Opes Borsa – iOS Privacy Policy

Features

FAQs

Contact

Get the App

Features

FAQs

Contact

Get the App

Opes Borsa iOS Privacy Policy

# Privacy Policy for iOS Users

**Effective Date:** November 6, 2025

**Last Updated:** November 6, 2025

Opes Borsa Technologies Limited ("Opes Borsa", "we", "us" or "our") is committed to respecting and protecting the privacy of individuals who access and sign up for our services ("Users", "you", or "your").

This Privacy Notice explains how we collect, use, and share personal information when you access or sign up for our services ("Service") through our mobile app (the "App") available on the Apple App Store and when you access and use our website available at https://www.opesborsa.com ("Website").

**IMPORTANT FOR iOS USERS:** This app may request permission to track your activity across other companies' apps and websites. This tracking is used to deliver personalized advertisements and measure advertising effectiveness. You can control this through your device's privacy settings under "Privacy > Tracking" or deny tracking through the App Tracking Transparency prompt. You can deny tracking without affecting core app functionality.

**FINANCIAL DATA DISCLAIMER:** Market data provided may not be real-time and should not be relied upon for time-sensitive trading decisions. All information is for educational and informational purposes only and does not constitute financial advice. Past performance does not guarantee future results.

It is important that you understand how we use your information. You are strongly advised to read this page in full and note the key highlights and helpful resources in the following sections.

Opes Borsa provides a comprehensive platform for financial research, market data, news feeds, portfolio management tools, and financial insights, enabling users to track financial assets such as stocks, commodities, cryptocurrencies, and markets with essential alerts and notifications, as well as enhanced and personalised AI features available through Opes Borsa Premium Plan.

We collect and use your personal information to deliver these Services, enhance your experience, protect the security and integrity of our Website and App, and fulfill our legal obligations.

If you do not agree with the collection, use, or disclosure of your personal information as described in this Privacy Notice, or if you are under 18 years of age, please do not access or otherwise use any of our App, Website, or Services.

If you have any questions regarding our processing of your personal data, please contact us at info@opesborsa.com.

---

## 1. Important Information and Opes Borsa Technologies

Opes Borsa Technologies Limited is the controller and is responsible for your personal data. We process personal data in compliance with applicable data protection laws, including, where relevant, the General Data Protection Regulation (EU GDPR) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018 (UK GDPR). For iOS users, we comply with Apple's App Store Review Guidelines and App Tracking Transparency requirements.

**Company Details:**

- **Legal Name:** Opes Borsa Technologies Limited

- **Registered Address:** 434-436 Essex Road, London, England, N1 3QP, United Kingdom

- **Registration:** England and Wales

- **Contact:** info@opesborsa.com

---

## 2. Useful Contacts

Questions, comments, and requests regarding this Notice are welcomed and should be addressed to:

- **Privacy Team:** info@opesborsa.com

- **Data Protection Officer:** info@opesborsa.com

- **GDPR Representative (EEA):** info@opesborsa.com

**Regulatory Complaints:**

- **UK:** Information Commissioner's Office (ICO) - https://ico.org.uk/make-a-complaint/

- **EU/EEA:** Your local Data Protection Authority

---

## 3. Types of Personal Data Collected

The personal information we collect about you depends on the specific activities you engage in through our Website and App.

### 3.1 Information You Provide to Us

You may provide us with your personal data by filling in online forms or by corresponding with us. This includes personal data you provide when you create an account, use our Services, request marketing communications, or contact us for support.

| Information Category | Description |

|---------------------|-------------|

| **Identity Information** | First name, last name, username |

| **Contact Information** | Email address |

| **Financial Data** | Portfolio holdings, watchlist tickers, alert preferences (NOT your bank account or credit card details) |

| **Customer Data** | Subscription status, payment history (processed by Apple), premium features used, account activity |

| **Marketing Data** | Your preferences for receiving marketing communications |

| **Support Data** | Feedback and messages you send to our support team |

**Important:** We do NOT collect:

- Credit card or bank account details (Apple handles all payments)

- Phone numbers

- Social security numbers or government IDs

- Trading platform credentials or API keys

### 3.2 Information Collected Automatically

As you interact with our App and Website, we automatically collect device and usage data.

| Information Category | Description |

|---------------------|-------------|

| **Device Data** | Device model, operating system version, device ID, IP address (anonymized), language preferences, time zone |

| **Usage Data** | Features used, screens viewed, time spent in app, watchlist symbols searched, alert interactions |

| **Technical Data** | App version, crash logs, performance metrics, error reports |

| **Advertising Identifier** | IDFA (only with your explicit consent via App Tracking Transparency) |

### 3.2.1 Required API Usage Disclosure (iOS)

This app accesses certain system APIs as required by Apple's privacy guidelines:

|----------|---------|-------------|---------------|

**Important:** This data is stored locally on your device and is NOT transmitted to our servers unless explicitly stated in this policy.

### 3.2.2 Tracking Technologies

Our iOS app does NOT use traditional browser cookies. However, we use mobile-equivalent technologies:

| Technology | Purpose | User Control |

|-----------|---------|--------------|

| **Local Storage** | Store login state, preferences, cached market data | Cleared on app deletion or logout |

| **Secure Storage** | Encrypted storage of authentication tokens | Automatic upon logout or token expiration |

| **IDFA** | Cross-app tracking for marketing attribution (requires consent) | iOS Settings > Privacy > Tracking > Opes Borsa |

| **Session Identifiers** | Distinguish app sessions for analytics | Generated per session, not personally identifiable |

**How to Control:**

1. **Deny Tracking:** Tap "Ask App Not to Track" when prompted by iOS

2. **Change Later:** iOS Settings > Privacy & Security > Tracking > Opes Borsa

3. **Reset IDFA:** iOS Settings > Privacy & Security > Advertising > Reset Advertising Identifier

4. **Limit Ad Tracking:** iOS Settings > Privacy & Security > Advertising > Limit Ad Tracking

### 3.3 Information Obtained from Third Parties

We receive limited personal data from the following sources:

| Source | Data Received | Purpose |

|--------|---------------|---------|

| **Apple Inc.** | Subscription status, purchase receipts, transaction confirmations | Manage your Premium subscription |

| **Public Market Data Providers** | Stock prices, company information, market indices, financial news | Display market information to you |

**Important:** We do NOT share your personal information with market data providers. We only fetch public market data; they do not receive any information about you, your watchlist, or your trading activity.

---

## 4. How Personal Data is Used and Legal Basis

We use your personal information to develop, operate, and deliver our Services. The law requires us to have a legal basis for collecting and using your personal data.

### 4.1 Necessary to Perform Our Contract with You

| Purpose | Personal Data Used |

|---------|-------------------|

| Create and maintain your account | Identity Information, Contact Information |

| Provide core app services | Identity, Contact, Customer, Usage Information |

| Deliver Premium features | Identity, Contact, Financial (watchlist), Customer, Usage Information |

| Process subscription transactions | Customer Data, Financial Data (Apple handles payment processing) |

### 4.2 Necessary to Comply with Legal Obligations

| Purpose | Personal Data Used |

|---------|-------------------|

| Verify age eligibility (18+) | Identity Information (date of birth if provided) |

| Comply with UK/EU data protection laws | All categories as necessary |

| Respond to legal requests | Any data subject to valid legal process |

| Financial record retention (7 years UK law) | Subscription transaction records |

### 4.3 Legitimate Interest

When we rely on legitimate interests, we have balanced our interests against your rights and determined processing is necessary and proportionate.

|------------|------------------------|-------------|-----------|

**Your Right to Object:**

You can object to processing based on legitimate interests at any time by:

- Email: info@opesborsa.com

- In-App: Settings > Privacy > Object to Processing

- Per-Feature: Toggle off personalization in Settings

If you object, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is necessary for legal claims.

### 4.4 Consent (Including App Tracking Transparency)

We ask for your explicit consent for:

| Purpose | Data Used | How to Withdraw |

|---------|-----------|-----------------|

| Cross-app tracking for marketing attribution (iOS only) | IDFA, Device ID, Usage across apps | iOS Settings > Privacy > Tracking > Opes Borsa > Toggle OFF |

| Marketing emails (new users) | Email address, name, preferences | Click "Unsubscribe" in any email or Settings > Notifications |

| Push notifications | Push token, device information | iOS Settings > Opes Borsa > Notifications > Toggle OFF |

**Important:** Withdrawing consent will NOT affect core app functionality. You can still use all features including Premium services.

---

## 5. Third-Party Service Providers

We share your personal data with trusted third-party service providers who assist us in operating our app. These providers are contractually bound to protect your data and use it only for the purposes we specify.

**Data Processing Agreements:**

All third-party processors have signed Data Processing Agreements (DPAs) complying with GDPR Article 28, including:

- Processing only on our documented instructions

- Maintaining appropriate security measures

- Assisting with data subject rights requests

- Deleting or returning data upon contract termination

### 5.1 Infrastructure & Hosting

**Cloud Infrastructure Provider**

- **Purpose:** App backend, database hosting, data storage

- **Data Shared:** All app data (stored in encrypted format)

- **Location:** European Union (Frankfurt, Germany) - EU jurisdiction

- **Safeguards:** ISO 27001 certified, SOC 2 compliant, GDPR-compliant DPA, end-to-end encryption

- **Note:** Your data is stored within the EU and benefits from GDPR protections

### 5.2 Payment Processing

**Apple Inc.**

- **Purpose:** In-app purchase processing, subscription management

- **Data Shared:** Subscription status, purchase confirmations (we never see your payment details)

- **Data We DON'T Share:** Apple processes payments directly; we never see credit card numbers, Apple Pay details, or banking information

- **Location:** United States (with global infrastructure)

- **Safeguards:** Standard Contractual Clauses, Apple's privacy commitments

- **Privacy Policy:** https://www.apple.com/legal/privacy/

- **Your Control:** Manage subscriptions via Apple ID settings

### 5.3 Email Communications

**Email Service Provider**

- **Purpose:** Transactional emails (account verification, password reset, important service updates)

- **Data Shared:** Email address, name, email content (e.g., verification codes)

- **Location:** United States and European Union servers

- **Safeguards:** Standard Contractual Clauses, GDPR-compliant DPA, TLS encryption for all transmissions

- **Note:** Marketing emails only sent with your consent; transactional emails necessary for service operation

### 5.4 Analytics & Marketing Attribution

**Mobile Analytics Provider**

- **Purpose:** App analytics, user acquisition attribution, marketing campaign effectiveness measurement

- **Data Shared:**

- **Without Tracking Consent:** Anonymized app usage (app opens, feature usage - no personal identifiers)

- **With Tracking Consent (ATT):** Device advertising ID (IDFA), app usage patterns, campaign attribution data

- **Location:** United States, Israel (Israel has EU adequacy decision)

- **Safeguards:** Standard Contractual Clauses, data minimization, anonymization techniques

- **Your Control:** Deny App Tracking Transparency permission to prevent IDFA sharing

- **Note:** We use this data solely to understand which marketing campaigns work and to improve our product

### 5.5 Error Monitoring & Performance Tracking

**Error Monitoring Service**

- **Purpose:** Crash reporting, error tracking, performance monitoring, debugging

- **Data Shared:**

- Device information (model, OS version)

- App version and build number

- Error logs and stack traces

- Anonymized session identifiers

- **NOT Shared:** Financial data, portfolio holdings, watchlist contents, personal messages, authentication tokens

- **Location:** United States

- **Data Retention:** 90 days maximum, then automatically deleted

- **Safeguards:** Standard Contractual Clauses, IP anonymization, automatic scrubbing of sensitive data (passwords, tokens, PII)

- **Note:** This helps us identify and fix bugs quickly to improve your experience

### 5.6 Market Data Providers

**Public Financial Data Sources**

- **Purpose:** Stock quotes, market indices, financial news, company fundamental data

- **Data Shared:** NONE - we fetch public market data; providers don't receive any information about you

- **Your Interaction:** Entirely one-way; your watchlist, searches, and trading interests remain completely private

- **Note:** Market data may be delayed up to 20 minutes for free users; real-time data available with Premium subscription

### 5.7 Data Sharing Summary

|------------------|-------------|----------|--------------|

### 5.8 We Do NOT Share Your Data With:

- ❌ Advertising networks (we don't sell ads within the app)

- ❌ Data brokers or list aggregators

- ❌ Social media platforms (unless you explicitly connect via Apple ID)

- ❌ Marketing agencies or third-party marketers

- ❌ Credit bureaus or financial institutions

- ❌ Other trading platforms or brokerages

- ❌ Government agencies (except where legally required by valid legal process)

### 5.9 Processor Changes

We will notify you if we:

- Add new third-party processors that access personal data

- Change providers for critical services

- Significantly change data sharing practices

You can object to new processors; we will either use an alternative or offer to delete your account with a prorated refund of any unused subscription.

---

## 6. App Tracking Transparency (iOS)

In compliance with Apple's App Tracking Transparency (ATT) framework:

### 6.1 What is "Tracking"?

Tracking means linking data collected in our app about you with data from other companies' apps or websites for advertising or advertising measurement purposes.

### 6.2 What We Track (Only With Your Permission)

When you grant tracking permission through the ATT prompt, we use our analytics provider to:

- Measure advertising campaign effectiveness (which ads led you to download our app)

- Attribute in-app actions to specific marketing campaigns

- Understand user acquisition costs and marketing ROI

- Provide aggregated analytics to improve our marketing

**Specific Data Shared When You Allow Tracking:**

- Device Advertising Identifier (IDFA)

- Device model and OS version

- App version

- In-app events (e.g., "account created," "subscription started")

- Approximate location (country/region only, not precise location)

- Campaign source (which ad or link you clicked)

### 6.3 Privacy-Friendly Analytics (No ATT Permission Needed)

Even if you deny tracking, we collect **anonymized, non-identifiable analytics** for:

- App crashes and errors (to fix bugs)

- Feature usage patterns (to improve features)

- Performance metrics (load times, API response times)

**Note:** This does NOT include IDFA or cross-app tracking. It's completely anonymous and cannot be tied to you personally.

### 6.4 How to Control Tracking

**Initial Prompt:**

When you first open the app, iOS shows the ATT prompt:

- Tap **"Allow"** to enable tracking for improved marketing (helps us understand what users want)

- Tap **"Ask App Not to Track"** to prevent tracking

**Change Your Mind Later:**

- iOS Settings > Privacy & Security > Tracking > Opes Borsa > Toggle on/off

**Reset Advertising ID:**

- iOS Settings > Privacy & Security > Advertising > Reset Advertising Identifier

### 6.5 Impact of Denying Tracking

✅ **No impact on core functionality** - all app features work the same

✅ You still receive market alerts and notifications

✅ You can still use Premium features

✅ No penalty or reduced service quality

### 6.6 Our Commitment

- We will NEVER track you without explicit ATT permission

- We will NEVER penalize users who deny tracking

- We will NEVER require tracking for core app features

- We respect the "Ask App Not to Track" signal completely

---

## 7. Data Retention Periods

We retain different categories of personal data for specific periods based on legal requirements and business needs:

| Data Category | Retention Period | Legal Basis |

|--------------|------------------|-------------|

| **Account Data** (Identity, Contact) | Active account + 90 days after deletion | Contract performance |

| **Financial Records** (Subscriptions, Transactions) | 7 years from last transaction | UK Companies Act 2006 legal requirement |

| **Watchlist & Portfolio Data** | Active account + 30 days after deletion | Contract performance |

| **Marketing Preferences** | Until consent withdrawn + 30 days | Consent / Legitimate interest |

| **Usage & Device Data** | 24 months from collection | Legitimate interest |

| **Customer Support Communications** | 3 years from last interaction | Legitimate interest, legal compliance |

| **IDFA Tracking Data** (if consented) | 13 months from collection (refreshed annually) | Consent |

| **Crash Logs & Error Reports** | 90 days from generation | Legitimate interest |

| **Email Communications Log** | 2 years from send date | Legitimate interest, legal compliance |

### 7.1 Automated Deletion

We have automated systems that delete data when retention periods expire, except where:

- Extended retention is required by law (e.g., financial records for tax purposes)

- Data is subject to ongoing legal proceedings or regulatory investigations

### 7.2 Account Deletion Timeline

When you request account deletion (Settings > Account > Delete Account):

**Day 0-30:** Account deactivated, data quarantined (you can still request recovery)

**Day 30:** Personal data deleted (except financial records required by law)

**Day 90:** All data deleted except legally required financial transaction records (retained for 7 years per UK law)

### 7.3 Data Export Before Deletion

**Important:** We recommend exporting your data before deleting your account:

- **In-App:** Settings > Privacy > Download My Data

- **Format:** JSON or CSV

- **Contents:** Watchlist, portfolio data, preferences, alert history

- **Timeline:** Request export within 24 hours before account deletion

**After deletion:** Data export is NOT available. We cannot recover deleted data.

---

## 8. International Data Transfers

### 8.1 Primary Data Location

Your personal data is primarily stored and processed within the **European Economic Area (EEA)**:

- **Primary Data Center:** Frankfurt, Germany

- **Legal Basis:** Data stored in Germany benefits from full GDPR protections

- **UK Users:** Germany is recognized by the UK as providing adequate data protection under UK GDPR adequacy regulations

### 8.2 No Schrems II Issues

Because our primary infrastructure is in the EU, your data benefits from:

- ✅ Full GDPR protections

- ✅ No cross-border transfers for core app functionality

- ✅ EU data sovereignty

- ✅ Compliance with EU Court of Justice rulings

### 8.3 Limited Transfers Outside the EEA

We transfer limited data outside the EEA only to the following service providers:

|-----------------|----------|------------------|------------|

| **Apple Inc.** | United States | Subscription transaction data (purchase confirmations, subscription status) | • Standard Contractual Clauses (2021 SCCs) • Apple's privacy commitments • Encryption in transit and at rest |

| **Analytics Provider** | United States / Israel | Device ID, IDFA (with consent), usage analytics | • Israel has EU adequacy decision (2011) • Standard Contractual Clauses for US transfers • Data minimization and anonymization |

| **Error Monitoring** | United States | Crash logs, device info, error reports (no financial data) | • Standard Contractual Clauses (2021 SCCs) • IP anonymization • 90-day automatic deletion |

### 8.4 Supplementary Measures (Schrems II Compliance)

Following the Schrems II CJEU decision (C-311/18), we implement additional safeguards beyond Standard Contractual Clauses:

**Technical Measures:**

- TLS 1.3 encryption for all data in transit

- AES-256 encryption for all data at rest

- Pseudonymization of personal identifiers where feasible

- IP address anonymization (last octet removed)

- Data minimization - only essential data transferred

**Contractual Measures:**

- 2021 European Commission-approved Standard Contractual Clauses

- Additional contractual obligations beyond SCC requirements

- Transparency requirements (providers must notify us of government data requests)

- Audit rights to verify security measures

- Immediate breach notification (within 24 hours)

**Organizational Measures:**

- Strict data minimization policy - we limit what data leaves the EEA

- Access controls - US processors have limited, role-based access only

- Regular security audits (quarterly)

- Legal monitoring of US surveillance law developments

- Contingency planning with alternative EU providers identified

### 8.5 Your Rights Regarding International Transfers

You may request:

- A copy of our Standard Contractual Clauses (with confidential commercial terms redacted)

- Details of our Transfer Impact Assessment

- Information about supplementary measures protecting your data

- That we stop transferring your data to specific processors (may affect service availability)

**To Exercise These Rights:** Email info@opesborsa.com with subject "International Transfer Inquiry"

---

## 9. Your Rights (Enhanced for iOS Users)

You have the following rights regarding your personal data:

### 9.1 Right to Access

Request confirmation of what personal data we hold about you and receive a copy.

**How to Exercise:**

- In-App: Settings > Privacy > Download My Data

- Email: info@opesborsa.com with subject "Data Access Request"

**Response Time:** Within 30 days (may extend by 30 days if complex)

### 9.2 Right to Rectification

Request correction of inaccurate or incomplete personal data.

**How to Exercise:**

- In-App: Settings > Account > Edit Profile

- Email: info@opesborsa.com with subject "Data Correction Request"

### 9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data.

**How to Exercise:**

- In-App: Settings > Account > Delete Account

- Email: info@opesborsa.com with subject "Account Deletion Request"

**Exceptions:** We may retain data where required by:

- UK Companies Act 2006 (financial records for 7 years)

- Legal proceedings or regulatory investigations

- Fraud prevention or security purposes

### 9.4 Right to Restrict Processing

Request that we limit how we use your data.

**How to Exercise:** Email info@opesborsa.com with subject "Restrict Processing Request"

### 9.5 Right to Data Portability

Receive your personal data in a structured, machine-readable format and transmit it to another service.

**What Data You Can Export:**

- Account information (name, email, preferences)

- Watchlist and portfolio data

- Trading signal history and alert preferences

- App usage history

- Subscription and payment history (receipts)

**Export Formats:**

- JSON (machine-readable, for transferring to other apps)

- CSV (compatible with Excel, Google Sheets)

- PDF (human-readable report)

**How to Exercise:**

- In-App: Settings > Privacy > Download My Data

- Email: info@opesborsa.com with subject "Data Portability Request"

**Processing Time:** Within 48 hours (simple requests) or 30 days (complex requests)

### 9.6 Right to Object

Object to processing based on legitimate interests or for direct marketing.

**How to Exercise:**

- **Marketing:** Click "Unsubscribe" in any email or Settings > Notifications > Marketing

- **Legitimate Interest Processing:** Email info@opesborsa.com with subject "Objection to Processing"

**Effect:** We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

### 9.7 iOS-Specific Rights

**Control App Tracking:**

- iOS Settings > Privacy & Security > Tracking > Opes Borsa

**Request Third-Party Data Sharing Report:**

- Email info@opesborsa.com with subject "iOS Data Sharing Report Request"

- We will provide a list of all third parties we've shared data with in the past 12 months

**Opt-Out of Personalized Advertising:**

- Deny App Tracking Transparency permission

- iOS Settings > Privacy & Security > Advertising > Limit Ad Tracking

### 9.8 Exercising Your Rights

**No Fee:** Exercising your rights is free of charge (unless requests are manifestly unfounded or excessive)

**Identity Verification:** We may request additional information to verify your identity before processing sensitive requests (e.g., account deletion, data access)

**Response Timeline:**

- Acknowledgment: Within 10 business days

- Full Response: Within 30 days (may extend by 30 days if complex, with notice)

**Complaints:**

If you're unsatisfied with our response, you may lodge a complaint with:

- **UK:** Information Commissioner's Office (ICO) - https://ico.org.uk/make-a-complaint/ - Phone: 0303 123 1113

- **EU/EEA:** Your local Data Protection Authority - https://edpb.europa.eu/about-edpb/about-edpb/members_en

---

## 10. Children's Privacy (Enhanced Protections)

### 10.1 Age Restriction

Our services are strictly intended for users **18 years of age and older**. Financial market services are subject to legal age requirements under UK law and Apple App Store guidelines.

### 10.2 No Knowing Collection from Minors

We do not knowingly collect personal information from anyone under 18 years of age. If you are under 18, you must NOT:

- Create an account

- Use our services

- Provide any personal information

- Access financial market data through our platform

### 10.3 Age Verification

During account registration, users must:

- Affirm they are 18 years or older by checking the age confirmation box

- Accept that providing false age information may result in immediate account termination

- Understand that we may verify age if we suspect a user is underage

### 10.4 Parental Notification

Parents or guardians who believe their child has provided personal information to us should immediately contact us at info@opesborsa.com. We will:

1. Verify the report and request proof of guardianship

2. Immediately suspend the account pending investigation

3. Delete all personal information within 30 days

4. Refund any subscription fees (if applicable)

5. Report to appropriate authorities if required by law

### 10.5 iOS Family Sharing

This app is rated **17+** on the Apple App Store and cannot be shared with minors through Family Sharing features.

### 10.6 Legal Compliance

We comply with:

- UK Age Appropriate Design Code (Children's Code)

- GDPR special protections for children (Article 8)

- COPPA (if operating in the United States)

- Apple's App Store Review Guidelines 1.3 (Kids Category)

---

## 11. Data Breach Notification

### 11.1 Our Security Commitment

We maintain robust security measures to protect your personal data (see Section 12 below). However, no system is completely secure, and we are transparent about our breach response procedures.

### 11.2 In the Event of a Data Breach

If we discover a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

**Regulatory Notification (within 72 hours):**

- Notify the Information Commissioner's Office (ICO) in the UK

- Notify relevant EU Data Protection Authorities (if EU users affected)

- Provide details of the breach nature, scope, and affected data

**User Notification (without undue delay):**

- Send notification via **email** to affected users

- Send **push notification** through the app

- Post prominent notice in the app and on our website

- Provide details in clear, plain language (not legal jargon)

### 11.3 Notification Contents

Our breach notification will include:

- Nature of the breach (what data was affected)

- Categories and approximate number of users affected

- Likely consequences of the breach

- Measures we're taking to address the breach and prevent recurrence

- Recommendations for steps you can take to protect yourself

- Contact information for further inquiries (info@opesborsa.com)

- Your rights to lodge a complaint with the ICO

### 11.4 Your Actions Following a Breach

1. **Change your password immediately** using the in-app password reset

2. **Enable two-factor authentication** (if not already enabled)

3. **Review your account activity** for any suspicious transactions

4. **Monitor your financial accounts** for unusual activity (if financial data was affected)

5. **Contact us** at info@opesborsa.com with any concerns

### 11.5 Security Incident Reporting

If you suspect a security vulnerability or incident, please report it immediately to:

- **Email:** info@opesborsa.com

- **Response Time:** We will acknowledge within 48 hours

- **Responsible Disclosure:** We will work with security researchers who report vulnerabilities responsibly

### 11.6 No Retaliation

We will not take legal action against security researchers who:

- Report vulnerabilities responsibly and in good faith

- Do not access more data than necessary to demonstrate the vulnerability

- Do not disclose the issue publicly before we've had time to fix it

---

## 12. How We Protect Your Data

We implement industry-leading security measures to protect your personal data:

### 12.1 Technical Safeguards

**Encryption:**

- AES-256 encryption for all data stored on our servers

- TLS 1.3 encryption for all data transmitted between your device and our servers

- iOS Keychain for secure storage of authentication credentials on your device

- Encrypted storage for authentication tokens

**Authentication & Access Control:**

- JWT (JSON Web Token) authentication with automatic expiration

- Optional two-factor authentication available

- Biometric authentication support (Face ID / Touch ID)

- Automatic session timeout after 30 minutes of inactivity

- Role-based access control (RBAC) for our team members (principle of least privilege)

**Infrastructure Security:**

- Hosted on EU-based cloud infrastructure with ISO 27001 and SOC 2 compliance

- Web Application Firewall (WAF) to prevent common attacks

- Intrusion Detection System (IDS) with 24/7 monitoring

- DDoS protection

- Automated encrypted backups every 24 hours

### 12.2 Organizational Safeguards

**Access Management:**

- Principle of Least Privilege - employees only access data necessary for their role

- All data access logged and audited

- Background checks for all employees

- Mandatory annual security and privacy training

**Policies & Procedures:**

- Comprehensive Information Security Policy

- Documented Incident Response Plan

- Data classification by sensitivity level

- Secure data destruction when retention expires

- Security assessments for all third-party providers

### 12.3 What You Can Do to Stay Secure

**Strong Authentication:**

- Use a strong, unique password (minimum 8 characters, mix of upper/lower/numbers/symbols)

- Enable two-factor authentication (Settings > Security > 2FA)

- Enable biometric authentication (Face ID / Touch ID)

- Never share your password with anyone

**Device Security:**

- Keep your iOS version updated (latest security patches)

- Enable device passcode/biometric lock

- Only download our app from the official Apple App Store

- Avoid jailbreaking your device

**Account Monitoring:**

- Review account activity regularly (Settings > Account > Activity Log)

- Report suspicious activity immediately to info@opesborsa.com

- Verify emails claiming to be from us (check sender: @opesborsa.com only)

- Beware of phishing - we will never ask for your password via email

---

## 13. Changes to This Privacy Policy

### 13.1 How We Notify You

|------------|--------------------|-----------------|-----------|

### 13.2 What Constitutes a "Material Change"

- Expanding categories of data collected

- New purposes for data processing

- Sharing data with new types of third parties

- Changes to data retention periods (increasing them)

- Changes to international transfers

- Reducing your rights or control over data

### 13.3 Your Choices Following Changes

1. **Accept:** Continue using the app under the new policy

2. **Reject:** Close your account within 30 days

- We'll export your data for you

- We'll delete your account as per your request

- We'll refund any unused subscription (prorated)

### 13.4 Version History

- **v2.0** - November 6, 2025: Comprehensive update for iOS compliance, added third-party disclosure, data retention specifics

- **v1.0** - [Previous Date]: Initial version

**Historical Versions:** Available at https://opesborsa.com/privacy-policy-archive or request via email: info@opesborsa.com

---

## 14. Contact Us

### 14.1 Privacy Inquiries

|---------------|---------|---------------|----------|

### 14.2 Company Information

- **Legal Name:** Opes Borsa Technologies Limited

- **Registered Address:** 434-436 Essex Road, London, England, N1 3QP, United Kingdom

- **Registration:** England and Wales

- **Email:** info@opesborsa.com

### 14.3 Regulatory Complaints

If you're unsatisfied with our response, you can lodge a complaint with:

**UK:**

- Information Commissioner's Office (ICO)

- Website: https://ico.org.uk/make-a-complaint/

- Phone: 0303 123 1113

**EU/EEA:**

- Your local Data Protection Authority

- List: https://edpb.europa.eu/about-edpb/about-edpb/members_en

---

**This Privacy Policy was last updated on November 6, 2025 and is compliant with:**

- UK GDPR and Data Protection Act 2018

- EU GDPR (Regulation 2016/679)

- Apple App Store Review Guidelines

- App Tracking Transparency requirements

**Version:** 2.0 (iOS Compliant)

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of financial instruments and/or cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases financial risks.

Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.

Opes Borsa would like to remind you that the data contained in this website or in the Opes Borsa dashboard is not necessarily real-time nor accurate. The data and prices on the website or the dashboard are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes.

Opes Borsa and any provider of the data contained in this website or dashboard will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website. It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website or dashboard without the explicit prior written permission of Opes Borsa and/or the data provider.

All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website or dashboard. Opes Borsa may be compensated by the advertisers that appear on this website, based on your interaction with the advertisements or advertisers.