Privacy Policy

Yo Forex (hereinafter “the Provider”), operating the domain tradecopier.org, hereby promulgates this Privacy and Data Protection Codex (hereinafter “the Codex”) in fulfilment of its commitment to the responsible stewardship of personal data entrusted to it by its users (hereinafter “the Data Subjects” or “Licensees”).

This Codex governs the collection, processing, storage, transmission, and ultimate disposition of all personal and non-personal data received by the Provider in the course of operating the Platform. By accessing or utilizing the Service in any capacity, the Data Subject acknowledges having read, understood, and irrevocably consented to the data practices described herein.

The Provider operates as a pure software technology facilitator and does not engage in the management of client funds, provision of investment advice, or execution of trades on behalf of its Data Subjects. Data collected is utilized exclusively in furtherance of the Service’s operational mandate.

Section 2.1 — Voluntarily Transmitted Data

In the course of registration, subscription activation, or correspondence with the Provider, the Data Subject may voluntarily transmit the following categories of personal information:

• Full legal name and primary electronic mail address;
• Payment instrument details — processed exclusively by third-party payment processors; the Provider retains no record of card numbers or banking credentials;
• Brokerage account identifiers, API keys, and terminal credentials required to establish a connection with the Service;
• Support communications, queries, and associated correspondence.

Section 2.2 — Automatically Harvested Data

Upon visitation of the Provider’s domain, certain technical data is automatically captured by the Provider’s infrastructure, including:

• Internet Protocol (IP) address and derived approximate geolocation data;
• Browser type, version, and rendering engine specifications;
• Pages accessed, session duration, and navigational pathways within the Platform;
• Referring uniform resource locators (URLs) and device classification data.

Section 2.3 — Third-Party Platform Integration Data

Where the Data Subject elects to connect the Service to a supported brokerage terminal (including MetaTrader 4, MetaTrader 5, cTrader, DXTrade, TradeLocker, Match-Trader, VertexFX, or NinjaTrader), the Provider receives limited trading account data — encompassing account balance metrics, open position records, and transactional history — solely and exclusively for the purpose of executing the trade replication function. Such data is not employed for any ancillary commercial purpose.

The Provider processes personal data solely for the following delineated purposes, and undertakes not to utilize such data for any purpose inconsistent therewith:

• Provision, maintenance, and operational integrity of the Service;
• Processing of subscription remittances and administration of billing accounts;
• Dispatch of transactional electronic communications — including account activation notices, billing confirmations, and system alerts;
• Resolution of customer support enquiries and technical assistance requests;
• Monitoring and enhancement of Platform performance, stability, and security posture;
• Detection, investigation, and prevention of fraudulent, abusive, or unauthorized use of the Service;
• Compliance with applicable legal obligations and regulatory directives.

The Provider solemnly affirms that it does not sell, lease, barter, or otherwise commercially transfer the personal data of its Data Subjects to third parties for marketing, advertising, or profiling purposes.

The Provider processes personal data upon one or more of the following legally recognized grounds:

• Contractual Necessity: Processing required to perform the Service subscribed to by the Data Subject;
• Legitimate Operational Interest: Processing necessary to maintain Platform security, prevent abuse, and ensure service continuity;
• Legal Obligation: Processing mandated by applicable law, including tax, accounting, and regulatory compliance requirements;
• Informed Consent: Where the Data Subject has explicitly and unambiguously consented to a specific processing activity.

Section 5.1 — Payment Processing Entities

Subscription remittances are processed by third-party payment facilitators operating under their own data protection frameworks. The Provider does not store, process, or retain full payment instrument credentials. The Data Subject is directed to review the applicable payment processor’s privacy documentation.

Section 5.2 — Cloud Infrastructure Custodians

The Provider hosts its Service upon dedicated cloud server infrastructure. Personal data may consequently be stored upon servers geographically situated outside the Data Subject’s country of domicile. The Provider ensures that appropriate contractual and technical safeguards govern any such cross-border data transmission.

Section 5.3 — Competent Legal Authorities

The Provider may disclose personal data to governmental authorities, regulatory bodies, or courts of competent jurisdiction where compelled to do so by law, judicial order, or valid regulatory directive. The Provider shall notify the Data Subject of such disclosure where legally permitted to do so.

Section 5.4 — Corporate Succession Events

In the event of a merger, acquisition, restructuring, or disposition of assets, the Data Subject’s personal data may be transferred to the succeeding commercial entity, subject to equivalent data protection obligations as those contained herein.

The Provider retains personal data for no longer than is necessary to fulfil the purposes for which it was collected, subject to the following retention schedules:

• Account and profile data: Deleted or anonymized within ninety (90) days of account termination;
• Payment and transactional records: Retained for a period of seven (7) years in fulfilment of applicable fiscal and accounting obligations;
• Support correspondence and technical logs: Retained for a period of two (2) years from the date of origination.

Upon expiration of the applicable retention period, personal data shall be securely deleted or rendered permanently anonymous in accordance with industry-standard data destruction protocols.

The Provider’s domain employs cookies and analogous tracking technologies to facilitate operational continuity and analytical intelligence. Cookies constitute small textual data files deposited upon the Data Subject’s terminal device.

The Provider deploys the following classifications of cookies:

• Essential Operational Cookies: Indispensable for the authentication, session management, and core functionality of the Platform dashboard;
• Analytical Intelligence Cookies: Employed to derive aggregate insights regarding user interaction patterns, page performance, and navigational behaviour;
• Preference Persistence Cookies: Deployed to retain the Data Subject’s configuration selections and user interface preferences across sessions.

The Data Subject retains the right to manage cookie preferences through their browser’s configuration settings. Disabling essential cookies may impair the functional integrity of the Service.

The Provider implements a comprehensive array of technical and organizational security measures designed to protect personal data against unauthorized access, accidental loss, destruction, alteration, or disclosure. These measures include:

• Encrypted data transmission via Transport Layer Security (TLS/HTTPS) protocols;
• Secure cryptographic storage of API credentials, authentication tokens, and account secrets;
• Granular access controls restricting data access to authorized personnel on a need-to-know basis;
• Periodic security audits and vulnerability assessments of the Provider’s infrastructure.

Notwithstanding the foregoing, the Provider acknowledges that no method of electronic transmission or digital storage is infallible. Absolute security cannot be guaranteed, and the Provider disclaims liability for breaches attributable to circumstances beyond its reasonable operational control.

Subject to applicable legal limitations, the Data Subject is vested with the following rights with respect to their personal data held by the Provider:

• Right of Access: To obtain confirmation of and access to personal data held by the Provider;
• Right of Rectification: To request correction of inaccurate or incomplete personal data;
• Right of Erasure: To request permanent deletion of personal data, subject to legal retention obligations;
• Right to Withdraw Consent: To revoke any previously granted consent to data processing, without prejudice to the lawfulness of prior processing;
• Right to Data Portability: To receive personal data in a structured, machine-readable format for transmission to another data controller.

Requests for the exercise of the foregoing rights shall be directed to support@yoforex.net. The Provider undertakes to respond within thirty (30) calendar days of receipt of a valid and verifiable request.

The Service is not directed toward, marketed to, or intended for use by individuals below the age of eighteen (18) years. The Provider does not knowingly collect, process, or retain personal data pertaining to minors.

Should the Provider become aware that personal data of a minor has been submitted to the Platform without appropriate parental or guardian consent, such data shall be deleted forthwith. Data Subjects who believe a minor’s information has been inadvertently processed are directed to notify the Provider at support@yoforex.net without delay.

The Provider’s domain may contain hyperlinks directing the Data Subject to third-party websites, brokerage platforms, or partner services operating independently of the Provider’s operational and data protection framework. The Provider expressly disclaims responsibility for the data practices, security posture, or privacy policies of such external domains.

The Data Subject is strongly encouraged to review the privacy documentation of any third-party platform prior to submitting personal information thereto.

The Provider reserves the right to amend, revise, or supplement this Codex at any time, at its sole discretion. Material revisions shall be communicated to Data Subjects via electronic notice or prominent publication upon the Platform, accompanied by an updated effective date.

Continued use of the Service following the publication of any amendment shall constitute the Data Subject’s irrevocable acceptance of the revised Codex in its entirety.

This Codex shall be construed, interpreted, and enforced in accordance with the laws of the jurisdiction in which the Provider is incorporated and primarily operates, without regard to conflict of law principles. Any dispute arising from or in connection with this Codex shall be subject to the exclusive jurisdiction of the competent courts of the Provider’s principal place of business.

All enquiries, subject access requests, and formal correspondence pertaining to this Codex shall be directed to the Provider’s designated data protection contact: