Privacy Policy

Last updated: 1 March 2026

ZuraFX (“we”, “our”, “us”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store and share information when you use our platform at zurafx.com.

1. Who We Are

ZuraFX is an AI-powered trading platform. For data protection purposes, ZuraFX acts as the data controller for personal information you provide when registering and using our services. You can contact us at privacy@zurafx.com.

2. What Data We Collect

Account Data

  • Name and email address
  • Password (stored in encrypted form, never in plain text)
  • Profile settings and preferences

Usage Data

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and features used within the platform
  • Session duration and interaction logs

Financial & Trading Data

  • Broker API credentials (encrypted at rest using AES-256)
  • Portfolio values, trade history and position data retrieved from connected brokers
  • Agent configuration and strategy settings

Communication Data

  • Messages sent to our support team
  • AI Chat session content (not stored beyond your active session unless you explicitly save it)

3. How We Use Your Data

  • To provide, maintain and improve the ZuraFX platform
  • To authenticate your identity and keep your account secure
  • To process subscription payments via Stripe
  • To send service-related communications (account alerts, billing notifications)
  • To monitor platform performance and detect abuse or fraud
  • To comply with legal obligations

We do not sell your personal data to third parties. We do not use your trading data to train AI models without your explicit consent.

4. Legal Basis for Processing (UK GDPR)

  • Contract performance — processing necessary to deliver the services you have signed up for
  • Legitimate interests — security monitoring, fraud prevention, product analytics
  • Legal obligation — compliance with applicable financial and data protection laws
  • Consent — marketing emails (you can withdraw consent at any time)

5. Data Storage & Security

Your data is stored on Google Cloud Platform infrastructure in the EU/UK region. We implement:

  • AES-256 encryption at rest for all sensitive data
  • TLS 1.3 in transit for all communications
  • Role-based access controls — staff only access data when strictly necessary
  • Regular security audits and penetration testing
  • Automated breach detection and incident response procedures

6. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • Trade history: retained for 7 years to comply with financial record-keeping requirements
  • Usage logs: retained for 90 days
  • Backup copies: purged within 6 months of the retention period

7. Third-Party Services

We work with the following trusted processors:

  • Stripe — payment processing (PCI-DSS Level 1 certified)
  • Cloudflare — CDN, DDoS protection, DNS
  • Google Cloud Platform — cloud hosting and database infrastructure
  • Resend — transactional email delivery
  • PostHog — anonymised product analytics

Each processor is bound by data processing agreements that comply with UK GDPR.

8. Your Rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”) subject to legal retention obligations
  • Restrict or object to certain processing
  • Data portability — receive your data in a machine-readable format
  • Withdraw consent at any time where consent is the legal basis

To exercise any right, email privacy@zurafx.com. We will respond within 30 days.

9. Cookies

We use essential cookies for authentication and functional cookies to remember your preferences. Please see our Cookie Policy for full details.

10. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email or a prominent notice on the platform at least 14 days before they take effect.

11. Contact & Complaints

For privacy-related questions: privacy@zurafx.com
If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.