Privacy Policy

StellarX Trading LLC ("StellarX," "we," "us," or "our"), a Delaware limited liability company operating stellarxtrading.com, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Platform. By accessing or using the Platform, you consent to the practices described in this policy.

1. Information We Collect

We collect the following categories of personal information:

• Account Data: Full name, email address, username, password (stored as salted bcrypt hashes — we never store plaintext passwords), date of birth, country of residence, and phone number (optional).
• Payment Data: All payment processing is handled by Stripe, a PCI-DSS Level 1 certified payment processor. We do not store, process, or have access to your full credit card numbers, CVV, or bank account details. We retain only transaction IDs, payment amounts, dates, and the last four digits of your card for reference.
• Identity / KYC Data: Government-issued photo identification (passport, driver's license, or national ID), proof of address (utility bill or bank statement dated within 90 days), and selfie verification — collected when you request your first payout for AML/KYC compliance.
• Trading Data: All trade records, order history, position data, account balances, profit and loss statements, drawdown metrics, and activity logs generated through your use of the simulated trading environment.
• Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution, referring URLs, session duration, pages visited, click patterns, and time zone.
• Cookies & Tracking: We use essential cookies for authentication and session management, and optional analytics cookies to understand Platform usage. See Section 10 (Cookie Policy) for details.
• Communications Data: Records of your communications with our support team, including emails, chat transcripts, and support ticket content.

2. How We Use Your Data

We use the information we collect for the following purposes:

• Account Management: To create, maintain, and administer your StellarX account and provide you with access to the Platform's features.
• Payment Processing: To process evaluation purchases, reset fees, and payout disbursements through our payment processor (Stripe).
• Trading Compliance: To monitor trading activity for rules compliance, prohibited strategy detection, and platform integrity.
• Communications: To send account status updates, payout confirmations, service announcements, security alerts, and responses to your inquiries.
• Legal Compliance: To comply with AML/KYC legal obligations, tax reporting requirements, and applicable financial regulations.
• Security: To detect, prevent, and address fraud, unauthorized access, and other security threats to the Platform.
• Platform Improvement: To analyze usage patterns, diagnose technical issues, and improve the Platform's functionality and user experience.
• Legal Claims: To establish, exercise, or defend legal claims as necessary.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and the United Kingdom, we process personal data under the following legal bases as defined in GDPR Article 6:

• Performance of a Contract (Art. 6(1)(b)): Processing necessary to fulfill our contractual obligations to you, including account management, evaluation services, and payout processing.
• Legal Obligation (Art. 6(1)(c)): Processing necessary to comply with legal obligations, including AML/KYC requirements, tax reporting, and regulatory compliance.
• Legitimate Interests (Art. 6(1)(f)): Processing necessary for our legitimate interests, including fraud prevention, platform security, and service improvement, where these interests are not overridden by your fundamental rights.
• Consent (Art. 6(1)(a)): Where we rely on your consent for specific processing activities (e.g., optional analytics cookies, marketing communications). You may withdraw consent at any time without affecting the lawfulness of processing performed before withdrawal.

4. Third-Party Services

We share personal data only with the following trusted third-party service providers, solely for the purposes described:

• Stripe — Payment processing (PCI-DSS Level 1 certified). Receives payment details necessary to process transactions. Stripe Privacy Policy
• Vercel — Web hosting and content delivery. Processes technical data (IP addresses, request headers) for serving the Platform. Vercel Privacy Policy
• ProjectX Gateway — Simulated market data feed and trade execution infrastructure. Receives trading data necessary for the simulated trading environment.

We do not sell, rent, or trade your personal data to any third party. We do not share your trading data with advertisers, data brokers, or any entity not listed above. Each third-party provider is contractually bound to process your data only for the specified purposes and in accordance with applicable data protection laws.

5. International Data Transfers

StellarX is based in the United States. If you access the Platform from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws that may differ from U.S. law, please note that your personal data may be transferred to and processed in the United States.

For transfers of personal data from the EEA/UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, as well as any applicable adequacy decisions. We ensure that all international data transfers are conducted with appropriate safeguards to protect your personal data in accordance with GDPR requirements.

6. Data Retention & Security

Retention: We retain your personal data for the duration of your account plus 7 years for financial compliance, tax reporting, and legal obligation purposes. KYC documentation is retained for 5 years after the business relationship ends. Trading data and activity logs are retained for 7 years. You may request earlier deletion of non-essential data, subject to our legal retention obligations.

Security Measures: We implement industry-standard security measures to protect your data:

• Encryption at Rest: AES-256 encryption for all stored personal data.
• Encryption in Transit: TLS 1.3 for all data transmitted between your browser and our servers.
• Password Security: Passwords stored as salted bcrypt hashes with a work factor of 12+.
• Access Controls: Role-based access controls, multi-factor authentication for staff, and principle of least privilege.
• Monitoring: Continuous security monitoring, intrusion detection, and automated alerting.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected users and relevant authorities in the event of a data breach, as required by applicable law.

7. GDPR Rights (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

• Right of Access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data.
• Right to Rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
• Right to Erasure (Art. 17): You have the right to request deletion of your personal data, subject to our legal retention obligations.
• Right to Data Portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to Restrict Processing (Art. 18): You have the right to request that we restrict the processing of your personal data under certain circumstances.
• Right to Object (Art. 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent (Art. 7(3)): Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your Member State of residence, place of work, or place of the alleged infringement.

To exercise any of these rights, contact us at privacy@stellarx.trade. We will respond to your request within 30 days. We may request verification of your identity before processing your request.

8. CCPA Rights (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your data.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, completing transactions, security).
• Right to Opt-Out of Sale: StellarX does not sell personal information to third parties as defined by the CCPA. Therefore, there is no need to opt out. We also do not "share" personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will not receive different pricing, quality of service, or access to the Platform based on your privacy choices.

To submit a CCPA request, email privacy@stellarx.trade with the subject line "CCPA Request." We will verify your identity and respond within 45 days. You may also designate an authorized agent to make requests on your behalf.

9. Children's Privacy

The Platform is not intended for individuals under the age of 18. We do not knowingly collect, solicit, or maintain personal information from anyone under 18 years of age. If we become aware that we have collected personal data from a minor, we will promptly delete that information. If you believe that a child under 18 has provided us with personal information, please contact us immediately at privacy@stellarx.trade.

10. Cookie Policy

We use cookies and similar tracking technologies on the Platform. Cookies are small text files stored on your device that help us provide and improve our services.

• Essential Cookies: Required for the Platform to function properly. These include session cookies for authentication, CSRF protection tokens, and load balancing. These cookies cannot be disabled without breaking core functionality.
• Analytics Cookies: Used to understand how users interact with the Platform, including page views, session duration, and navigation paths. These cookies help us improve the user experience. Analytics data is aggregated and anonymized where possible.

How to Opt Out: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking essential cookies may impair the functionality of the Platform. You can also opt out of analytics cookies by contacting us at privacy@stellarx.trade. For EEA/UK users, non-essential cookies are only placed after you provide consent through our cookie banner.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by email to the address associated with your account or by posting a prominent notice on the Platform at least 15 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was most recently revised. Your continued use of the Platform after any changes constitutes acceptance of the updated Privacy Policy.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us: