Privacy Policy Data Protection & Privacy Rights

1. Introduction

X9 Fintech Solutions FZC ("we", "us", "our", or "Company") operates the X9Trader platform and is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our services.

This policy applies to all users of the X9Trader platform, website, and related services. By using our services, you consent to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information necessary for our technology platform:

• Identity Information: Full name, email address, company information (for business users)
• Contact Information: Email address, phone number, business address
• Business Information: Company details, role, technical requirements
• Verification Documents: Business registration, authorized representative ID (for business accounts)
• Technical Information: Platform usage, integration requirements, API usage

2.2 Technical Information

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, clicks, platform feature interactions
• Cookies and Tracking: Session cookies, preference cookies, analytics cookies
• Location Data: Country and city-level location based on IP address

2.3 Platform Usage Data

• Platform features used and configuration settings
• API calls and integration activity
• Support requests and technical interactions
• Performance metrics and error logs

3. How We Use Your Information

3.1 Primary Purposes

• Account Management: Creating and maintaining your platform account
• Service Provision: Providing technology platform access and support
• Technical Support: Responding to technical inquiries and providing assistance
• Platform Security: Monitoring for security threats and unauthorized access
• Service Improvement: Enhancing platform features and performance

3.2 Secondary Purposes

• Marketing: Sending relevant technology updates and platform news (with consent)
• Analytics: Improving our technology services and user experience
• Security: Protecting against unauthorized access and cyber threats
• Legal Compliance: Meeting legal obligations under applicable data protection and technology regulations

4. Legal Basis for Processing

Under GDPR and other applicable privacy frameworks, we process your personal data based on the following legal grounds:

• Contractual Necessity: Processing required to provide technology services
• Legal Obligation: Compliance with data protection and technology regulations
• Legitimate Interest: Security, fraud prevention, and service improvement
• Consent: Marketing communications and optional features (withdrawable)

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share your information with trusted third parties who assist us in operating our platform:

• Technology Providers: For platform hosting and infrastructure
• Identity Verification: For business account verification services
• Cloud Services: For secure data storage and platform hosting
• Analytics Providers: For platform performance and user experience analysis
• Legal and Compliance: For legal advice and data protection compliance

5.2 Regulatory Disclosure

As a software technology company, our obligations to disclose user data to regulatory authorities are limited to our capacity as a technology data processor, not as a financial services entity. We may disclose your information to:

• Data protection and privacy regulatory authorities (such as the UAE Data Protection Authority, the UK Information Commissioner's Office, EU supervisory authorities, or the Office of the Privacy Commissioner of Canada), in our capacity as a technology data processor subject to applicable data protection law
• Law enforcement agencies, when legally required by applicable technology, data protection, or criminal law
• Courts and legal proceedings, when compelled by a valid court order or legal process

X9 Fintech Solutions FZC is not subject to the regulatory oversight of financial services authorities such as the SEC, FINRA, CFTC, IIROC, OSC, or equivalent bodies, and does not disclose user data to such authorities in the ordinary course of its operations as a software company.

6. Data Security and Protection

6.1 Security Measures

• Encryption: All data transmitted and stored using AES-256 encryption
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Regular Audits: Third-party security assessments and penetration testing
• Employee Training: Regular security awareness and data protection training

6.2 Data Breach Response

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours
• Report to relevant data protection supervisory authorities as required by applicable privacy law
• Take immediate steps to contain and remedy the breach
• Provide support and guidance to affected users

7. Data Retention

We retain your personal data for the following periods:

• Account Data: 3 years after account closure (business requirement)
• Usage Records: 2 years for service improvement and support
• Business Documents: 5 years after relationship termination (where required)
• Marketing Data: Until consent is withdrawn or 2 years of inactivity
• Technical Logs: 12 months for security and troubleshooting

After these periods, data is securely deleted or anonymized unless longer retention is required by applicable data protection or technology law.

8. Your Privacy Rights

8.1 GDPR Rights (EU Residents)

• Right to Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing or optional processing

8.2 CCPA Rights (California Residents)

California residents have the right to know what personal information is collected, to request deletion of personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising these rights.

8.3 PIPEDA Rights (Canadian Residents)

Canadian residents have the right to access their personal information held by us, to challenge the accuracy and completeness of their information, and to withdraw consent for the collection, use, or disclosure of their personal information, subject to legal and contractual restrictions.

8.4 How to Exercise Your Rights

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including:

• United Arab Emirates: Our primary data processing location
• European Union: For EU client data processing
• United States: For certain cloud services and analytics

All international transfers are protected by appropriate safeguards, including Standard Contractual Clauses, adequacy decisions, and equivalent mechanisms under applicable law including PIPEDA for transfers involving Canadian residents.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

10.1 Cookie Categories

• Essential Cookies: Required for platform functionality
• Performance Cookies: Help us improve our services
• Functional Cookies: Remember your preferences
• Marketing Cookies: Deliver relevant content (with consent)

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of any material changes by:

• Email notification to your registered email address
• Prominent notice on our platform
• In-app notification when you next log in

Changes will take effect 30 days after notification, except where immediate implementation is required by law.

13. Contact Information