Important: GCC Markets MCP is committed to protecting your privacy and handling your personal information transparently. This policy explains how we collect, use, and safeguard your data when you access our financial market data services.
1. Information We Collect
1.1 Account Information
When you create an account with GCC Markets MCP, we collect:
- Full name and business title
- Email address and phone number
- Company name and business address
- Professional credentials and regulatory licenses
- Payment information and billing details
1.2 Usage Data
We automatically collect information about how you use our services:
- API usage patterns and data requests
- Market data access logs and timestamps
- IP addresses and geographic location
- Device information and browser type
- Feature usage and performance metrics
1.3 Financial Data Interaction
We track your interaction with financial data for compliance purposes:
- Which exchanges and instruments you access
- Data download and redistribution activities
- Real-time vs. delayed data usage
- Compliance with license terms per exchange
2. How We Use Your Information
2.1 Service Provision
- Authenticate and authorize access to market data
- Enforce licensing terms and usage limits
- Provide customer support and technical assistance
- Process payments and manage subscriptions
2.2 Compliance and Legal Requirements
- Comply with exchange licensing agreements
- Generate usage reports for data vendors
- Respond to regulatory inquiries
- Prevent unauthorized data redistribution
2.3 Service Improvement
- Analyze usage patterns to improve our platform
- Develop new features and data offerings
- Optimize API performance and reliability
- Enhance security and fraud prevention
3. Information Sharing
3.1 Exchange Reporting
We share aggregated usage data with exchanges as required by our licensing agreements:
- Monthly usage statistics by client type
- Geographic distribution of data access
- Compliance with redistribution restrictions
- No personally identifiable information is shared unless legally required
3.2 Service Providers
We may share information with trusted service providers who assist us in:
- Payment processing (Stripe, banking partners)
- Cloud infrastructure (AWS, database providers)
- Customer support tools
- Security and monitoring services
3.3 Legal Requirements
We may disclose information when required by law or to:
- Comply with legal proceedings or court orders
- Respond to regulatory investigations
- Protect our rights and property
- Ensure compliance with exchange regulations
4. Data Security
4.1 Technical Safeguards
- End-to-end encryption for all data transmissions
- Secure API authentication with rotating keys
- Regular security audits and penetration testing
- Multi-factor authentication for admin access
4.2 Access Controls
- Role-based access to customer data
- IP allowlisting for administrative functions
- Audit logs for all data access
- Regular access reviews and deprovisioning
5. Data Retention
5.1 Account Data
We retain your account information for as long as your account is active plus:
- 7 years for financial and billing records
- 3 years for usage and access logs
- 90 days for API request logs
5.2 Compliance Requirements
Some data is retained longer due to regulatory requirements:
- Exchange usage reports: 7 years
- Compliance audit trails: 5 years
- Security incident logs: 3 years
6. Your Rights
6.1 Access and Portability
You have the right to:
- Access your personal data we hold
- Export your usage data and settings
- Receive a copy of your data in machine-readable format
6.2 Correction and Deletion
You may:
- Update your account information at any time
- Request deletion of your account (subject to retention requirements)
- Correct inaccurate personal information
6.3 Limitations
Some rights may be limited by:
- Exchange licensing requirements
- Regulatory compliance obligations
- Legitimate business interests
- Technical feasibility
7. Cookies and Tracking
7.1 Essential Cookies
We use cookies that are necessary for our service to function:
- Authentication and session management
- Security and fraud prevention
- Load balancing and performance
7.2 Analytics
We use analytics to improve our service:
- Usage patterns and feature adoption
- Performance monitoring
- Error tracking and debugging
8. International Transfers
Your data may be processed in countries outside your residence, including:
- United States (primary data centers)
- European Union (backup and redundancy)
- GCC countries (local exchange connections)
We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses and adequacy decisions.
9. Children's Privacy
Our services are designed for professional use and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or applicable law. We will:
- Notify you of material changes by email
- Post updates on our website with effective dates
- Provide 30 days notice for significant changes
- Obtain consent where required by law
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@borsat.ai
Data Protection Officer: dpo@borsat.ai
Address: GCC Markets MCP, Legal Department
Phone: +1 (555) 123-4567
Response Time: We aim to respond to privacy inquiries within 5 business days.