Privacy Policy

1. Introduction

1.1 This Policy applies where Finestel acts as a data controller (or joint controller) in relation to the personal data of visitors to our website and Users of our Services. This means that Finestel determines the purposes and means of processing such data.

1.2 This Policy also applies to any connected ecosystem where Finestel processes data to provide its software tools, including but not limited to registration, account management, analytics, customer support, billing, and trading‑automation‑related functions.

1.3 Our website uses Cookies and similar technologies (“Cookies”). To the extent those cookies are not strictly necessary for the basic operation of the website and Services, we will request your consent before activating them the first time you visit our site.

2. Categories of Personal Data We Process

We may process the following categories of personal data, either directly or via our service providers:

• Account Data: nickname, email address, account ID, subscription status, and other login‑related identifiers.
• Usage Data: IP address, browser type and version, operating system, device information, geographical location, page views, navigation paths, timing and pattern of your use of the website and Services.
• Profile / User‑Interface Data: nicknames, profile information, interface preferences, and any details you enter into your user dashboard.
• Inquiry and Business‑Inquiry Data: information included in any inquiries, contact‑form submissions, or commercial‑inquiry messages you send to us.
• Customer Relationship Data: contact details, communication history, records of interactions with support or sales teams, notes from calls or tickets.
• Transaction and Billing Data: details of purchases or subscription payments, contact information, invoice and payment‑status records.
• Correspondence Data: content of emails, chat messages, or tickets you send to us, and associated metadata (timestamps, message IDs, read‑receipts, etc.).
• Trading Data: information about your trading activity, Automation settings, bot configurations, order‑type selections, activation‑state toggles, and any other trading‑related information you choose to share. This may include:
• Deal‑type labels, entry/exit‑time windows, and symbolic descriptors;
• Configuration parameters for bots, signals, and copy‑trading‑related Automation;
• Logs and intermediate outputs generated by automation workflows associated with your Connected Accounts.
• Technical and Log Data: server logs, error logs, connectivity information, cookie and session identifiers, API‑call metadata, and security‑event data.

3. Purposes and Legal Bases for Processing

We process your personal data only where permitted under applicable data‑protection or privacy law frameworks. The main purposes and our typical legal bases are:

3.1 Providing and Operating the Services

• Purpose: To create and maintain your account, enable access to the platform, provide trading automation tools, manage bots and strategies, and support Connected Accounts.
• Legal bases: Performance of a contract with you; and, where necessary, our legitimate interests in delivering and operating the Services.

3.2 Analytics and Service Improvement

• Purpose: To analyze usage of the website and Services, detect usage patterns, improve performance, and fix bugs or usability issues.
• Legal basis: Our legitimate interests in monitoring and improving the Services, and, where required, your consent for non‑essential tracking.

3.3 Customer Relationship and Communications

• Purpose: To manage relationships with you, respond to inquiries, provide support, and keep records of communications.
• Legal basis: Performance of a contract and our legitimate interests in managing customer relationships.

3.4 Billing and Transactions

• Purpose: To process payments, manage subscriptions, issue invoices, and handle refunds or disputes.
• Legal basis: Performance of a contract and compliance with financial and tax obligations.

3.5 Marketing and Promotional Communications

• Purpose: To send you information about Finestel products, features, updates, or offers where you have consented or where we are otherwise permitted under applicable law.
• Legal basis: Your consent (for direct marketing), and in certain cases our legitimate interests where such communications are strictly necessary for contractual or support‑related purposes.

3.6 Security, Fraud Prevention, and Compliance

- Purpose:

• To protect the platform and your accounts from misuse, fraud, or cyber threats;
• To detect, prevent, or investigate security incidents;
• To comply with legal, regulatory, tax, AML‑related, or sanctions‑related obligations where applicable.

- Legal basis: Our legitimate interests in protecting the platform and our users, and our legal obligations to comply with applicable laws and regulatory requirements.

3.7 Legal Claims and Risk Management

• Purpose: To establish, exercise, or defend legal claims, or to obtain professional advice and insurance coverage.
• Legal basis: Our legitimate interests in protecting our business and your rights, and our legal obligations to respond to claims or regulatory inquiries.

3.8 Additional Legal Grounds

We may also process personal data where such processing is necessary to comply with a legal obligation, to protect vital interests, or to perform tasks in the public interest, where applicable and as permitted by law.

4. Data Sharing and Disclosures

- We may disclose your personal data to the following categories of recipients:

- Group Companies and Affiliates: Within our corporate group (including subsidiaries and parent entities) where necessary for the purposes set out in this Policy.

- Service Providers and Processors: Third‑party providers who process data on our behalf, including:

• Cloud‑hosting and infrastructure providers;
• Analytics and marketing‑technology providers;
• Payment processors and billing‑platform operators;
• Customer‑support and ticketing‑platform providers;
• Security and fraud‑detection providers;
• Legal, tax, and compliance advisors.

- Trading‑ and Automation‑Related Disclosures:

• Where you use copy‑trading or strategy‑sharing features, we may share anonymized or aggregated performance‑related data with other users, strictly in accordance with your configuration and within the constraints of the Services.
• Trading‑related automation data is processed to enable the operation and coordination of your bots, but it is not shared with other users unless you explicitly enable a sharing or display feature (for example, public performance widgets) and provide the necessary permissions.

- Payment Processors: Transaction data may be shared with our payment services providers solely to the extent necessary to process payments, issue refunds, and respond to disputes or refund‑related queries.

- Legal and Regulatory Authorities: Where required by law, regulation, or competent authority, or to protect our rights, the rights of others, or to prevent fraud or serious harm.

We will not sell your personal data to third parties for their own independent marketing or commercial‑analytics purposes.

5. Data Transfers and International Processing

5.1 Your personal data may be transferred to, and processed in, countries outside your home jurisdiction, including locations where Finestel or its service providers operate.

5.2 Where required by law, we will use appropriate safeguards for such transfers, such as standard contractual clauses or other mechanisms recognized by applicable data‑protection authorities.

5.3 You are aware that different jurisdictions may have different data‑protection standards and that you continue to use the Services at your own discretion.

6. Data Retention and Deletion

6.1 We will retain your personal data only for as long as necessary for the purposes described in this Policy, or for as long as required by applicable legal, tax, regulatory, or business‑record‑keeping obligations.

6.2 Specific retention periods will vary by data type and may include:

• Account and profile data: for the duration of your active relationship with us, plus a reasonable period after deactivation for compliance, dispute‑resolution, or audit purposes.
• Transaction and billing records: for the period required by financial or tax law.
• Log and usage data: for a defined period to support security, troubleshooting, analytics, and compliance activities.

6.3 In addition to the above, we may retain some data where necessary to:

• Comply with legal or regulatory obligations;
• Establish, exercise, or defend legal claims;
• Protect our rights or the rights of others.

6.4 You may request the deletion or restriction of certain data in accordance with your rights described below, subject to any legal or operational limits.

7. Your Data Protection Rights

7.1 Under applicable data‑protection frameworks, you may have the following rights in relation to your personal data:

• Right of access: You may request confirmation that we process your data and, where this is the case, access to that data and related information (for example, processing purposes, categories of data, and recipients).
• Right of rectification: You may request correction of inaccurate or incomplete data.
• Right of erasure (“right to be forgotten”): You may request erasure of your data in certain circumstances, for example, where it is no longer necessary for the purposes for which it was collected, or where your consent is withdrawn and no other legal basis applies.
• Right to restrict processing: In some situations, you may request that we restrict processing of your data, for example, while accuracy is verified or during disputes.
• Right to object: You may object to certain types of processing based on legitimate interests, including direct marketing, provided you have valid grounds relating to your particular situation.
• Right to data portability: Where processing is based on consent or a contract and performed by automated means, you may request that we provide your data in a structured, commonly used, and machine‑readable format, where technically feasible.
• Right to complain: You may lodge a complaint with a relevant supervisory authority responsible for data‑protection matters in your jurisdiction.
• Right to withdraw consent: Where we rely on your consent, you may withdraw it at any time, though this will not affect the lawfulness of processing prior to withdrawal.

7.2 You can exercise these rights by:

• Logging into your account and using the privacy‑preference options provided in the Platform;
• Submitting a request via the website contact form or using the contact details in Section 10 below.

7.3 We will respond to your requests in accordance with applicable privacy requirements and may ask for additional information to verify your identity.

8. Cookies and Tracking Technologies

8.1 We use Cookies and similar technologies (for example, web beacons, pixel tags, and local‑storage objects) to operate and improve the Services.

8.2 Types of Cookies used:

• Essential cookies: Enable core functions such as authentication, session management, and security‑related features.
• Performance and analytics cookies: Collect information about how you use the website and Services, including page views and navigation patterns.
• Functional cookies: Store your preferences and settings to enhance the user experience.
• Advertising and marketing cookies: Used where you have consented, to deliver and measure the effectiveness of personalized advertising or marketing campaigns.

8.3 You can manage or disable Cookies through your browser settings. Common links for managing Cookies in popular browsers are:

• Chrome: https://support.google.com/chrome/answer/95647
• Firefox: https://support.mozilla.org/en‑US/kb/enable‑and‑disable‑cookies
• Safari: https://support.apple.com/kb/PH21411
• Edge: https://privacy.microsoft.com/en‑us/windows‑10‑microsoft‑edge‑and‑privacy

Blocking or disabling Cookies may limit your ability to use some features of the website and Services.

9. Data Security

9.1 We take commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

9.2 These measures may include:

• Encryption of data in transit and, where appropriate, at rest;
• Secure authentication and session‑management mechanisms;
• Access‑control policies and role‑based permissions;
• Regular security audits and vulnerability‑testing;
• Training and awareness of personnel involved in data processing.

9.3 You remain responsible for securing your account (for example, using strong passwords and two‑factor authentication) and for protecting your API keys and Connected Accounts.

10. Updates to this Policy

10.1 We may update this Privacy Policy from time to time by publishing a new version on our website.

10.2 We encourage you to review this page periodically to stay informed of any changes. Your continued use of the Services after the updated Policy becomes effective constitutes your acceptance of the revised terms.

11. Contact Details

11.1 Data Controller

ERUVATION MANAGEMENT CONSULTANCIES EST.

DED License: #1381309 | Dubai, UAE

Registered Office: Shaikha Mhara Building, Al Qusais Second, Office 315, Al Qusais 2, Dubai, UAE

11.2 You may contact us regarding this Privacy Policy or any privacy‑related matter:

• via the contact form on the Finestel website at https://finestel.com/contact-us/;
• by email to the address published on the website.