Privacy Policy

1. Information We Collect

1.1 Account Data

When you create an account, we collect your name, email address, phone number, date of birth, nationality, and residential address. This information is necessary to provide our Services and comply with regulatory requirements.

1.2 Trading Data

We collect information about your trading activity, including order history, trade executions, portfolio positions, balances, deposits, withdrawals, and AI bot configurations. This data is necessary for service delivery, risk management, and regulatory compliance.

1.3 KYC Documents

To comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations, we may collect copies of government-issued identification documents, proof of address, selfie photographs, and source of funds documentation.

1.4 Device and Technical Information

We automatically collect device information including IP address, browser type and version, operating system, device identifiers, screen resolution, and timezone. We also collect usage data such as pages visited, features used, click patterns, and session duration.

1.5 Cookies and Similar Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing behavior and preferences. See Section 7 for more details on our cookie practices.

2. How We Use Information

• Account Management: To create, maintain, and secure your account; to process identity verification; and to communicate with you about your account.
• Trading Services: To execute trades, manage orders, calculate fees, and maintain portfolio records.
• Regulatory Compliance: To comply with applicable laws, regulations, and legal processes, including KYC/AML requirements, tax reporting, and sanctions screening.
• Analytics and Improvement: To analyze usage patterns, improve our Services, develop new features, and enhance the user experience.
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security incidents; to enforce our Terms of Service.
• Communications: To send important account notifications, security alerts, and, with your consent, marketing communications.

3. Information Sharing

We do not sell your personal information to third parties. We may share your information in the following circumstances:

• Law Enforcement and Legal Process: When required by law, court order, subpoena, or other legal process, or when we believe disclosure is necessary to protect our rights or the safety of others.
• KYC/AML Service Providers: We share identity verification data with trusted third-party KYC and AML service providers to perform identity checks and sanctions screening.
• Analytics Providers: We share anonymized and aggregated data with analytics providers to help us understand and improve our Services.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
• With Your Consent: We may share your information with third parties when you have given us explicit consent to do so.

4. Data Retention

We retain your data for the following periods:

5. Security Measures

We implement robust security measures to protect your personal information, including:

• Encryption: All data in transit is encrypted using TLS 1.3. Sensitive data at rest is encrypted using AES-256.
• Two-Factor Authentication (2FA): TOTP-based 2FA is available and strongly recommended for all accounts.
• Cold Storage: 95% of cryptocurrency assets are held in air-gapped cold wallets with multi-signature authorization.
• Access Controls: Strict role-based access controls, principle of least privilege, and comprehensive audit logging for all data access.
• Regular Audits: Periodic security assessments and penetration testing by independent third-party security firms.

6. Your Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of any inaccurate or incomplete personal data.
• Right to Deletion: Request deletion of your personal data, subject to legal and regulatory retention requirements.
• Right to Data Portability: Request your data in a structured, machine-readable format.
• Right to Opt-Out: Opt out of marketing communications at any time by following the unsubscribe instructions in our emails or adjusting your notification settings.

To exercise any of these rights, please contact our Data Protection Officer at dpo@nextrade.io. We will respond to your request within thirty (30) days.

7. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Platform to function properly, including session management, authentication, and security.
• Functional Cookies: Remember your preferences and settings, such as language, theme, and layout choices.
• Analytics Cookies: Help us understand how users interact with the Platform, so we can improve the user experience.
• Performance Cookies: Monitor the performance and reliability of the Platform.

You can manage your cookie preferences through your browser settings. Please note that disabling certain cookies may limit the functionality of the Platform.

8. International Transfers

Your personal data may be transferred to, stored, and processed in countries other than your country of residence. When we transfer your data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by relevant data protection authorities, adequacy decisions, or your explicit consent. We take steps to ensure that your data receives an adequate level of protection in the jurisdictions in which we process it.

9. Children's Privacy

The Services are not intended for individuals under the age of eighteen (18). We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to promptly delete such information. If you believe that a child under 18 has provided us with personal information, please contact us at dpo@nextrade.io.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on the Platform, updating the “Last updated” date, and, for significant changes, sending an email notification to the address associated with your account. Your continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.

11. Contact Our Data Protection Officer

If you have any questions, concerns, or complaints regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: