Our Commitment to Privacy

At StratioFX, we prioritize the confidentiality and integrity of your personal information. This comprehensive Privacy Policy outlines our practices regarding the collection, processing, storage, and protection of your data when you interact with our trading platform and services.

By accessing our services, you consent to the data practices described in this policy. We maintain a proactive approach to privacy, conducting regular audits and reviews to ensure compliance with global regulations including GDPR, CCPA, and other applicable data protection laws.

Last Updated: February 27, 2025| Version: 2.1 | Applicable To: All users, visitors, and clients

Enterprise-Grade Data Protection

Military-grade 256-bit encryption for all sensitive data transfers and storage

Certified Security Standards

ISO 27001 certified information security management system

Information We Collect

We collect various types of information to provide and improve our services, ensure regulatory compliance, and maintain platform security:

Personal Identification

  • Full legal name and contact information (email, phone, address)
  • Government-issued identification (passport, driver's license, national ID)
  • Biometric data (for advanced verification where required)
  • Proof of residence (utility bills, bank statements)
  • Tax identification numbers (SSN, TIN, etc.)

Financial Information

  • Bank account details (for deposits/withdrawals)
  • Payment card information (tokenized and encrypted)
  • Transaction history (complete audit trail)
  • Source of funds documentation
  • Investment profile (risk tolerance, objectives)

Technical & Usage Data

  • Device fingerprints (hardware/software configurations)
  • IP addresses with geolocation data
  • Browser/OS information and system settings
  • Usage patterns (session duration, feature usage)
  • Cookies and tracking technologies (as per our Cookie Policy)

Operational Data

  • Customer service interactions (calls, chats, emails)
  • Market research and survey responses
  • KYC/AML verification results
  • Risk assessment data
  • Compliance documentation

We minimize data collection to only what's necessary for providing services, complying with regulations, and protecting against fraud. Certain data may be retained for specific periods as required by financial regulations.

How We Use Your Information

Your data enables us to deliver secure, compliant, and personalized services while maintaining the highest standards of financial integrity:

Account Services & Operations

  • User authentication and account access control
  • Identity verification and fraud prevention
  • Customer support and service delivery
  • Account maintenance and administration

Financial Processing

  • Transaction execution and settlement
  • Payment processing and reconciliation
  • Anti-fraud monitoring and suspicious activity reporting
  • Tax reporting and compliance

Legal & Regulatory Compliance

  • Know Your Customer (KYC) obligations
  • Anti-Money Laundering (AML) monitoring
  • Sanctions screening and prevention
  • Regulatory reporting requirements

Service Enhancement

  • Platform functionality improvements
  • User experience optimization
  • New product development
  • Performance analytics

Security & Risk Management

  • Cybersecurity threat detection
  • System integrity monitoring
  • Risk assessment modeling
  • Incident response preparation

Communication & Marketing

  • Service notifications and alerts
  • Account activity reports
  • Market research (opt-in)
  • Promotional offers (opt-in)

Legal Basis for Processing

We process your data based on: (1) Contractual necessity for service delivery, (2) Legal obligations under financial regulations, (3) Legitimate business interests (security, fraud prevention), and (4) Your consent for specific processing activities.

Our Security Framework

StratioFX employs a multi-layered security architecture designed to meet or exceed financial industry standards for data protection:

Technical Security Measures

  • End-to-end encryption: AES-256 for data at rest and in transit
  • Network security: Next-gen firewalls, DDoS protection, and intrusion detection
  • Access controls: Role-based permissions with multi-factor authentication
  • Cryptographic protections: Digital signatures for transaction integrity
  • Secure development: OWASP-compliant coding practices

Organizational Controls

  • Staff training: Annual privacy and security certification
  • Data governance: Strict data classification and handling policies
  • Vendor management: Third-party security assessments
  • Incident response: 24/7 security operations center
  • Business continuity: Disaster recovery and backup systems

Data Management

  • Storage: Geographically distributed, access-controlled data centers
  • Retention: Policy-based lifecycle management
  • Destruction: Certified data erasure procedures
  • Auditability: Immutable activity logs
  • Privacy by design: Default data minimization

Certifications

ISO 27001, SOC 2 Type II, PCI DSS compliant

Global Standards

GDPR, CCPA, and financial regulatory compliance

Continuous Monitoring

Real-time threat detection and response

Your Data Subject Rights

Under applicable data protection laws, you have the following rights regarding your personal information:

Right to Access

Obtain confirmation of whether and how we process your data, including copies of your personal information in a structured, commonly used format.

Process: Submit verifiable request through your account dashboard or via email

Right to Rectification

Request correction of inaccurate or incomplete personal data we maintain about you.

Process: Update profile information directly or contact support with documentation

Right to Erasure

Request deletion of personal data when no longer necessary for its original purpose or when you withdraw consent (subject to regulatory retention requirements).

Process: Submit deletion request with identity verification

Right to Restriction

Limit our processing of your data while disputes about accuracy or lawfulness are resolved.

Process: Contact DPO with specific restriction request

Right to Portability

Receive your provided personal data in a structured format and transfer it to another controller.

Process: Request data export through account settings

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

Process: Adjust communication preferences or submit objection request

Note: Some rights may be limited in certain circumstances, particularly when processing is necessary for regulatory compliance, contract fulfillment, or the establishment, exercise or defense of legal claims. We will respond to all valid requests within 30 days as required by law.

Privacy Questions?

If you have any questions about our Privacy Policy or your personal data, please contact our Data Protection Officer.

[email protected]