Privacy Policy

Last updated: April 2025

1. Who We Are (Data Controller)

Propfirm123 ("we", "our", "us") is the data controller responsible for your personal data.

Company name: Propfirm123
Email:support@propfirm123.com

If you have any questions about this policy or how we handle your data, please contact us at the email above.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: name, email address, and password (hashed) provided at registration
  • Usage data: pages visited, features used, timestamps of activity
  • Technical data: IP address, browser type, device type, operating system
  • Preference data: theme preference stored locally on your device
  • Communications: any messages or enquiries you send us

We do not collect sensitive personal data (special categories under Article 9 GDPR) and we do not knowingly collect data from children under 16.

3. Legal Basis for Processing (Article 6 GDPR)

We process your personal data on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b)): Processing your account data is necessary to provide you with our services, including authentication and access to the platform.
  • Legitimate interests (Art. 6(1)(f)): We process usage and technical data to maintain security, prevent fraud, and improve the platform. Our legitimate interests do not override your rights.
  • Consent (Art. 6(1)(a)): Where we send marketing communications, we rely on your consent. You may withdraw consent at any time (see Section 8).
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law, we may process your data to comply with legal obligations.

4. How We Use Your Data

  • To create and manage your account
  • To authenticate you and keep your session secure
  • To provide access to platform features and content
  • To respond to your enquiries and support requests
  • To monitor and improve platform performance and security
  • To send service-related communications (e.g. password resets)
  • To send marketing communications, where you have consented

5. Data Retention

We retain your personal data for the following periods:

  • Account data: for the duration of your account, plus 30 days after deletion to allow for recovery requests
  • Authentication tokens: stored locally on your device and cleared when you log out
  • Usage and technical data (logs): up to 12 months
  • Support communications: up to 3 years from the date of the last communication
  • Data required for legal obligations: as long as required by applicable law

After these periods, data is securely deleted or anonymised.

6. Sharing Your Data

We do not sell your personal data. We may share it with:

  • Service providers: third-party vendors who assist in operating our platform (e.g. hosting, email delivery). These processors are bound by data processing agreements and may only process your data on our instructions.
  • Legal authorities: where required by law, court order, or to protect our legal rights.

7. International Data Transfers

Your data may be stored or processed in countries outside the European Economic Area (EEA). Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision.

8. Local Storage (Cookies and Similar Technologies)

We do not use cookies. We use browser localStorage, a similar technology, for the following essential purposes:

  • Authentication token: to keep you signed in during and between sessions
  • Theme preference: to remember your chosen display theme (dark/light)

These are strictly necessary for the platform to function. No tracking or advertising technologies are used. See our Cookie Policy for more details.

9. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you, as defined in Article 22 GDPR.

10. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights:

  • Right of access (Art. 15): request a copy of the personal data we hold about you
  • Right to rectification (Art. 16): request correction of inaccurate or incomplete data
  • Right to erasure (Art. 17): request deletion of your personal data ("right to be forgotten")
  • Right to restriction (Art. 18): request that we limit how we process your data
  • Right to data portability (Art. 20): receive your data in a structured, machine-readable format and transfer it to another controller
  • Right to object (Art. 21): object to processing based on legitimate interests or for direct marketing
  • Right to withdraw consent: where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal

To exercise any of these rights, contact us at support@propfirm123.com. We will respond within 30 days. We may need to verify your identity before processing your request.

11. Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection supervisory authority. In the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. In the EU, contact the supervisory authority in your country of residence.

We would, however, appreciate the opportunity to address your concerns directly before you contact a regulator.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a notice on the platform. The date at the top of this page always reflects the most recent revision.