Gizlilik Politikası

1. Introduction

This Privacy Policy (the “Policy”) explains how personal data is collected, used, disclosed, transferred, stored, and otherwise processed in connection with the website pipcy.com (the “Website”) and the services offered under the Pipcy brand (the “Services”).

This Policy applies to visitors to the Website, registered users, customers, prospective customers, persons who contact us, and any other individuals whose personal data is processed by us in connection with the Website or Services.

Please read this Policy carefully together with our Terms of Service and Cookie Policy.

2. Who We Are

The controller of personal data processed in connection with the Website and the Services is:

For the purposes of applicable data protection laws, including where relevant the General Data Protection Regulation (GDPR), Conquest Services Limited (“Conquest”, “Company”, “we”, “us”, or “our”) determines the purposes and means of processing personal data in connection with the Website and the Services, except where this Policy expressly states or the circumstances require otherwise.

In providing the Services, we use certain third-party providers and affiliated service providers, including:

Pipcy Ltd. provides MT5-related technical infrastructure and access to the simulated trading environment. Rogano Limited provides software, back-office, marketing, payment collection and settlement, and related operational services to Conquest.

Depending on the relevant processing activity, Pipcy Ltd. and Rogano Limited may act:

• as processors or service providers acting on our behalf and under our instructions;
• as independent controllers where they process personal data for their own legal, regulatory, accounting, payment, fraud prevention, or claims-related purposes; or
• in other capacities required by applicable law or by the nature of the relevant processing activity.

Nothing in this Policy is intended to characterize all processing by any such entity under a single role for all purposes. The capacity in which personal data is processed depends on the specific processing activity, the applicable law, and the factual circumstances.

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Data You Provide Directly

This may include:

• first name and last name;
• date of birth;
• residential address, billing address, and country of residence;
• email address and telephone number;
• username, account credentials, and profile details;
• billing and payment-related information;
• communications with us, including customer support requests, complaints, and correspondence;
• information submitted in forms, surveys, promotions, or other interactions with us;
• KYC, identity verification, or compliance-related information and documents, where applicable; and
• any other information you choose to provide.

3.2 Data Collected Automatically

When you use the Website or Services, we may automatically collect:

• IP address;
• device identifiers;
• browser type and version;
• operating system;
• language and time zone settings;
• approximate geolocation derived from IP address;
• referral source and campaign information;
• page views, clicks, session duration, navigation path, scroll depth, and feature usage;
• timestamps, login and logout history;
• client area activity and challenge-related usage data;
• simulated trading activity and technical logs; and
• cookies and similar technology data.

3.3 Data from Third Parties

We may receive personal data from third parties, including:

• payment processors and financial institutions;
• fraud prevention and risk monitoring providers;
• KYC and identity verification providers;
• analytics, engagement, and communications providers;
• affiliate and advertising partners;
• social media platforms where you interact with us;
• customer support and software providers;
• MT5-related infrastructure providers; and
• legal, compliance, or professional advisers.

4. How We Collect Personal Data

We collect personal data:

• directly from you when you register, place an order, complete forms, contact us, or otherwise interact with us;
• automatically through cookies, tracking technologies, server logs, analytics tools, and similar technologies when you use the Website or Services; and
• from third parties where necessary to provide the Services, verify identity, process payments, manage risk, or improve the Website and Services.

5. How We Use Personal Data and Legal Bases

Where applicable, including under the GDPR, we process personal data on one or more of the following legal bases: performance of a contract, steps taken prior to entering into a contract, compliance with legal obligations, legitimate interests, and consent.

We may use personal data for the following purposes:

5.1 Account Creation and Administration

To create and manage user accounts, authenticate users, maintain account settings, and provide access to the client area and related features.

Legal basis: performance of a contract or steps taken at your request prior to entering into a contract.

5.2 Provision of Services

To provide evaluation services, challenge access, customer support, simulated trading functionality, and related service features.

Legal basis: performance of a contract.

5.3 Technical Operation and Infrastructure

To operate, maintain, secure, troubleshoot, and support the Website, the client area, MT5-related technical infrastructure, and the simulated trading environment.

Legal basis: performance of a contract and our legitimate interests in maintaining secure, reliable, and functional systems.

5.4 Payments, Settlement, and Financial Administration

To process payments, administer billing, manage settlements, detect payment misuse, handle disputes and chargebacks, and keep financial records.

Legal basis: performance of a contract, legal obligations, and our legitimate interests in fraud prevention, financial administration, and business continuity.

5.5 KYC, Compliance, Fraud Prevention, and Risk Management

To conduct identity verification, sanctions screening, anti-fraud checks, compliance reviews, account monitoring, internal investigations, and related controls.

Legal basis: legal obligations and our legitimate interests in compliance, platform integrity, and prevention of prohibited conduct.

5.6 Analytics, Product Improvement, and Service Optimization

To understand how users interact with the Website and Services, improve functionality, fix issues, analyse usage trends, enhance the user experience, and develop new features.

Legal basis: consent where required by applicable law for non-essential cookies or trackers, and otherwise our legitimate interests in improving and securing our Website and Services.

5.7 Marketing and Communications

To send service updates, respond to inquiries, send promotional communications where permitted, manage campaigns, and administer user engagement.

Legal basis: consent where required by applicable law and otherwise our legitimate interests in promoting and improving our Services.

5.8 Security, Enforcement, and Legal Claims

To protect our systems, users, rights, and business against misuse, prohibited trading practices, unauthorized access, abuse, legal violations, and other harmful conduct, and to establish, exercise, or defend legal claims.

Legal basis: our legitimate interests and, where applicable, legal obligations.

6. Cookies, Analytics, Session Recording, and Engagement Tools

We use cookies and similar technologies to operate the Website, improve performance, understand user behavior, support communications, and enhance the user experience.

We may use third-party analytics, session recording, product intelligence, and user engagement tools, including Amplitude, Contentsquare, and CleverTap.

Depending on configuration, these tools may collect information such as:

• page views;
• clicks and navigation paths;
• session duration;
• scroll depth;
• device and browser information;
• approximate geolocation;
• attribution and campaign data; and
• where applicable, replay-style or on-screen interaction data.

Non-essential cookies and similar technologies are activated only after your consent where required by applicable law. Consent preferences are managed through the cookie consent mechanism on the Website and may be withdrawn or changed at any time.

Web push notifications are enabled only if you expressly opt in through your browser or device prompt or other valid consent mechanism. You may disable such notifications at any time through your browser or device settings.

Further details are available in our Cookie Policy.

7. How We Share Personal Data

We may share personal data with the following categories of recipients, to the extent necessary for the purposes described in this Policy:

• cloud hosting and infrastructure providers;
• MT5-related technical and infrastructure providers, including Pipcy Ltd.;
• software and SaaS providers;
• customer support and communications providers;
• analytics, session recording, and engagement providers, including Amplitude, Contentsquare, and CleverTap;
• payment processors, financial institutions, settlement providers, and payment collection agents, including Rogano Limited where applicable;
• KYC, identity verification, fraud prevention, and compliance screening providers;
• marketing, communications, affiliate, and advertising providers;
• legal, accounting, tax, audit, and compliance advisers;
• regulators, courts, law enforcement authorities, or other public authorities where disclosure is required by law or necessary to protect rights, property, safety, or legal interests; and
• prospective or actual acquirers, investors, lenders, or counterparties in connection with a corporate transaction, subject to appropriate confidentiality and legal safeguards.

Some recipients act as processors or service providers on our behalf. Others may act as independent controllers for their own legal or regulatory purposes.

8. International Transfers of Personal Data

Due to the international nature of our business and service provider structure, personal data may be transferred to, accessed from, or processed in jurisdictions outside your country of residence, including the United Arab Emirates, Saint Lucia, Cyprus, and other jurisdictions in which our vendors, infrastructure, or operational providers are located.

Where required by applicable law, we take steps to ensure that international transfers are subject to appropriate safeguards and protections. These safeguards may include contractual measures, vendor due diligence, internal policies, restricted access controls, and transfer mechanisms recognized under applicable law.

By using the Website and Services, you acknowledge that such international processing may occur, subject always to this Policy and applicable law.

9. How Long We Keep Personal Data

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide the Services, comply with legal and regulatory obligations, resolve disputes, prevent fraud, and establish, exercise, or defend legal claims.

In particular:

• account and contractual data are generally retained for the duration of the relationship and for a reasonable period thereafter for compliance, recordkeeping, and claims management purposes;
• payment and transaction-related data are retained for as long as required by applicable accounting, tax, anti-fraud, payment, and legal obligations;
• KYC and compliance-related data are retained for as long as required by applicable law or internal compliance requirements;
• customer support and communication records may be retained for service quality, dispute handling, and legal purposes;
• analytics and cookie-related data are retained in accordance with applicable law, vendor configurations, our Cookie Policy, and our internal retention schedule; and
• marketing-related data are retained until you unsubscribe, withdraw consent where applicable, object to the processing, or until continued retention is no longer necessary for the relevant purpose.

Where possible, we will delete, aggregate, or anonymise personal data when it is no longer required.

10. How We Protect Personal Data

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

Such measures may include:

• access controls and authentication measures;
• role-based access restrictions;
• logging and system monitoring;
• encryption in transit and, where appropriate, at rest;
• vendor and service provider controls;
• internal policies and procedures; and
• business continuity and incident response practices.

While we take reasonable steps to protect personal data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your Rights

Subject to applicable law, including where relevant the GDPR, you may have the right to:

• request access to your personal data;
• request correction of inaccurate or incomplete personal data;
• request deletion of personal data in certain circumstances;
• request restriction of processing in certain circumstances;
• object to processing based on legitimate interests, including direct marketing;
• withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal;
• request portability of personal data where applicable; and
• lodge a complaint with a competent supervisory or regulatory authority if you believe your personal data has been processed unlawfully.

Some rights are not absolute and may be limited where an exemption applies or where continued processing is required by law, contract, compliance obligations, or the establishment, exercise, or defense of legal claims.

To exercise your rights, please contact us at [email protected]. We may request information necessary to verify your identity before acting on your request.

12. Automated Decision-Making

We do not intend to make decisions about you based solely on automated processing, including profiling, that produce legal effects concerning you or similarly significantly affect you, except where such processing is permitted by applicable law and appropriate safeguards are in place.

Certain automated tools may be used for fraud detection, security monitoring, platform integrity, service optimization, or operational support, but significant decisions will not be based solely on automated processing unless lawfully permitted.

13. Third-Party Websites and Services

The Website or Services may contain links to third-party websites, tools, or services. We are not responsible for the privacy practices of such third parties. We encourage you to review the privacy notices and terms applicable to those third-party services.

14. Children

The Website and Services are not intended for children under the age of 18, and we do not knowingly collect personal data from persons under 18. If you believe that a person under 18 has provided personal data to us, please contact us so that we may take appropriate action.

15. Complaints

If you believe that your personal data has been processed in breach of applicable law, you may contact us first so that we have an opportunity to address your concern. You may also have the right to complain to a competent data protection or privacy regulator in the jurisdiction relevant to your complaint.

16. Changes to This Policy

We may amend or update this Policy from time to time. Any updated version will be made available on the Website and will become effective upon publication unless stated otherwise. We encourage you to review this Policy periodically.

17. Contact Us

If you have any questions about this Policy or about the way personal data is processed in connection with the Website or the Services, please contact us at: