Privacy Policy — Quotex (QxBroker)

1. Introduction

This Privacy Policy describes how ON SPOT GROUP LLC ("Quotex," "we," "us," or "our"), the operator of the qxbroker.com trading platform, collects, uses, discloses, and safeguards your personal information when you visit our website, use our trading platform, or interact with our services.

By accessing or using the Quotex platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms outlined herein, you must discontinue use of our services immediately.

ON SPOT GROUP LLC is registered at Main Street, P.O. Box 625, Charlestown, St. Kitts and Nevis. We are committed to protecting the privacy and security of our users' personal data in accordance with applicable international data protection standards.

2. Information We Collect

2.1 Information You Provide Directly

When you register for an account, verify your identity, or use our services, we collect the following categories of personal data:

Registration data: Full name, email address, phone number, date of birth, country of residence, and chosen account currency.
Identity verification (KYC) documents: Government-issued identification (passport, national ID card, or driver's license), proof of address (utility bill, bank statement dated within 3 months), and payment method verification (card photos with sensitive information obscured).
Financial information: Deposit and withdrawal transaction records, payment method details (card numbers are tokenized and never stored in full), cryptocurrency wallet addresses, and e-wallet account identifiers.
Communication data: Support ticket contents, live chat transcripts, email correspondence, and any feedback or complaints you submit.
Trading preferences: Selected assets, chart settings, indicator configurations, and trading history.

2.2 Information Collected Automatically

When you access our platform, we automatically collect certain technical and usage data:

Device information: Device type, operating system and version, browser type and version, screen resolution, and device identifiers.
Network information: IP address, internet service provider, approximate geographic location derived from IP, and connection type.
Usage data: Pages visited, features used, time spent on the platform, click patterns, trading session durations, and navigation paths.
Performance data: Page load times, error logs, crash reports, and system diagnostics used to improve platform stability.

2.3 Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your experience and analyze platform usage. The following types of cookies are employed:

Cookie Type	Purpose	Duration	Required
Essential	Authentication, security, session management	Session / 30 days	Yes
Functional	Language preferences, chart settings, UI customization	1 year	No
Analytics	Usage statistics, performance monitoring, feature adoption	2 years	No
Marketing	Advertising effectiveness, partner attribution, retargeting	90 days	No

You may manage cookie preferences through your browser settings. Disabling essential cookies may impair platform functionality, including the ability to log in or execute trades.

3. How We Use Your Information

We process your personal data for the following purposes, each supported by a legitimate legal basis:

Account creation and management: To register your account, authenticate your identity, and provide access to trading services (contractual necessity).
Identity verification and fraud prevention: To comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations, detect fraudulent activity, and prevent unauthorized account access (legal obligation).
Transaction processing: To execute deposits, withdrawals, and internal fund transfers between your demo and real accounts (contractual necessity).
Platform improvement: To analyze usage patterns, diagnose technical issues, optimize performance, and develop new features (legitimate interest).
Communication: To respond to support inquiries, send account-related notifications (trade confirmations, security alerts, regulatory updates), and deliver promotional content where you have opted in (consent / legitimate interest).
Legal compliance: To meet regulatory reporting requirements, respond to lawful requests from governmental authorities, and enforce our Terms of Service (legal obligation).
Risk management: To assess trading risks, monitor for unusual account activity, and implement responsible trading safeguards (legitimate interest).

4. Data Sharing and Disclosure

We do not sell your personal information to third parties. We may share your data in the following limited circumstances:

Payment processors: Financial institutions and payment service providers who process your deposits and withdrawals. These parties receive only the minimum data necessary to complete transactions.
Identity verification providers: Third-party KYC/AML services that assist in verifying your identity documents and screening against sanctions lists.
Analytics providers: Aggregated and anonymized usage data may be shared with analytics services to improve platform performance. This data cannot be used to identify individual users.
Legal authorities: We may disclose personal data when required by law, court order, or regulatory directive, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Corporate transactions: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Encryption: All data transmitted between your device and our servers is encrypted using TLS 1.3 (256-bit encryption). Sensitive data at rest is encrypted using AES-256.
Access controls: Employee access to personal data is restricted on a need-to-know basis and protected by multi-factor authentication.
Infrastructure security: Our servers are hosted in SOC 2 compliant data centers with 24/7 monitoring, intrusion detection systems, and automated threat response.
Regular audits: We conduct periodic security assessments, penetration testing, and vulnerability scanning to identify and remediate potential weaknesses.
Incident response: We maintain a documented incident response plan. In the event of a data breach affecting your personal information, we will notify you and relevant authorities within 72 hours as required by applicable law.

6. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy, comply with legal obligations, and resolve disputes. Specific retention periods include:

Data Category	Retention Period	Basis
Account registration data	Duration of account + 5 years	AML/KYC regulations
Transaction records	7 years from transaction date	Financial record-keeping laws
KYC documents	5 years after account closure	AML compliance
Support communications	3 years	Dispute resolution
Usage/analytics data	2 years	Platform improvement
Marketing preferences	Until consent withdrawn	Consent

Upon expiration of the applicable retention period, personal data is securely deleted or irreversibly anonymized.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Right of access: Request a copy of the personal data we hold about you.
Right to rectification: Request correction of inaccurate or incomplete personal data.
Right to erasure: Request deletion of your personal data, subject to legal retention requirements.
Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
Right to data portability: Receive your personal data in a structured, machine-readable format.
Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact our Data Protection Officer at the address provided in Section 10. We will respond to valid requests within 30 days.

8. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. When such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses approved by relevant data protection authorities, to maintain a level of protection consistent with this policy.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will promptly terminate their account and delete associated personal data.

10. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Company: ON SPOT GROUP LLC
Address: Main Street, P.O. Box 625, Charlestown, St. Kitts and Nevis
Email: Available through the platform's support system

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be communicated via email notification or a prominent notice on the platform at least 14 days before taking effect. Continued use of our services after such changes constitutes acceptance of the revised policy. The "Last updated" date at the top of this page reflects the most recent revision.