Privacy Policy – Copy.Click

Last Updated: March 28, 2026

================================================================================
1. INTRODUCTION
================================================================================

Your privacy is important to Copy.Click (“we,” “us,” “our”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application, website, and services (collectively, the “Service”).

Please read this Privacy Policy carefully. By accessing or using Copy.Click, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

================================================================================
2. INFORMATION WE COLLECT
================================================================================

2.1 INFORMATION YOU PROVIDE DIRECTLY

Account Registration:
– Full name
– Email address
– Password (encrypted)
– Phone number (optional)
– Country/jurisdiction for compliance

Trading Account Linking:
– MT5 account login credentials (securely encrypted)
– MT5 investor password (securely encrypted)
– MT5 server name
– MT5 account numbers

Subscription & Payment Information:
– Billing email
– Subscription plan selection
– Payment method details (processed by Stripe, we do not store full card details)
– Billing address (if provided)

App Configuration:
– Risk multiplier settings
– Trading preferences
– Notification preferences
– Linked Telegram channel IDs (for signal delivery)

2.2 INFORMATION COLLECTED AUTOMATICALLY

Device Information:
– Device type and model
– Operating system and version
– Unique device identifier (UUID/Android ID)
– Mobile carrier information
– Device memory and storage information

Usage Data:
– App interaction logs (features used, buttons clicked, pages visited)
– Session duration and frequency
– Crash reports and error logs
– Performance metrics (app load time, latency)
– Feature usage analytics

Network Information:
– IP address
– Device network type (WiFi, cellular)
– Approximate location (based on IP address only; we do not request GPS permissions)

Telegram Integration Data:
– Telegram channel IDs you link
– Message delivery logs and timestamps
– Signal delivery status (successful/failed)
– Webhook interaction data

2.3 INFORMATION WE DO NOT COLLECT

We explicitly do NOT collect:
– Full trading histories from your MT5 accounts (we only collect account identifiers)
– Sensitive personal information beyond what’s necessary
– Your actual trade details, positions, or profit/loss information
– Photos or biometric data
– Children’s birthdates or personal information (if under 13)

================================================================================
3. HOW WE USE YOUR INFORMATION
================================================================================

We use collected information for the following purposes:

Core Service Delivery:
– Linking your MT5 trading account to our platform
– Delivering trading signals via Telegram
– Maintaining account security and authentication
– Processing subscription payments and billing
– Providing customer support

Service Improvement:
– Analyzing app performance and stability
– Identifying and fixing bugs and errors
– Understanding user behavior to improve features
– A/B testing new functionality
– Monitoring service uptime and reliability

Security & Compliance:
– Detecting and preventing fraud or unauthorized access
– Enforcing our Terms of Service
– Complying with legal obligations and regulatory requirements
– Protecting against malicious, deceptive, or illegal activity

Communication:
– Sending transactional emails (account confirmations, payment receipts, password resets)
– Notifying you of service changes or issues
– Responding to your support requests

Marketing (with your consent):
– Sending newsletter updates (opt-in only)
– Informing you about new features or promotions
– Conducting surveys or requesting feedback

================================================================================
4. LEGAL BASIS FOR PROCESSING
================================================================================

We process your information based on:

– Your Consent: For marketing communications and optional data collection
– Contractual Necessity: To provide the Service and fulfill our obligations to you
– Legitimate Interest: To improve the Service, prevent fraud, and ensure security
– Legal Obligation: To comply with applicable laws, regulations, and court orders
– Protection of Vital Interests: To protect your safety or the safety of others

================================================================================
5. DATA SHARING & THIRD PARTIES
================================================================================

5.1 WE SHARE INFORMATION WITH:

Essential Service Providers:
– Stripe (stripe.com) – Payment processing and subscription management. Stripe does not store full credit card information.
– Google Cloud Platform (google.com) – Infrastructure hosting and data storage
– Amazon Web Services (AWS) – Database hosting and backup services
– SendGrid – Email delivery for transactional messages
– Sentry – Error tracking and crash reporting (anonymized)

MT5-Related:
– MetaTrader 5 Servers – Your linked account credentials are transmitted only to official MT5 servers for signal execution
– MT5 Account Owners/Brokers – Limited information needed to link your account (account number, login)

Telegram Integration:
– Telegram Bot API (telegram.org) – We transmit signal data to Telegram channels you specify
– Telegram’s privacy policy governs their handling of data: https://telegram.org/privacy

Legal & Regulatory:
– Law enforcement or regulatory authorities when legally required
– Our legal advisors and auditors for compliance purposes

5.2 WE DO NOT SHARE:
– Your MT5 investor password with anyone except MT5 servers
– Your payment card details (Stripe handles this)
– Your personal information with advertisers or marketers (except with explicit consent)
– Your data with other users or third parties for commercial purposes

================================================================================
6. DATA SECURITY & ENCRYPTION
================================================================================

6.1 SECURITY MEASURES

We implement industry-standard security controls:

Data Encryption:
– All data in transit uses TLS 1.2+ (HTTPS)
– Sensitive data (MT5 passwords, API keys) encrypted at rest using AES-256
– Payment data processed via PCI-DSS compliant Stripe

Access Controls:
– Role-based access restrictions (only authorized staff)
– Multi-factor authentication for admin accounts
– Regular security audits and penetration testing
– Principle of least privilege for all system access

Data Protection:
– Secure password hashing (bcrypt)
– No plaintext storage of sensitive credentials
– Regular backups with encryption
– Network segmentation and firewalls
– Intrusion detection systems

6.2 LIMITATIONS

While we employ strong security measures, no system is 100% secure. We cannot guarantee absolute protection against all attacks, breaches, or unauthorized access. You are responsible for maintaining the confidentiality of your password and account credentials.

================================================================================
7. DATA RETENTION & DELETION
================================================================================

7.1 RETENTION PERIODS

7.2 DATA DELETION

Upon Account Deletion:
1. All personal account data is marked for deletion
2. MT5 credentials are securely wiped immediately
3. Subscription information is retained for 7 years (tax/audit compliance)
4. Usage analytics are anonymized after 30 days
5. You cannot recover data after the 30-day grace period

Requesting Deletion:
Email your deletion request to [email protected] with your account email address. We will process deletion within 7 business days.

================================================================================
8. YOUR PRIVACY RIGHTS
================================================================================

Depending on your jurisdiction (particularly if you’re in the EU under GDPR or California under CCPA), you may have the following rights:

Right to Access:
– Request a copy of personal information we hold about you
– Response time: 30 days

Right to Correction:
– Request correction of inaccurate information
– Response time: 30 days

Right to Deletion:
– Request deletion of your personal data (“Right to be Forgotten”)
– Exception: Data required for legal/tax compliance
– Response time: 30 days

Right to Restriction:
– Request we limit processing of your data
– Response time: 30 days

Right to Data Portability:
– Request your data in a portable, machine-readable format
– Response time: 30 days

Right to Object:
– Object to processing of your data for marketing or legitimate interests
– Response time: 30 days

Right to Withdraw Consent:
– Withdraw consent for optional data processing at any time
– Does not affect prior processing

How to Exercise Your Rights:
Submit requests to: [email protected]

Include:
– Your full name
– Email address associated with your account
– Specific right you’re exercising
– Detailed description of your request

================================================================================
9. INTERNATIONAL DATA TRANSFERS
================================================================================

Copy.Click operates globally. Your personal information may be transferred to, stored in, and processed in countries other than your country of residence, including countries that may not have equivalent privacy protections.

For EU/EEA Users:
By using Copy.Click, you consent to the transfer of your information to the United States and other countries. We ensure adequate safeguards including:
– Standard Contractual Clauses (SCCs) with service providers
– Compliance with GDPR Chapter 5 requirements
– Binding Corporate Rules (BCRs) where applicable

For California Residents:
We comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

================================================================================
10. CHILDREN’S PRIVACY
================================================================================

Copy.Click is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

If you are under 13:
– Do not use this Service
– Do not provide personal information
– Contact us immediately if you believe we have collected your data

If you are 13-18 (Minors):
– Parental/guardian consent is required
– We limit data collection to what’s necessary
– We do not use behavioral targeting for minors
– Extra safeguards apply to your account

For Parents/Guardians:
If you believe we have collected information about a child under 13, contact: [email protected]

================================================================================
11. COOKIES & TRACKING TECHNOLOGIES
================================================================================

11.1 COOKIES WE USE

Essential Cookies:
– Session cookies (authentication, security)
– CSRF protection tokens
– Language/preference settings

Analytics Cookies:
– Google Analytics (anonymized IP address)
– Performance monitoring
– Usage patterns for service improvement

Functionality Cookies:
– User preferences (theme, timezone)
– Auto-login credentials (encrypted, device-only)

11.2 YOUR COOKIE CONTROL

You can:
– Disable cookies in your browser settings
– Opt-out of analytics tracking
– Clear cookies manually
– Use private/incognito browsing

Note: Disabling essential cookies may prevent the app from functioning properly.

================================================================================
12. THIRD-PARTY LINKS & SERVICES
================================================================================

Copy.Click may contain links to third-party websites and services (MT5 brokers, Telegram, Stripe, etc.). We are not responsible for their privacy practices.

Review their privacy policies:
– Stripe Privacy Policy: https://stripe.com/privacy
– Telegram Privacy Policy: https://telegram.org/privacy
– Google Privacy Policy: https://policies.google.com/privacy
– MetaTrader 5 Privacy: https://www.metatrader5.com/en/terms

================================================================================
13. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)
================================================================================

California Residents have the right to:
1. Know – What personal information is collected, used, shared, or sold
2. Delete – Request deletion of personal information (with exceptions)
3. Opt-Out – Opt-out of the sale or sharing of personal information (we don’t sell data)
4. Correct – Request correction of inaccurate personal information
5. Appeal – Appeal our decision if we deny your request

Special Categories (CPRA):
– Sensitive personal information (passwords, health data) has additional protections
– You can limit use of sensitive data

To exercise CCPA rights: [email protected]

================================================================================
14. EUROPEAN UNION PRIVACY RIGHTS (GDPR)
================================================================================

EU/EEA Residents have the right to:
– Full access to your personal data
– Correction and deletion of data
– Restrict processing of your data
– Data portability in machine-readable format
– Lodge complaints with your Data Protection Authority

Our Data Protection Officer (DPO):
– Contact: [email protected]
– We respond within 30 days of all requests

Lawful Basis for Processing:
– Consent (marketing, optional features)
– Contract (service delivery)
– Legal Obligation (tax, compliance)
– Legitimate Interest (fraud prevention, security)

================================================================================
15. DATA BREACH NOTIFICATION
================================================================================

In the event of a data breach involving personal information:

We will notify affected individuals within 72 hours if:
– Unauthorized access or disclosure occurs
– Data security is compromised
– The breach poses a risk to your rights and freedoms

Notification will include:
– Description of the breach
– Types of data affected
– Recommended actions to protect yourself
– Contact information for further details

Reporting Breaches:
– Email: [email protected]
– Include: date discovered, extent, data types affected

================================================================================
16. SERVICE PROVIDERS & SUB-PROCESSORS
================================================================================

A complete list of our sub-processors (third parties processing data on our behalf):

================================================================================
17. UPDATES TO THIS PRIVACY POLICY
================================================================================

We may update this Privacy Policy periodically to reflect:
– Changes in our practices
– Legal or regulatory requirements
– Improvements to transparency
– Feedback from users

Changes will be effective:
– Immediately upon posting (for non-material changes)
– 30 days after posting (for material changes)

Material changes will be notified via:
– Email notification
– In-app alert
– Banner on website

Your continued use of Copy.Click after changes indicates acceptance of the updated Privacy Policy.

================================================================================
18. CONTACT US
================================================================================

For privacy-related questions, concerns, or to exercise your rights:

Privacy Team
– Email: [email protected]
– Response Time: 7 business days

Mailing Address:
Copy.Click Privacy Team
8topuz Consulting LLC
2 Vasil Aprilov, 2nd floor
8000 Burgas
Bulgaria

Data Protection Officer (GDPR)
– Email: [email protected]
– GDPR Compliance: EU residents’ requests prioritized

================================================================================
19. SERVICE DESCRIPTION & RISK DISCLAIMER
================================================================================

Service Description:
Copy.Click is a software tool that distributes trading information between signal providers and followers. We do NOT:
– Execute trades on your behalf
– Recommend, validate, or endorse trading signals
– Provide investment, financial, or brokerage services
– Guarantee profit, accuracy, or uninterrupted service
– Have control over signal quality or provider performance

All trading decisions are made solely at your discretion.

Risk Disclaimer:
Trading leveraged financial instruments (forex, stocks, cryptocurrencies) involves substantial risk, including the total loss of your invested capital. Past performance does not guarantee future results. Copy.Click is not liable for any financial losses, delays, inaccuracies, technical issues, or actions of signal providers.

================================================================================
20. GOVERNING LAW
================================================================================

This Privacy Policy is governed by the laws of Bulgaria and the European Union (GDPR). Any disputes shall be resolved in accordance with Bulgarian law, with exclusive jurisdiction in Bulgarian courts (except where GDPR or other regulations apply).

================================================================================

Version: 2.0
Effective Date: March 28, 2026
Last Updated: March 28, 2026