How account, payment, and security data is handled.

What is collected

• Name, email address, password hash, and M-Pesa phone number for account access and payments.
• Trading records, wallet activity, bot settings, support messages, and referral relationships needed to run the service.
• IP address, device/browser data, and security events used to detect fraud, abuse, and unauthorized access.

Why it is used

• Phone number: deposit and withdrawal processing, including M-Pesa payout routing.
• Email: login, account notices, verification, and support follow-up.
• IP and device details: fraud monitoring, duplicate-account checks, rate limits, and audit trails.
• Trading and wallet history: order execution, dispute review, tax/accounting, and platform risk management.

Data minimization and sharing

Only information required for account operation, payments, security, support, and lawful recordkeeping is collected. Data may be shared with payment providers, infrastructure vendors, market-data providers, regulators, or investigators only where needed to run the service, prevent fraud, or meet a legal obligation.

Security safeguards

• Passwords are stored as secure hashes and payment secrets are stored using encrypted application settings.
• Rate limiting, admin access controls, audit logs, and payout workflow controls are used to reduce abuse and unauthorized access.
• Production traffic should run over HTTPS, and response-security headers are applied by the application.