🔒

Privacy Policy

GDPR-Aware · Operated from Dubai (UAE) · Brand owned by AI GPT TRADING LTD (Cyprus)

Effective: April 25, 2026 · Version 1.0

Terms & Conditions Privacy Policy Risk Disclosure

📋 Plain-language summary

We collect almost nothing about you. Your WEEX API keys live in your own browser — they never reach our servers. We do not have a user database. We do not sell, share, or monetise personal data. Our platform was deliberately designed to know as little as possible about you. The full details below explain exactly what minimal data flows we do operate.

1. Data Controller

The data controller responsible for the processing of personal data on WEEX.trade is:

Operator (Data Controller)	CEAI SOLUTIONS FZCO, a free-zone company registered in Dubai, United Arab Emirates
Brand & IP Owner (parent)	AI GPT TRADING LTD, a private limited company registered in the Republic of Cyprus. Does not directly process personal data.
Contact for privacy enquiries	info@weex.trade
Subject line	"Privacy Request" or, for EU residents, "GDPR Request"

Although the Operator is based outside the European Union, we voluntarily honour GDPR rights for users located in the EU/EEA/UK in respect of any personal data we may hold. Where applicable, GDPR Article 3 (extraterritorial scope) governs our processing of data of EU/EEA residents.

2. Information We Collect

2.1 Information Stored Only in Your Browser (NOT on our servers)

🔐 Browser-only storage

The following data is stored in your browser's local storage and never transmitted to or stored on our servers: WEEX API key, secret key, and passphrase; OAuth tokens (when you connect via OAuth); your trading preferences (selected pair, timeframe, theme, language); chart configurations and saved layouts.

2.2 Information Collected by Our Servers

When you visit WEEX.trade, the following minimal information may be processed by our infrastructure (Netlify) for normal web operation:

IP address — used to deliver content and detect abuse. Logged temporarily by our hosting provider for standard server operation.
User agent (browser type) — used for rendering compatibility.
HTTP request metadata — path, status code, response time. Used for performance monitoring.
Referrer header — only when present in your browser request.

2.3 What We Do NOT Collect

We do NOT collect:

Your name, email, phone number, postal address, or government ID (unless you contact us directly by email — see Section 11).
Your WEEX account credentials, balances, or trading history on our servers.
Your actual trading activity (orders, positions) — these stay between you and WEEX.
Cookies for advertising, behavioural targeting, or cross-site tracking.
Analytics tracking via Google Analytics, Facebook Pixel, or similar.
Biometric data, location data (beyond IP-derived country), or health data.

No account registration is required to use the core WEEX.trade platform. You connect your WEEX account directly; we do not create or manage user accounts.

3. How We Use the Information

To deliver the Service — render the platform, route market data, relay your signed API requests to WEEX (when CORS proxy is needed).
To improve the Service — analyse aggregated, non-identifying usage patterns and fix bugs.
To protect the Service and our users — detect abuse, mitigate denial-of-service attacks, prevent unauthorised access.
To comply with legal obligations — respond to lawful requests from competent authorities where required.
To respond to your direct enquiries — when you email us, we use that email to reply to you.

4. Legal Basis for Processing (GDPR Article 6)

Performance of contract	Processing necessary to provide the Service you have requested by using WEEX.trade (delivering the platform, relaying signed API requests).
Legitimate interests	Improving the platform, preventing fraud and abuse, protecting our intellectual property, ensuring service security. Where we rely on this basis, you have the right to object (see Section 6).
Compliance with legal obligations	Where law requires us to retain or disclose information.
Consent	Where we ask for it explicitly (e.g. optional features that may be added in the future). You can withdraw consent at any time.

5. Data Sharing & Recipients

We share data only with the following categories of recipients, all under appropriate data processing agreements where required by GDPR:

Netlify, Inc. (USA) — hosting, content delivery, and serverless function execution. Receives request metadata (IP, user agent, path) for service delivery.
WEEX exchange — when you make trading API calls, your signed requests pass through our CORS relay to WEEX. The relay does NOT inspect or store request body content.
Fixie (USA) — used only for the OAuth handshake (when implemented). Receives only the OAuth code exchange request, no user PII.
Competent legal authorities — only when legally compelled by valid court order or comparable legal process.

We do NOT sell your data. We do NOT share it with advertisers. We do NOT participate in any data broker network.

6. Your Rights Under GDPR

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under GDPR (and equivalent UK data protection law):

Right of access (Art. 15) — request a copy of any personal data we hold about you.
Right to rectification (Art. 16) — request correction of inaccurate data.
Right to erasure (Art. 17) — request deletion of your data ("right to be forgotten").
Right to restriction of processing (Art. 18) — request limitation of processing in certain circumstances.
Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interests or for direct marketing.
Right to withdraw consent — where processing is based on consent, withdraw at any time.
Right to lodge a complaint — with the supervisory authority in your country of residence within the EU/EEA. The Cyprus Office of the Commissioner for Personal Data Protection (https://www.dataprotection.gov.cy) may also receive complaints relating to AI GPT TRADING LTD as the brand owner of the Platform, where applicable.
Right not to be subject to automated decision-making — we do not currently use automated decision-making with legal effects on users.

To exercise any of these rights, email info@weex.trade with the subject line "GDPR Request" or "Privacy Request". We will respond within 30 days as required by GDPR. We may extend this by a further 60 days for complex requests, and we will notify you if we do.

Because we collect very little personal data, exercising these rights is usually fast: in most cases, the answer to "what data do you hold about me?" is "an IP address in our hosting provider's logs for the past few days, and any emails you have sent us."

7. Cookies & Local Storage

WEEX.trade uses minimal browser storage. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

Functional (localStorage)	Your selected language, theme, splash-screen-seen flag, and trading preferences. Stored locally in your browser. Never transmitted to our servers.
Credentials (localStorage)	Your WEEX API credentials (when you choose to connect). Stored exclusively in your browser. Never transmitted to or stored on our servers. You can clear these at any time via the "Disconnect" button or by clearing your browser storage.
Session (memory)	Live trading data (positions, balance, charts) is held in browser memory for the duration of your session. Cleared when you close the tab.
Hosting cookies	Our hosting provider (Netlify) may set minimal essential cookies for service delivery (e.g. CDN routing). These are not used for tracking.

You can control browser storage through your browser settings. Clearing storage will require you to reconnect your WEEX account but will not affect any data on WEEX itself.

8. Data Retention

Data Type	Retention Period
Browser localStorage (your device)	Until you clear it or until you click "Disconnect"
Hosting provider request logs (IP, user agent, path)	Up to 30 days for standard logs; up to 180 days for OAuth-flow audit logs (regulatory requirement)
Email correspondence with us	Up to 2 years from last contact, then deleted unless required for legal/regulatory reasons
Audit logs (OAuth events)	180 days, as required by our broker partnership with WEEX
Anonymised performance metrics	Indefinite (no personal data)

9. International Data Transfers

WEEX.trade is operated by CEAI SOLUTIONS FZCO from Dubai, United Arab Emirates. Our hosting infrastructure (Netlify) and OAuth proxy infrastructure (Fixie) are based in the United States. Data may therefore be transferred to and processed in jurisdictions outside the European Economic Area, including the UAE and the United States.

Where personal data of EU/EEA/UK residents is transferred outside the European Economic Area, we voluntarily apply appropriate safeguards consistent with GDPR Chapter V, including reliance on Standard Contractual Clauses with our processors and the EU-US Data Privacy Framework where applicable to those processors.

Because we collect very little personal data — essentially: IP address and request metadata in hosting logs — the privacy impact of these international transfers is minimal in practice.

10. Children's Privacy

WEEX.trade is NOT intended for use by anyone under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected data from a person under 18, we will delete it promptly. If you believe a minor has provided us with personal data, please contact us at info@weex.trade.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

HTTPS/TLS encryption for all data in transit (TLS 1.2+).
HSTS, Content Security Policy, and other security headers enforced site-wide.
No centralised storage of user credentials or financial data.
Multi-factor authentication on all infrastructure provider accounts.
Encrypted environment variables for all server-side secrets.
Routine review of access logs and dependency vulnerabilities.

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. Where you choose to use the Service, you accept this residual risk.

12. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

For affected EU/EEA residents: notify the relevant EU supervisory authority within 72 hours of becoming aware of the breach, where required by GDPR Article 33.
For affected UAE residents: comply with notification obligations under UAE Federal Decree-Law No. 45 of 2021 (PDPL) where applicable.
Notify affected users without undue delay, where required, via available channels (in-app notification and/or our public status communications).
Take immediate steps to contain the breach and prevent recurrence.
Publish a post-incident report where appropriate.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via prominent notice on the platform. Continued use of WEEX.trade after changes are posted constitutes acceptance of the updated policy. We will indicate the "Effective" date at the top of this document on each revision.

14. Contact Information

PRIVACY & GDPR REQUESTS

info@weex.trade

Operator (Data Controller): CEAI SOLUTIONS FZCO
Free-zone company registered in Dubai, United Arab Emirates

Brand & IP Owner (parent): AI GPT TRADING LTD
Private limited company registered in the Republic of Cyprus

For EU/EEA residents — supervisory authorities:
The supervisory authority of your country of habitual residence, or
Cyprus Office of the Commissioner for Personal Data Protection
https://www.dataprotection.gov.cy