Privacy Policy

Keeping client information secure and respecting privacy is very important at Exness. This policy comprehensively explains what data we gather, why we need it, how we utilize it appropriately, and the robust controls in place for protecting sensitive information entrusted to us.

We want to be completely transparent on our practices so you can feel informed and confident on how account details and personal information gets properly handled from our end as a trusted partner. This policy covers our current protocols but may get updated periodically to reflect the latest privacy standards we adhere to.

What Personal Data We Gather and Why

Essential Account Details

To legally open real-money trading accounts and meet Know Your Customer (KYC) identification rules across regions Exness is regulated in, certain core personal details must be gathered including:

  • Full legal name matching your government ID
  • Physical home address for verification
  • Contact information such as email and phone number for account notifications
  • Date of birth and ID issuance/expiry documentation

Beyond these mandatory identifiers required in all scenarios, we additionally request:

Payment Information

Necessary payment data such as bank account numbers, routing numbers or partial card details are gathered strictly for enabling deposits and withdrawals at your request. This sensitive information is encrypted and only briefly accessed under two-factor authentication by the payment processing team to fulfill requests.

Supplemental Profile Preferences

On an optional basis within platform settings, you can choose to provide supplemental data such as customized interface preferences or language translation defaults to enhance your account experience as desired. Any non-essential information offered is used expressly for providing more personalized, trader-centric support; never any external purpose. You retain full rights to update or remove any elective information at any time.

Site Traffic Analytics

To help improve platform interfaces, site experiences and related service delivery matching modern demands, our websites and account portals automatically gather certain aggregated usage analytics covering aspects like:

  • Browser types and device operating systems connecting to our domains
  • Specific webpages visited within our sites
  • Click-based navigation sequences and actions taken during site sessions
  • Sources of web traffic and queries bringing visitors onto our domains
  • Average session duration for gauging content engagement

This is all anonymized data focused exclusively on understanding broad platform usage trends rather than tracking individual behaviors. The insights derived help us spot popular flows to optimize, diagnose issues proactively, and continuously tailor platform experiences around how contemporary traders access our tools.

How Personal Data Gets Used

Our guiding principle is to limit usage of provided data exclusively where essential to directly facilitate trading capabilities or meet compliance requirements related to monitoring financial transactions.

Required Account Identity Details such as full legal names, contact points and government-issued IDs are necessary for:

  • Verifying real trader identities and assessing qualification criteria for financial products
  • Validating account ownership for security
  • Screening against global watchlists to prevent financial crime
  • Allowing compliant order processing in regulated jurisdictions we operate in
  • Streamlining ongoing account administration and notifications

Without gathering regulated proofs of trader identities, we simply could not legally conduct financial transactions, clear trades or maintain accounts.

Anonymous Website Analytics on the other hand allow us to analyze adoption rates for new tools, catch bugs early, refine designs based on usage volumes and ultimately enhance self-service experiences. By understanding general activity trends, we can better meet collective client needs.

Multilayered Security Controls Protecting Information

Shielding collected personal information under stringent safeguards and access policies represents a foundational commitment for us. Maintaining robust security and confidentiality around sensitive client data is mandatory for retaining licenses to operate in regions under financial oversight. Core controls include:

Secured Storage Infrastructure

Account details, submitted documentation and associated trader information are stored exclusively within our private global cloud network guarded by isolated permissions. Minimal data access is granted only to select personnel required for handling sensitive materials to directly enable trading operations. Access requests trigger dual authentication checks before granting.

Advanced Technical Security Controls 

All internal tools and external-facing websites adhere to rigorous enterprise-grade security standards including:

  • End-to-end encrypted connections using regularly updated TLS protocols
  • Mandatory multi-factor authentication enacted on all account and staff login points
  • Automated vulnerability identification enabling rapid response protocols
  • Ongoing penetration testing conducted by reputed information security partners

Strict Confidentiality Rules

Beyond robust technical controls, we enforce stringent internal data handling policies ensuring access to any provided information including submitted account details and preferences remains extremely limited. This is granted exclusively on a need-to-know basis to personnel requiring visibility to deliver core trading functionality and operations – but never sales or marketing purposes without explicit trader consent. Staff face harsh penalties for unauthorized access attempts under our zero tolerance compliance regime.

Information Sharing Protocols

We will never share, sell or distribute personal client information to external third parties for promotional or commercial reasons unless you expressly permit certain usage to expand financial services offerings from our ecosystem.

In select cases trusted partners play important roles in supporting internal tools, features and account services. Prior to enabling any potential information access, these relationships undergo stringent reviews including audits of technical infrastructure, data handling policies, access controls and staff screening procedures specifically evaluating privacy protocols and regulatory alignment related to sensitive materials.

Upon request, we readily provide added visibility into specific providers’ privacy qualifications concerning any potential interaction with underlying trader data as it relates to external services supporting internal platforms. Core integrations are limited only to what is necessary for delivering a smooth, secure account experience.

Exercising Your Data Rights

Depending on the jurisdiction of residence, clients may enjoy certain rights empowering greater visibility or control over personally identifiable information held by financial services institutions. For example, General Data Protection Regulation (GDPR) protocols adopted by the European Union clearly define expanded rights around personal data.

As a global firm working across many regions both covered by such frameworks and outside their scope, we take a comprehensive approach upholding principles universally to ensure consistency:

Reviewing Any Retained Personal Data 

Regardless of jurisdiction, we respect client rights to understand precisely what non-sensitive information is retained pertaining to your account history and interactions. After verifying identity, traders can request abbreviated records excluding confidential materials from compliance audits and background checks. We simply need to ensure proper authority for releasing non-public account holder information.

Updating or Correcting Existing Data 

If any non-critical information on file such as contact emails, phone numbers or personal preferences becomes outdated or inaccurate, submit correction requests with supporting details that will be validated and updated internally by relevant teams.

Deleting Any Non-Essential Information

Any optional supplemental data provided solely for receiving additional communications can also be erased per specified preferences.

For any personal data inquiries submitted, identities are validated before making adjustments or releasing records containing existing information. The majority of requests get addressed within 30 days after initial submission.

Please reach out directly with the privacy team if any outstanding questions related to current data holdings so we can walk through next steps for greater visibility or communicating changes based on eligibility.

Withdraw profits instantly
Fast withdrawals up to 1 hour at Exness.