Legal

PRIVACY POLICY

Effective: 1 January 2026Version: 1.0

This Privacy Policy describes how ApexStrat Technologies FZCO ("ApexStrat", "we", "us") collects, uses, and protects your personal data when you use the ApexStrat platform. We are committed to protecting your privacy and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR) where applicable.

01

Data We Collect

Account data: Name, email address, phone number, company name, country of residence, and account credentials.

Billing data: Stripe customer ID and payment method token. We do not store raw card numbers or bank account details — these are processed and stored securely by Stripe, Inc.

Broker credentials: Broker server name, account number, and encrypted password (MT5) or API key and account ID (IG). These are stored encrypted with AES-256 in AWS Secrets Manager. ApexStrat staff cannot decrypt your password.

Trading data: Trade records, position history, equity curve data, and performance metrics associated with your account.

Usage data: Log data, IP addresses, browser type, and interaction data with the platform, collected for security and service improvement purposes.

Communication data: Support tickets, messages, and correspondence you send to us.

02

Legal Basis for Processing

We process your personal data on the following legal bases:

Contract performance: Processing necessary to provide you the service, including managing your account, billing, and strategy execution.

Legitimate interests: Security monitoring, fraud prevention, service improvement, and analytics.

Legal obligation: Compliance with applicable laws including anti-money laundering requirements where applicable.

Consent: Marketing communications, where you have opted in.

03

How We Use Your Data

We use your personal data to:

  • Provide and maintain the platform and trading services
  • Process billing and manage your subscription
  • Send transactional emails (account setup, billing confirmations, strategy alerts)
  • Respond to support requests and communicate service changes
  • Monitor for security incidents and prevent fraud
  • Comply with legal obligations
  • Improve the platform (using anonymised, aggregated data)
04

Data Sharing & Sub-processors

We do not sell your personal data. We share data only with service providers necessary to operate the platform:

Amazon Web Services (AWS)

Cloud infrastructure, authentication, encrypted credential storage

Stripe, Inc.

Payment processing and subscription billing

Sentry

Error monitoring and crash reporting

Resend / AWS SES

Transactional email delivery

All sub-processors are contractually bound to handle your data securely and in accordance with applicable data protection laws.

05

Data Retention

We retain your personal data for as long as your account is active and for up to 7 years after account closure for tax and legal compliance purposes.

Trading data and billing records are retained for 7 years as required for financial record-keeping. Support correspondence is retained for 3 years.

After the retention period, data is securely deleted or anonymised.

06

Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for broker credentials at rest (AWS Secrets Manager)
  • TLS encryption for all data in transit
  • AWS Cognito for authentication with Advanced Security Mode enabled
  • Per-customer isolated AWS satellite accounts (your data is not co-mingled)
  • Regular security reviews and access controls
  • Multi-factor authentication available for all accounts

Despite our security measures, no system is perfectly secure. In the event of a data breach affecting your rights, we will notify you in accordance with applicable law.

07

International Transfers

ApexStrat is registered in Dubai, UAE. Your data may be processed by our sub-processors in the EU (AWS eu-central-1, Frankfurt), United States (Stripe headquarters), and other locations where our sub-processors operate.

For transfers of personal data outside the EU/EEA, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) where required.

08

Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you.
Rectification: Request correction of inaccurate data.
Erasure: Request deletion of your data (subject to legal retention requirements).
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Restriction: Request that we restrict processing in certain circumstances.

To exercise your rights, contact privacy@apexstrat.com. We will respond within 30 days. If you are in the EU, you also have the right to lodge a complaint with your local supervisory authority.

09

Cookies

The platform uses essential cookies for session management and authentication (NextAuth). We do not use third-party advertising or tracking cookies on the customer portal.

The marketing website may use analytics cookies (with your consent) to improve content and measure effectiveness.

10

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before taking effect. The updated policy will always be accessible at this URL.

11

Contact & DPO

For privacy-related questions, requests, or concerns, contact our Data Protection Officer at:

privacy@apexstrat.com
ApexStrat Technologies FZCO
IFZA Business Park, DDP, Building A2
Dubai, United Arab Emirates

Terms & Conditions →← Back to homepage
Privacy Policy — ApexStrat | ApexStrat