What is the FXSharp privacy policy?
FXSharp privacy policy is the public statement of how personal data is collected, used, shared, retained, and protected when a reader interacts with fxsharp.com. The policy applies to every page on the site, every language edition, every contact submission, and every account registered through the Sign Up flow. The data controller is the operator of FXSharp, contactable at [email protected]. The policy is written to align with the European Union General Data Protection Regulation (GDPR), the United Kingdom GDPR, the California Consumer Privacy Act (CCPA) and CPRA, and equivalent data-protection regimes that apply where the reader resides. Cross-border readers receive the protection of whichever framework is most favourable on a given right.
What personal data does the platform collect?
Personal data collection is limited to what is necessary to operate the site, answer contact requests, and maintain editorial integrity. Five categories are processed.
- Account data: where a reader registers, the platform stores email address, hashed password, account-creation date, and basic profile information voluntarily provided.
- Contact correspondence: messages sent to [email protected], including the sender's email address, the message body, attachments, and any subsequent reply thread.
- User-submitted content: reviews, comments, ratings, or feedback voluntarily posted under a registered account, including the timestamp and the linked account identifier.
- Technical and log data: IP address, browser user-agent, device type, referring URL, request timestamps, error codes, and similar server-log fields automatically generated by the web server.
- Cookie and analytics data: cookie identifiers, page-view events, session duration, and aggregate interaction signals (see the cookies section below).
Sensitive-category personal data (health, biometric, racial origin, political opinion, religion, sexual orientation, trade-union membership) is not collected. Government-issued identification documents are not collected; the platform is not a regulated broker and does not perform KYC.
Why is your data collected?
Each processing activity rests on a specific lawful basis. Where more than one basis can apply, the most protective basis for the reader is used.
- Performance of a contract (GDPR Article 6(1)(b)): processing of account data and user-submitted content where the reader has registered an account and uses the site's account features.
- Legitimate interest (GDPR Article 6(1)(f)): processing of contact correspondence for editorial integrity and audit, processing of technical log data for security and abuse prevention, and limited aggregate analytics to improve the site.
- Consent (GDPR Article 6(1)(a)): processing of non-essential cookies, analytics cookies that require opt-in under the applicable cookie rules, and any marketing communications.
- Legal obligation (GDPR Article 6(1)(c)): processing required to respond to lawful requests from regulators, courts, or competent authorities.
Who is your data shared with?
Personal data is not sold to third parties under any framework. Sharing is restricted to four limited recipient categories.
- Service-provider processors: hosting, email delivery, content delivery network, error monitoring, and analytics providers acting under a written data-processing agreement. Processors may only use the data to deliver the contracted service.
- Contextual ad networks: where display advertising is shown, the network may set its own cookies for ad selection and frequency capping. Cookie use is governed by consent and disclosed in the cookies section.
- Legal and regulatory recipients: where disclosure is required by a binding legal order, a regulator request under applicable law, or a court order in the relevant jurisdiction.
- Successor entity: where the operating entity is the subject of a merger, acquisition, or business transfer, personal data may transfer to the successor on the same terms as this policy.
Personal data is never shared with the brokers reviewed on the site. Editorial correspondence about a specific broker is not disclosed to that broker, and a reader's account activity is not visible to any broker.
How long is your data retained?
Retention is matched to the purpose of each processing activity. Default retention periods are listed below; longer retention may apply where a legal hold, an unresolved dispute, or a binding regulator request requires it.
| Data category | Default retention | Trigger to delete |
|---|---|---|
| Account data | While account is active + 12 months | Account closure or deletion request |
| Contact correspondence | Up to 24 months | Closure of the editorial matter or deletion request |
| User-submitted reviews and comments | While account exists or until deletion request | Deletion request or account closure |
| Technical and log data | Up to 90 days | Automatic rotation |
| Analytics cookies | Up to 13 months | Cookie expiry or consent withdrawal |
What cookies and analytics does the site use?
Cookies fall into three functional categories, and each category is governed by a separate consent state where applicable law requires opt-in.
- Strictly necessary cookies: required to load the site, hold the language selection, maintain a logged-in session, and remember consent choices. No consent is required for this category under standard cookie rules.
- Analytics cookies: used to measure aggregate page views, session duration, and navigation paths. Identifiable user profiles are not built. Where applicable law requires opt-in, these cookies are loaded only after consent is given.
- Advertising cookies: set by contextual ad networks where display advertising is shown. These cookies enable ad selection and frequency capping, do not pass personal account data to advertisers, and require opt-in where applicable law applies.
A consent banner is displayed on first visit where the applicable jurisdiction requires it. Consent can be reviewed, changed, or withdrawn at any time from the cookie settings link in the footer.
What data-protection rights do you have?
The rights below apply to every reader; the exact name and scope of each right depends on the data-protection regime that applies in the reader's jurisdiction (GDPR, UK GDPR, CCPA, CPRA, or equivalent).
- Right of access: confirmation of whether personal data is being processed and a copy of that data.
- Right of rectification: correction of inaccurate or incomplete personal data.
- Right of erasure: deletion of personal data where the processing basis no longer applies.
- Right to restrict processing: pause processing while a dispute or accuracy claim is resolved.
- Right to data portability: receipt of personal data in a machine-readable format.
- Right to object: objection to processing carried out under legitimate interest, including profiling.
- Right to withdraw consent: withdrawal of consent for any processing that rests on consent, without affecting prior lawful processing.
- Right to lodge a complaint: complaint to the supervisory authority in the reader's country of residence or place of alleged infringement.
Requests are processed within the statutory window applicable in the requester's jurisdiction (commonly 30 days under GDPR Article 12). Send requests to [email protected] with a description of the right being exercised and, where reasonable, information that allows the request to be matched to the relevant account or correspondence.
How are international data transfers handled?
Personal data may be transferred to and processed in countries outside the reader's country of residence, including jurisdictions outside the European Economic Area and the United Kingdom. Where personal data leaves a jurisdiction with a recognised adequacy decision, the transfer is governed by appropriate safeguards: Standard Contractual Clauses (EU SCCs and UK International Data Transfer Addendum), binding corporate rules where a processor operates them, or transfer-impact assessments documenting the legal protection in the destination country. The recipient list is limited to service-provider processors operating under written data-processing agreements.
How is your data secured?
Security measures are layered across the platform's hosting, application, and operational controls. Passwords are stored as one-way salted hashes; plain-text passwords are not stored, not logged, and not transmitted outside the authentication flow. Connections between the reader's browser and the site are encrypted using TLS. Administrative access to production data is restricted to named editorial-operations staff under role-based controls. Regular backups are encrypted at rest. No security control is infallible; readers should use strong, unique passwords and enable any account-protection features offered. Suspected security incidents can be reported to [email protected].
The FXSharp privacy standard
The privacy standard reduces to a small set of operating rules: personal data is collected only where necessary to operate the site or answer contact requests, never sold, never shared with reviewed brokers, retained only as long as the purpose requires, secured under standard hosting and application controls, and made available to the reader on request under the applicable data-protection regime. Cookies are governed by category with opt-in where the law requires it. Cross-border transfers use Standard Contractual Clauses or equivalent safeguards. The data controller is the operator of FXSharp at [email protected], and every data-subject request, complaint, security report, or consent change goes to that single inbox.
This page documents privacy practices and is not investment advice, broker recommendation, or solicitation. Trading forex and CFDs carries high risk; between 74% and 89% of retail investor accounts lose money when trading CFDs, according to disclosures published by tier-1 regulated brokers. Verify any regulatory or licensing claim directly on the relevant regulator's official register before opening or funding a broker account.
Frequently Asked Questions
Does FXSharp sell my personal data?
No. Personal data is not sold under any data-protection framework, including the California Consumer Privacy Act definition of "sale" and the GDPR concept of disclosure for value. Sharing is limited to service-provider processors acting under written data-processing agreements, contextual ad networks under cookie consent, lawful regulatory or court orders, and successor entities in a business transfer. Reviewed brokers do not receive reader data.
How do I request a copy or deletion of my data?
Send the request to [email protected], identify the right being exercised (access, rectification, erasure, portability, restriction, objection, consent withdrawal), and provide enough information to match the request to the relevant account or correspondence. Requests are processed within the statutory window applicable in your jurisdiction (commonly 30 days under GDPR Article 12 and equivalent regimes).
What cookies does the site set?
Three cookie categories may be set: strictly necessary cookies (no consent required), analytics cookies (opt-in where applicable law requires it), and advertising cookies set by contextual ad networks (opt-in where applicable law requires it). Consent can be reviewed, changed, or withdrawn from the cookie settings link in the footer. The strictly necessary category is required to load the site and hold language and session state.
Where is my data stored, and does it leave my country?
Data may be processed in jurisdictions outside the reader's country of residence, including jurisdictions outside the European Economic Area and the United Kingdom. International transfers are protected by Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent safeguards depending on the destination. The recipient list is limited to service-provider processors under written data-processing agreements.
How do I file a complaint about how my data is handled?
Complaints can be raised directly with the platform at [email protected], and a substantive response is provided within the statutory window. Independent of any complaint to the platform, readers in the European Union, the European Economic Area, the United Kingdom, and equivalent regimes have the right to lodge a complaint with the supervisory authority in the country of residence, the country of work, or the country of the alleged infringement.