Privacy & Security

Privacy Policy

Effective Date: January 1, 2025

GolXP ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Information We Collect

We collect the following categories of information when you use our Service:

Account Information

  • Full name and email address
  • Hashed password (AES-256)
  • Account role and status

Payment Information

  • Transaction IDs and amounts
  • Payment method type
  • No full card numbers stored

Trading Configuration

  • MT5 server and login number
  • Encrypted MT5 password
  • Used solely for cloud operation

Usage & Technical Data

  • IP address and device info
  • Browser type and log data
  • Security and debug events

2. How We Use Your Information

We use the information we collect to:

  • Create and manage account
  • Process payments & confirmations
  • Operate cloud trading instances
  • Deliver EA license keys
  • Send transactional notifications
  • Calculate referral commissions
  • Detect and prevent fraud
  • Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

3. Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance:Processing necessary to deliver the Service you subscribed to.
Legitimate interests:Security monitoring, fraud prevention, and platform improvement.
Legal obligation:Retaining transaction records as required by applicable law.
Consent:Where you have explicitly opted in (e.g., optional communications).

4. Data Sharing and Third Parties

We share your data only with the following categories of third parties, strictly to operate the Service:

  • Payment processors: Stripe, Coinbase, CoinPayments, Razorpay.
  • Email service provider: ZeptoMail for transactional delivery.
  • Infrastructure providers: Cloud hosting and license validation systems.

All third-party providers are contractually obligated to maintain appropriate security standards.

5. MT5 Credential Security

Maximum Security Standards

  • AES-256 encryption at rest
  • TLS encryption for all transit
  • Immediate deletion on instance termination

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Account data is retained for up to 3 years after deletion, and transaction records for up to 7 years for financial compliance.

7. Cookies and Tracking

We use session storage and local storage to maintain your authenticated session. We do not use third-party advertising cookies or tracking pixels.

8. Your Rights

Access
Rectification
Erasure
Restriction
Portability
Objection

To exercise any of these rights, contact us via our contact page.

9. Data Security

We implement industry-standard security measures including Bcrypt hashing, JWT-based authentication, and AES-256 encryption. Despite these measures, no system is completely secure.

10. Changes to This Policy

We may update this Privacy Policy periodically. Registered users will be notified of material changes via email.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please reach out via our contact page.

Back to Home