and maintain a record of service history.

12. Data security

We use reasonable technical and organizational measures to protect personal data, including measures designed to prevent unauthorized access, disclosure, alteration, misuse, or destruction.

These measures may include access controls, authentication, encryption in transit where appropriate, logging, monitoring, backups, and internal access limitation based on role.

No system is perfectly secure. Accordingly, we cannot guarantee absolute security.

13. Your rights

Subject to applicable law, you may have the right to:

  • know what personal data we process about you;
  • request access to or a copy of certain personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion or anonymization of data in certain circumstances;
  • request restriction of processing in certain circumstances;
  • object to certain processing activities;
  • withdraw consent where processing is based on consent;
  • request account closure; and
  • complain to a competent authority where permitted by law.

We may need to verify your identity before fulfilling a request. Some rights may be limited where retention or processing is required by law, security needs, contractual necessity, or legitimate dispute handling.

14. Children

MM3 is not intended for children under the age required by applicable law to use the service independently. If you believe a child has provided personal data to us in violation of applicable law, please contact us so we can take appropriate steps.

15. Third-party links and services

MM3 may contain links to or integrations with third-party services. We are not responsible for the privacy practices of third-party services that we do not control. You should review their privacy policies separately.

16. Changes to this Policy

We may update this Privacy Policy from time to time to reflect legal, technical, operational, or product changes. When we do, we will revise the “Last updated” date and may provide additional notice where appropriate.

Your continued use of MM3 after an updated Privacy Policy becomes effective means you acknowledge the updated version, to the extent permitted by law.

17. Contact us

For privacy-related questions, requests, or complaints, please contact:

GTG Soft — MM3 Platform Team
Email: support@gtgcrm.com