Privacy

Privacy Policy

Last updated: April 2026. AutovestAI ("we", "us", "our") is committed to protecting the privacy of our clients and website visitors. This policy explains how we collect, use, store, and share your personal data.

1. Data We Collect

We collect the following categories of personal data:

  • Identity & KYC Data — Full name, date of birth, nationality, government-issued ID documents, proof of address, selfie verification images.
  • Contact Data — Email address, phone number, residential address.
  • Financial Data — Source of funds declarations, wallet addresses, bank account details, transaction history.
  • Trading Activity — Orders placed, positions opened/closed, profit and loss records, copy trading subscriptions.
  • Device & Technical Data — IP address, browser type and version, operating system, device identifiers, time zone, session duration, pages visited.
  • Communication Data — Support tickets, emails, and chat messages exchanged with our team.

2. Why We Collect Your Data

  • To verify your identity and comply with KYC/AML regulations.
  • To open, maintain, and administer your trading account.
  • To process deposits, withdrawals, and internal transfers.
  • To monitor trading activity for surveillance and risk management.
  • To provide customer support and resolve disputes.
  • To improve platform performance, security, and user experience.
  • To send important service communications (e.g., margin calls, compliance notices).
  • To comply with legal and regulatory obligations.

3. Legal Basis for Processing (GDPR)

  • Contractual necessity — To provide and manage your trading account and execute transactions.
  • Legal obligation — To comply with KYC, AML, tax reporting, and financial regulatory requirements.
  • Legitimate interest — To prevent fraud, improve our services, and ensure platform security.
  • Consent — For marketing communications and non-essential cookies (where applicable).

4. Data Storage & Security

Your personal data is stored on encrypted servers with access restricted to authorised personnel. We implement industry-standard security measures including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, and regular security audits.

5. Data Retention

  • Active accounts — Data is retained for the duration of the client relationship.
  • Closed accounts — Core account and transaction data is retained for a minimum of 5 years after account closure, or longer if required by applicable regulations.
  • KYC documents — Retained for at least 5 years after the end of the business relationship, in line with AML directives.
  • Technical logs — Retained for up to 12 months for security and troubleshooting purposes.

6. Third-Party Sharing

We may share your data with:

  • Payment processors — To facilitate deposits and withdrawals.
  • KYC/AML verification providers — To verify identity documents and screen against sanctions lists.
  • Cloud infrastructure providers — For secure data hosting and processing.
  • Regulatory authorities — When required by law or in response to a valid legal request.
  • Professional advisors — Legal, accounting, and audit firms acting on our behalf.

We do not sell your personal data to third parties. All third-party processors are bound by data processing agreements that require them to protect your data to the same standard we do.

7. Cookies

We use cookies and similar technologies for authentication, security, preference storage, and analytics. Essential cookies are required for the platform to function. Analytics and marketing cookies are only set with your consent where required by law. You can manage cookie preferences through your browser settings.

8. Your Rights

Under the GDPR and similar data protection regulations, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your data, subject to legal retention requirements.
  • Portability — Request your data in a structured, machine-readable format.
  • Restriction — Request that we limit processing of your data in certain circumstances.
  • Objection — Object to processing based on legitimate interests or direct marketing.
  • Withdraw consent — Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@autovestai.com. We will respond within 30 days.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or platform notification. Continued use of the platform after notification constitutes acceptance of the updated policy.