Privacy Policy

Effective date: 19 May 2026 | Controller: J Finley trading as Xzoneia Trading | Scottish Borders, Scotland, UK

This Privacy Policy explains how Xzoneia Trading ("we", "us", "our") collects, uses, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

We collect the following personal data when you purchase or use XZ Trader:

Email address — provided at Stripe checkout, used to send your auth code and licence information
MT5 account number — collected automatically when the EA first connects to our licence server
Broker name — collected automatically when the EA connects, used for IB verification
IP address — logged each time the EA verifies your licence, for security purposes
EA version — logged with each licence check for support purposes
Payment information — processed directly by Stripe. We do not store card details. Stripe's privacy policy applies to payment data.
Stripe customer ID and subscription ID — stored to manage your subscription status

2. Legal Basis for Processing

Contract performance — processing your email, MT5 account number, and subscription data is necessary to deliver the Software and manage your licence
Legitimate interests — logging IP addresses and EA versions to detect fraud, prevent abuse, and provide support
Legal obligation — retaining transaction records as required by UK tax law

3. How We Use Your Data

To deliver your auth code and EA download link after purchase
To verify your licence each time the EA connects to our server
To manage your subscription — renewals, cancellations, payment failure notifications
To provide customer support
To detect and prevent fraud, chargebacks, and licence abuse
To send renewal reminder emails as required by UK law for subscriptions of 6 months or longer

We do not sell your data. We do not use your data for marketing unless you have separately opted in.

4. Data Sharing

We share your data only with the following third parties, strictly as necessary to operate the service:

Stripe — payment processing and subscription management. Stripe is a data processor acting on our instructions. See Stripe's Privacy Policy.
Mailgun (Sinch) — transactional email delivery. Your email address is passed to Mailgun to send your auth code. See Mailgun's Privacy Policy.
Our VPS provider — our licence server runs on a virtual private server. Server logs may contain your IP address and MT5 account number.

We do not transfer your data outside the UK or EEA except where Stripe and Mailgun operate under appropriate safeguards (Standard Contractual Clauses).

5. Data Retention

Licence records — retained for the duration of your subscription plus 7 years (UK tax retention requirement)
Access logs — retained for 180 days, then archived or deleted
Email address — retained while your subscription is active and for 12 months after cancellation
Payment records — retained by Stripe in accordance with their data retention policies

6. Your Rights

Under UK GDPR you have the following rights:

Right of access — request a copy of the personal data we hold about you
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your data (subject to our legal retention obligations)
Right to restrict processing — request we limit how we use your data
Right to data portability — request your data in a machine-readable format
Right to object — object to processing based on legitimate interests

To exercise any of these rights, contact us at xzoneiatrading@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies

Our website uses minimal cookies. See our Cookie Policy for details.

8. Security

We implement appropriate technical and organisational measures to protect your personal data, including encrypted HTTPS connections, hashed admin passwords, two-factor authentication on admin systems, and restricted access to the licence database.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email. The current version is always available at xzoneia.co.uk/privacy.

10. Contact

Data controller: J Finley trading as Xzoneia Trading, Scottish Borders, Scotland, UK.
Email: xzoneiatrading@gmail.com
Telegram: @xzoneia