Your Privacy Matters

XA Markets Ltd ("XA Markets", "we", "us", or "our") is a company registered in the Union of Comoros with registration number HY00823026, having its registered office at Bonovo Road, Fomboni, Island of Mohéli, Comoros Union.

This Privacy Policy explains how we collect, process, store, and share personal data when you visit our website (www.xamarkets.com), open a trading account, or use any of our services. It also describes the rights you have under applicable data protection law.

By using our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our services immediately.

We collect personal data in several ways:

2.1 Information You Provide Directly

• Identity information: Full name, date of birth, nationality, government-issued ID (passport or national ID), proof of address.
• Contact information: Email address, phone number, residential and mailing address.
• Financial information: Source of funds, annual income, employment status, net worth, and trading experience.
• Account information: Username, password (hashed), trading account preferences, and communication preferences.
• Payment information: Bank account details, payment card details (processed by PCI-DSS compliant third-party providers — we do not store full card numbers).

2.2 Information Collected Automatically

• Technical data: IP address, browser type and version, device identifiers, operating system, and time zone.
• Usage data: Pages visited, links clicked, features used, search queries, session duration, and referring URLs.
• Trading data: Transaction history, order history, position sizes, account balances, and login timestamps.

2.3 Information from Third Parties

• Identity verification agencies (KYC/AML checks).
• Credit reference agencies.
• Fraud prevention services.
• Partner introducing brokers (where applicable).

We use your personal data for the following purposes:

• Account management: Opening, maintaining, and closing your trading account.
• KYC / AML compliance: Verifying your identity as required by anti-money laundering regulations.
• Trade execution: Processing your instructions, orders, and transactions on the trading platform.
• Customer support: Responding to your enquiries, complaints, and requests.
• Risk management: Monitoring for suspicious activity, fraud prevention, and security incident response.
• Marketing communications: Sending relevant product updates, market insights, and promotional material (where you have opted in, or where we have a legitimate interest and you have not opted out).
• Legal & regulatory obligations: Complying with applicable laws, regulations, court orders, and regulatory requests.
• Service improvement: Analysing how our platform and website are used to improve functionality and user experience.

Under applicable data protection regulations, we rely on the following lawful bases:

• Contract performance: Processing necessary to fulfil the agreement between you and XA Markets (e.g., executing trades, managing your account).
• Legal obligation: Processing required to comply with our regulatory and legal obligations (e.g., AML/KYC, tax reporting).
• Legitimate interests: Processing for our legitimate business interests, such as fraud prevention, network security, and service improvement, where such interests are not overridden by your data protection rights.
• Consent: Where you have given us explicit consent (e.g., marketing communications). You may withdraw consent at any time by contacting us or using the unsubscribe link in emails.

We do not sell your personal data. We may share your information with:

• Service providers: KYC/identity verification providers, payment processors, IT infrastructure providers, email and communication platforms, and analytics services — all bound by data processing agreements.
• Regulatory and law enforcement bodies: When required by applicable law, court order, or governmental authority.
• Liquidity providers and counterparties: For trade execution purposes (anonymised where possible).
• Introducing brokers and partners: Where you have been referred to us through a partnership arrangement and disclosure is necessary for account management.
• Professional advisors: Lawyers, auditors, and accountants under obligations of confidentiality.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquirer, subject to equivalent data protection obligations.

We use cookies and similar tracking technologies on our website. Cookies are small text files placed on your device to help us deliver a better experience.

Types of cookies we use:

• Essential cookies: Required for the website to function (e.g., session management, login state).
• Performance cookies: Collect anonymous data about website usage to help us improve (e.g., Google Analytics).
• Functional cookies: Remember your preferences such as language and region settings.
• Marketing cookies: Track your browsing behaviour to deliver relevant advertising (only with your consent).

You can control cookies through your browser settings or via the consent banner on our website. Disabling certain cookies may affect your experience.

We implement robust technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• 256-bit SSL/TLS encryption for all data in transit.
• Encrypted storage of sensitive data at rest.
• Role-based access controls — staff access data only on a need-to-know basis.
• Regular penetration testing and security audits.
• Multi-factor authentication for internal systems.
• Incident response procedures for data breaches.

In the event of a data breach that poses a high risk to your rights, we will notify you and the relevant supervisory authority as required by applicable law.

We retain your personal data for as long as necessary to fulfil the purposes described in this policy and to comply with our legal obligations. Specific retention periods include:

• Account data: Retained for the duration of your account and for at least 5 years after account closure (in line with AML regulations).
• Transaction records: Retained for at least 5–7 years following the transaction date.
• Communication records: Retained for up to 5 years.
• Marketing preferences: Until you opt out or withdraw consent.

After the applicable retention period, we securely delete or anonymise your data.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you.
• Right to rectification: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your data in certain circumstances.
• Right to restrict processing: Request that we limit how we use your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us at support@xamarkets.com. We will respond within 30 days. We may need to verify your identity before processing your request.

XA Markets operates internationally. Your personal data may be transferred to and processed in countries outside your jurisdiction, including countries that may not offer the same level of data protection as your home country.

Where we transfer data internationally, we put in place appropriate safeguards such as standard contractual clauses, data processing agreements, or rely on recognised adequacy decisions. We ensure that all transfers comply with applicable data protection laws.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date.

We encourage you to review this policy periodically. Continued use of our services after changes have been posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: