← Back to Home
Legal

Privacy Policy

Last updated:
12 min read Last reviewed by legal team: March 2026
Summary (TL;DR)
  • We collect account info, trading activity, and technical data -- never credit card numbers (handled by Stripe)
  • Your data is used for service operation, billing, and security -- we do not sell data to third parties
  • We protect data with HTTPS, PBKDF2 password hashing, and Cloudflare edge security
  • You can access, correct, export, or delete your personal data at any time
  • We comply with Colombian data protection law (Ley 1581 de 2012), the EU General Data Protection Regulation (GDPR), and international best practices
What We Collect
Account info, trading activity, technical data, and payment preferences
How We Use It
Service operation, billing, security, communications, and legal compliance
How We Protect It
HTTPS encryption, PBKDF2 password hashing, Cloudflare edge security

This Privacy Policy describes how InstantCopyTraders ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our platform. We are committed to protecting your privacy in accordance with Colombian data protection law (Ley 1581 de 2012 and Decreto 1377 de 2013), the EU General Data Protection Regulation (GDPR) where applicable, and international best practices.

1.1 Information You Provide

  • Account Information: Name, email address, password (stored as a hashed value), and role selection (Trader or Copier).
  • Trader Profile: Display name, bio, trading instruments, performance fee percentage, and minimum investment requirements.
  • Payment Information: Payment method preferences. Card and bank details are processed directly by Stripe and are never stored on our servers.
  • Communications: Messages you send to our support team or through the platform.

1.2 Information Collected Automatically

  • Technical Data: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage Data: Pages visited, features used, time spent on the platform, and referral sources.
  • Trading Activity: Trades executed, positions opened, performance metrics, and subscription history.
  • API Usage: API key usage patterns, request frequency, and endpoints accessed.

1.3 Cookies and Similar Technologies

We use essential cookies and browser storage (localStorage, sessionStorage) to maintain your session and authentication state. Under GDPR, these technologies are treated equivalently to cookies. We do not use third-party advertising cookies or tracking pixels. Our storage includes:

  • Authentication Token: Stored in localStorage or sessionStorage (depending on "Remember Me" preference) to maintain your login session.
  • User Profile Cache: Cached locally to improve page load performance. Removed on logout.
  • Cookie Consent Choice: Records your acceptance or decline of non-essential cookies.
  • Preferences: Theme (light/dark mode), notification settings (sound, desktop, toast), and display preferences.
  • UI State: Dismissed banners, onboarding progress, and tour completion flags. Removed on logout.
  • UTM Parameters: Referral source data from URLs, stored in sessionStorage for the current browsing session only.

For a complete list, see our Cookie Policy.

We use your personal data for the following purposes:

  • Service Operation: To create and manage your account, process trades, execute copy trading functionality, and maintain the platform.
  • Billing: To calculate performance fees, generate invoices, process payments, and manage subscription billing cycles.
  • Security: To detect fraud, prevent abuse (including multi-account detection via IP tracking), and protect the integrity of the platform.
  • Communication: To send you invoices, payment reminders, service updates, and respond to support requests.
  • Platform Improvement: To analyze usage patterns (in aggregate) and improve the platform's features and performance.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Under Colombian law (Ley 1581 de 2012), we process your data based on:

  • Consent: You provide consent when creating your account and agreeing to our Terms of Service.
  • Contractual Necessity: Processing is necessary to fulfill our contractual obligations (e.g., trade execution, billing).
  • Legitimate Interest: Processing for fraud prevention, security, and platform improvement.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

We implement robust security measures to protect your personal data:

  • Encryption: All data is transmitted over HTTPS/TLS encryption. Sensitive data is encrypted at rest.
  • Password Security: Passwords are hashed using PBKDF2 with unique salts and are never stored in plain text.
  • API Key Security: API keys are generated using cryptographically secure random values.
  • Infrastructure: Our platform runs on Cloudflare's global edge network, benefiting from their enterprise-grade security, DDoS protection, and web application firewall.
  • Access Controls: Internal access to user data is restricted to authorized personnel on a need-to-know basis.

While we take all reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

Key Commitment

We do not sell, rent, or trade your personal data. Data is shared only with payment processors (Stripe) and when required by law.

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

  • Payment Processors: We share necessary billing information with Stripe for payment processing. Stripe's privacy policy governs their handling of your data.
  • Public Trader Profiles: If you register as a Trader, your display name, bio, instruments, fee percentage, and performance statistics (return, win rate, trade count, copiers) are publicly visible on the marketplace. This is by design and essential to the platform's transparency model.
  • Aggregate Analytics: We may share aggregated, anonymized statistics (e.g., total platform volume, average win rates) that cannot identify individual users.
  • Legal Requirements: We may disclose data if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, safety, or the rights of others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. Users will be notified of any such transfer.

To protect the integrity of the platform and prevent abuse, we implement the following measures:

  • IP Tracking: We log IP addresses associated with account activity to detect multi-account abuse and unauthorized access.
  • Email Verification: We verify email addresses to prevent fake account creation.
  • Device Fingerprinting: We may use device characteristics to detect suspicious activity patterns.
  • Rate Limiting: API requests are rate-limited to prevent abuse.

We retain your data for the following periods:

  • Account Data: Retained for the duration of your active account plus 5 years after account closure for legal and tax compliance.
  • Trading History: Trade and position records are retained for 7 years for audit and compliance purposes.
  • Billing Records: Invoices and payment records are retained for 7 years as required by Colombian tax law.
  • Security Logs: IP addresses and access logs are retained for 12 months.
  • Communications: Support correspondence is retained for 3 years.

Our platform operates on Cloudflare's global infrastructure, which means your data may be processed in countries outside of Colombia. We ensure that any such transfers comply with applicable data protection laws and that appropriate safeguards are in place, including contractual obligations on our service providers to protect your data.

Your Data Rights

You can access, correct, export, or delete your personal data at any time. Contact privacy@instantcopytraders.com and we will respond within 15 business days.

Under Colombian data protection law (Ley 1581 de 2012), you have the following rights:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right of Rectification: You may request correction of inaccurate or incomplete data.
  • Right of Deletion: You may request deletion of your personal data, subject to legal retention requirements and outstanding fee obligations.
  • Right to Revoke Consent: You may revoke your consent to data processing at any time, which may result in the inability to use certain platform features.
  • Right to File Complaints: You may file a complaint with the Superintendencia de Industria y Comercio (SIC) if you believe your data rights have been violated.

To exercise any of these rights, contact us at privacy@instantcopytraders.com. We will respond to your request within 15 business days as required by Colombian law.

The InstantCopyTraders platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take immediate steps to delete such data.

Our platform may contain links to third-party websites (e.g., brokers, payment providers). We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email at least 14 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

For all privacy-related inquiries and to exercise your data rights, please contact:

Email: privacy@instantcopytraders.com

Subject Line: "Data Protection Request"

Response Time: Within 15 business days

EU/EEA Users

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR). This section supplements the rest of this Privacy Policy.

14.1 Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): You have the right to obtain confirmation as to whether your personal data is being processed, and to request a copy of that data in a structured, commonly used, and machine-readable format.
  • Right to Rectification (Article 16): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
  • Right to Erasure / Right to Be Forgotten (Article 17): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when the data has been unlawfully processed. This right is subject to legal retention obligations (e.g., tax and financial record-keeping requirements).
  • Right to Restrict Processing (Article 18): You have the right to request the restriction of processing of your personal data where you contest its accuracy, where the processing is unlawful, where we no longer need the data but you require it for legal claims, or where you have objected to processing pending verification.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV), and to transmit that data to another controller without hindrance.
  • Right to Object (Article 21): You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. Where you object, we will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
  • Right Not to Be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. Our platform does not currently make automated decisions of this nature; any risk scoring or fraud detection is subject to human review.

14.2 Legal Basis for Processing (GDPR)

Under the GDPR, we rely on the following legal bases for processing your personal data:

  • Consent (Article 6(1)(a)): Where you have given explicit consent, such as for marketing communications or optional analytics cookies. You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
  • Contractual Necessity (Article 6(1)(b)): Processing necessary for the performance of our contract with you, including account management, trade execution, copy trading services, billing, and invoicing.
  • Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate interests, including fraud prevention, platform security, abuse detection, and service improvement, where those interests are not overridden by your fundamental rights and freedoms.
  • Legal Obligation (Article 6(1)(c)): Processing required to comply with applicable legal obligations, including tax record-keeping, anti-money laundering regulations, and responding to lawful requests from authorities.

14.3 International Data Transfers

Your personal data may be transferred to and processed in countries outside the EU/EEA, including the United States and other jurisdictions where Cloudflare operates infrastructure. To ensure adequate protection for such transfers, we rely on the following safeguards:

  • Standard Contractual Clauses (SCCs): We enter into EU-approved Standard Contractual Clauses with our service providers (including Cloudflare and Stripe) to ensure contractual safeguards for data transferred outside the EU/EEA.
  • Adequacy Decisions: Where applicable, we transfer data to countries that the European Commission has determined provide an adequate level of data protection.
  • Supplementary Measures: We implement additional technical and organizational measures, including encryption in transit and at rest, access controls, and data minimization, to protect your data during international transfers.

You may request a copy of the applicable Standard Contractual Clauses by contacting our Data Protection Officer.

14.4 Data Retention Periods

Under GDPR, we retain personal data only for as long as necessary for the purposes for which it was collected. Specific retention periods by category:

  • Account Data (name, email, profile): Duration of active account plus 5 years after closure (contractual/legal obligation).
  • Trading History (trades, positions, performance): 7 years (financial audit and tax compliance).
  • Billing Records (invoices, payments, HWM data): 7 years (tax law compliance).
  • Security Logs (IP addresses, login attempts, access logs): 12 months (legitimate interest in fraud prevention).
  • Support Communications (messages, tickets): 3 years (contractual necessity and service quality).
  • Cookie Consent Records: Duration of consent validity or until withdrawal.
  • Marketing Preferences: Until consent is withdrawn or account is closed.

After the applicable retention period, personal data is securely deleted or anonymized so that it can no longer be associated with you.

14.5 How to Exercise Your Rights

To exercise any of your GDPR rights, please submit a request to our Data Protection Officer:

Data Protection Officer: privacy@instantcopytraders.com

Subject Line: "GDPR Data Request"

Response Time: Within 30 calendar days (per GDPR Article 12(3))

When submitting a request, please include sufficient information to verify your identity (e.g., your registered email address). If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act, providing reasons for the refusal. If we need additional time (up to an additional 60 days for complex requests), we will inform you within the initial 30-day period.

14.6 Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU/EEA Member State of your habitual residence, place of work, or place of the alleged infringement. A list of EU data protection authorities is available at edpb.europa.eu.

We encourage you to contact us first at privacy@instantcopytraders.com so we can address your concerns directly before you escalate to a supervisory authority.

Legal
Terms of Service Legal
Risk Disclosure Legal
AML Policy Legal
Cookie Policy