Privacy Policy
Effective Date: February 12, 2026 · Last Updated: February 12, 2026
1. Introduction
MongoTrader (“Company,” “we,” “us,” or “our”) operates a simulated paper-trading and competition platform (the “Platform” or “Service”) accessible at mongotrader.com and through associated applications. This Privacy Policy (“Policy”) describes how we collect, use, disclose, retain, and safeguard information obtained from and about users of our Platform (“User,” “you,” or “your”).
This Policy applies to all visitors, registered account holders, subscribers, and participants in our simulated trading competitions and leagues. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with our policies and practices, you must not access or use the Platform.
The MongoTrader Platform provides simulated trading experiences using virtual currency (referred to as “$MON tokens”) and does not involve real money trading or investment services. Nevertheless, we collect and process certain personal and non-personal information necessary to provide our services, enhance user experience, maintain Platform security, and comply with applicable legal obligations.
Important Notice
This Privacy Policy should be read in conjunction with our Terms of Service. Capitalized terms not otherwise defined herein shall have the meanings ascribed to them in our Terms of Service.
2. Information We Collect
We collect various categories of information in connection with the services we provide, including information you provide directly, information we collect automatically through your use of the Platform, and information we receive from third-party sources.
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide when you register for an account, subscribe to a service tier, communicate with us, or otherwise interact with the Platform. This information may include:
- Display username
- Email address
- Password (stored exclusively in encrypted, hashed form using industry-standard algorithms)
- Profile information, including uploaded avatars, profile pictures, biographical descriptions, and any other information you choose to include in your public or semi-public profile
- Subscription tier selection (Free, Premium, or Max)
- Payment and billing information processed through our third-party payment processor, Stripe, Inc. (“Stripe”), including billing name, billing address, and payment method details
- Communication preferences and marketing opt-in or opt-out selections
- Any other information you voluntarily provide through profile customization, customer support inquiries, surveys, feedback forms, or other Platform interactions
2.2 Account and Trading Activity Data
When you use the Platform, we collect information about your account activity, simulated trading behavior, and usage patterns, including:
- Simulated trading activity, including securities selected, buy and sell orders, transaction timestamps, order types, and execution details
- Virtual Portfolio compositions, including asset allocations, position sizes, unrealized and realized simulated gains and losses, and portfolio performance metrics over time
- Competition and league participation data, including league memberships, entry history, rankings, standings, and performance statistics
- Algorithm Builder configurations, including automated trading strategy parameters, backtesting results, algorithmic rule sets, and execution logs
- Virtual currency ($MON tokens) balances, transaction history, allocation records, and grant history
- Watchlist compositions, search queries, asset preferences, and browsing behavior within the Platform
- Feature usage patterns, including frequency, duration, and depth of Platform engagement
- Settings, preferences, and configurations you establish within your account
2.3 Social and Communication Data
The Platform includes social features that generate communication data, including:
- Friend connections, including friend requests sent and received, accepted connections, and blocked users
- Group memberships, group creation data, and group participation activity
- Messages sent and received through our chat and messaging features, including direct messages between users and messages posted within group communications
- Customer support inquiries, correspondence, and ticket history
- Feedback, survey responses, and user-generated content submitted to the Platform
2.4 Device and Technical Information
We automatically collect certain technical information when you access or use the Platform:
- Internet Protocol (IP) address and approximate geographic location derived therefrom
- Device type, model, manufacturer, operating system, and version
- Browser type, version, language settings, and rendering engine
- Device identifiers, including mobile advertising identifiers where applicable
- Screen resolution, viewport dimensions, and display characteristics
- Referring and exit URLs, and the sequence of pages visited within the Platform
- Date and time stamps associated with each access event and interaction
- Performance metrics, error logs, crash reports, and diagnostic data
- Cookie identifiers, local storage data, and similar tracking technology identifiers
- Network connection type, Internet service provider, and bandwidth characteristics
2.5 Cookies and Similar Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to collect information about your interactions with the Platform. Cookies are small text files placed on your device that enable us to recognize your browser, maintain your authenticated session, remember your preferences, and gather usage analytics. We use the following categories of cookies:
- Strictly Necessary Cookies: Required for the Platform to function, including session management, authentication state, and security tokens. These cookies cannot be disabled without impairing core Platform functionality.
- Functional Cookies: Enable personalization and remember your preferences, such as display settings, notification preferences, and recently viewed assets.
- Analytics Cookies: Collect aggregated information about how the Platform is used, including page views, feature engagement, and error tracking, to help us improve the Platform.
- Advertising Cookies: Used to display advertising to free-tier users via Google AdSense. With your consent, Google and its advertising partners may use cookies to serve and personalize ads based on your visits to this and other websites. These load only if you accept non-essential cookies, and paid subscribers (Premium and Max) are not served ads. See Sections 5.7 and 9.4 for details and opt-out options.
You may control cookie preferences through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being placed. However, disabling cookies may limit your ability to use certain features of the Platform, particularly session management, authentication, and personalization features.
3. How We Collect Information
3.1 Information Collected Directly from You
We collect information that you voluntarily and knowingly provide when you:
- Create an account and complete registration forms
- Subscribe to a paid service tier (Premium or Max) and provide billing information
- Update your profile, avatar, preferences, or account settings
- Execute simulated trades, construct portfolios, or configure algorithmic trading strategies through the Algorithm Builder
- Participate in competitions, create or join leagues, or engage with leaderboard features
- Add friends, create or join groups, or send messages through our chat and messaging features
- Contact customer support, submit feedback, or respond to surveys
- Otherwise interact with features or forms requiring data input
3.2 Information Collected Automatically
We use various technologies to automatically collect information when you access and navigate the Platform:
- Server Logs: Our servers automatically record information about each request made to the Platform, including the requesting IP address, request timestamp, HTTP method, URL path, response status code, response size, referrer URL, and user-agent string.
- Cookies and Tracking Technologies: As described in Section 2.5, we use cookies, web beacons, and similar technologies to recognize returning users, maintain session state, and collect usage analytics.
- Analytics Services: We use analytics tools to understand user behavior, measure Platform performance, and identify trends and patterns in aggregate usage. These tools may collect data about your interactions with the Platform.
- Session Recording and Error Tracking: We may employ session replay and error monitoring tools to diagnose technical issues, identify usability problems, and improve Platform reliability.
3.3 Information Received from Third Parties
We may receive information about you from third-party sources in the following circumstances:
- Payment Processors: Stripe provides us with transaction confirmation data, subscription status updates, payment method metadata (such as card brand and last four digits), and billing event notifications necessary to manage your subscription. Stripe’s collection and processing of your full payment information is governed by Stripe’s own privacy policy.
- Market Data Providers: Services such as Finnhub and other financial data providers supply real-time and historical market data that we integrate into the Platform. These providers may receive information about data requests routed through their APIs on your behalf.
- Authentication Providers: If we implement third-party authentication or single sign-on options in the future, we may receive basic profile information from those authentication providers with your consent.
- Public Sources: We may supplement our records with information from publicly available sources for identity verification or fraud prevention purposes.
4. How We Use Your Information
We process the information we collect for various purposes related to providing, maintaining, improving, and securing the Platform. Where required by applicable law, our legal bases for processing include performance of our contract with you, pursuit of our legitimate business interests, your consent, and compliance with legal obligations.
4.1 Providing and Managing the Platform
- Creating, authenticating, and maintaining your account
- Processing subscription payments through Stripe and managing tier-based access to features, tools, and daily $MON grant allocations
- Enabling simulated trading activities, portfolio construction and management, and algorithm creation and execution
- Facilitating competition participation, league management, ranking calculations, and leaderboard displays
- Providing social features, including friend connections, group interactions, and real-time chat messaging
- Delivering and displaying real market data and analytics relevant to your simulated trading activities and interests
- Maintaining virtual currency ($MON tokens) balances, processing grant allocations, and recording transaction histories
- Personalizing your experience based on your stated preferences, usage patterns, and account configuration
4.2 Improving and Developing the Platform
- Analyzing usage patterns, feature adoption, and user behavior to identify opportunities for improvement
- Developing new features, services, and capabilities, including enhancements to the Algorithm Builder, competition formats, and social features
- Conducting research and aggregate analytics to understand user needs and inform product decisions
- Testing new features, user interface designs, and infrastructure changes before general availability
- Optimizing Platform performance, load times, and system reliability
- Identifying and prioritizing bug fixes, usability improvements, and feature requests
4.3 Communications
- Sending transactional communications, including account confirmation emails, password reset links, subscription receipts, payment confirmations, and service-related notifications
- Providing customer support and responding to inquiries and issue reports
- Delivering competition updates, league announcements, ranking changes, and achievement notifications
- Sending marketing communications about new features, promotions, and Platform updates, where you have consented or as otherwise permitted by applicable law
- Soliciting feedback through surveys, user research initiatives, and beta programs
- Communicating changes to our Terms of Service, this Privacy Policy, or other applicable policies
4.4 Security and Fraud Prevention
- Detecting, preventing, and investigating fraudulent activity, unauthorized access attempts, and security breaches
- Verifying user identity and preventing creation of fraudulent, duplicate, or bot-operated accounts
- Monitoring for suspicious activity patterns, abuse of Platform features, competition manipulation, or violations of our Terms of Service
- Implementing and maintaining authentication mechanisms, session management, and access controls
- Protecting the rights, property, and safety of MongoTrader, our users, and third parties
- Enforcing our agreements, policies, and competition rules
4.5 Legal Compliance
- Complying with applicable laws, regulations, and legal processes
- Responding to lawful requests from governmental authorities, law enforcement agencies, and regulatory bodies
- Maintaining records required by law or necessary for the prosecution or defense of legal claims
- Exercising or defending legal claims and rights
- Conducting audits, compliance reviews, and regulatory reporting
6. Data Retention
We retain your personal information for as long as reasonably necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.
6.1 Retention Criteria
The criteria we apply to determine appropriate retention periods include:
- Active Accounts: We retain account information, trading history, portfolio data, algorithm configurations, social connections, and usage records for the duration of your active account relationship with MongoTrader.
- Inactive Accounts: If your account becomes inactive for an extended period (typically twelve (12) months or more without login), we may delete or anonymize certain information while retaining essential records for legal, security, or legitimate business purposes.
- Subscription and Payment Records: Payment records, subscription history, and billing information are retained for accounting, tax compliance, financial reporting, and dispute resolution purposes, typically for a period of seven (7) years following the conclusion of the subscription relationship or as required by applicable law.
- Communications: Customer support communications, feedback, and correspondence are retained for reasonable periods to provide ongoing support, resolve disputes, and improve services.
- Legal Obligations: Certain information may be retained for longer periods when required to comply with legal, regulatory, tax, audit, or accounting obligations.
- Legitimate Business Interests: We may retain information necessary to resolve disputes, enforce our agreements, prevent fraud, ensure Platform integrity, or pursue other legitimate business interests.
6.2 Account Termination and Deletion
Upon termination of your account, whether initiated by you or by MongoTrader:
- We will delete or anonymize your personal information within a commercially reasonable timeframe, generally within thirty (30) days, subject to the retention requirements described above.
- Certain information may persist in encrypted backup systems for a limited period (not to exceed ninety (90) days) before permanent deletion occurs through normal backup rotation cycles.
- Information that you have shared with other users — such as chat messages, group posts, or publicly shared trading strategies — may remain visible to those users even after your account is deleted.
- Aggregated or anonymized data derived from your information may be retained indefinitely as it no longer identifies you personally and falls outside the scope of personal information.
- We reserve the right to retain information reasonably necessary to comply with legal obligations, resolve pending disputes, enforce our agreements, or prevent fraud or abuse.
6.3 Data Deletion Requests
You may request deletion of your account and associated personal information at any time by contacting us at [email protected]. We will respond to verified deletion requests in accordance with applicable law, generally within thirty (30) days. Please note that complete deletion may not be immediate and that certain information may be retained as described in this Section 6.
7. Data Security
We implement and maintain technical, administrative, and organizational security measures designed to protect your personal information against unauthorized access, use, disclosure, alteration, and destruction. Our security program is designed to be proportionate to the sensitivity of the information we process.
7.1 Technical Safeguards
- Encryption in Transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS) protocols.
- Encryption at Rest: Sensitive data stored on our servers is encrypted at rest using industry-standard encryption algorithms.
- Password Security: User passwords are stored using cryptographic hashing algorithms with salting. We never store passwords in plaintext.
- Access Controls: Access to personal information is restricted to authorized personnel on a need-to-know basis through role-based access control mechanisms.
- Infrastructure Security: We utilize secure cloud infrastructure with built-in security features, including firewalls, network segmentation, intrusion detection systems, and automated security patching.
- Monitoring and Logging: We employ logging, monitoring, and alerting systems to detect and respond to anomalous activity and potential security incidents.
- Incident Response: We maintain documented incident response procedures to address security breaches and notify affected individuals and regulators as required by applicable law.
7.2 Administrative Safeguards
- Security assessments, vulnerability testing, and code reviews are conducted on a regular basis to identify and remediate potential weaknesses
- Service provider security is evaluated through due diligence and contractual obligations prior to engagement
- Data minimization principles are applied to limit the collection and retention of personal information to what is necessary for stated purposes
7.3 Your Security Responsibilities
You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. We strongly encourage you to:
- Use a strong, unique password for your MongoTrader account that you do not reuse elsewhere
- Never share your password or authentication credentials with any third party
- Log out of your account when using shared, public, or untrusted devices
- Promptly notify us at [email protected] of any unauthorized access to your account or any other security concern
- Keep your contact information current to receive important security notifications
7.4 Limitations
No Absolute Security Guarantee
While we take commercially reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot and do not guarantee absolute security of your personal information. You acknowledge and accept that the transmission of information to and from the Platform is at your own risk. In the event of a data breach affecting your personal information, we will notify you and applicable regulatory authorities in accordance with our legal obligations.
8. Your Rights and Choices
Depending on your jurisdiction of residence, you may have certain rights with respect to the personal information we hold about you. We are committed to facilitating the exercise of these rights in accordance with applicable law.
8.1 Right of Access and Data Portability
You have the right to request access to the personal information we maintain about you. In certain jurisdictions, you also have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format (data portability). You may access much of your information directly through your account settings and profile page. For a comprehensive data export or to request information not available through self- service features, contact us at [email protected].
8.2 Right to Correction
You have the right to request correction of inaccurate or incomplete personal information. You may update most account information, profile details, and preferences directly through your account settings at any time. If you are unable to correct information through self- service features or believe we maintain materially inaccurate information about you, contact us and we will make commercially reasonable efforts to update or correct such information.
8.3 Right to Deletion
You may request deletion of your personal information, subject to certain legal exceptions. We will honor deletion requests except where retention is reasonably necessary to:
- Complete transactions or provide services you have requested
- Comply with legal obligations, including tax, accounting, and regulatory requirements
- Resolve pending disputes or enforce our agreements
- Detect, prevent, or investigate fraudulent or illegal activity
- Exercise free speech or other rights provided by law, or enable another consumer to exercise such rights
- Maintain records for internal purposes consistent with your reasonable expectations based on your relationship with us
To request deletion of your account and personal information, contact [email protected]. Please be advised that account deletion is typically permanent and irreversible.
8.4 Right to Opt Out of Marketing Communications
You may opt out of receiving promotional emails, newsletters, and marketing communications from MongoTrader by:
- Clicking the “unsubscribe” link included in each marketing email
- Updating your communication preferences in your account settings
- Contacting us at [email protected] with your opt-out request
Please note that even if you opt out of marketing communications, we will continue to send transactional and service-related communications necessary for account management, security notifications, subscription confirmations, and Platform operations.
8.5 Right to Object and Restrict Processing
In certain jurisdictions, you may have the right to object to certain processing of your personal information or request restriction of processing. For example, you may object to processing based on our legitimate interests, or you may request that we restrict processing while a dispute regarding the accuracy of your information is being resolved. To exercise these rights, contact [email protected] with specific details about your request.
8.6 Exercising Your Rights
To exercise any of the rights described in this Section 8, please submit a request to [email protected] with sufficient detail to allow us to understand and respond to your request. We may require verification of your identity before processing any request to ensure the security of your account and information. We will respond to verified requests within the timeframes required by applicable law, typically within thirty (30) to forty-five (45) days. If we require additional time, we will notify you of the extension and the reasons therefor.
You will not be subject to discrimination for exercising any of your privacy rights. However, please note that the exercise of certain rights (such as account deletion) may limit or eliminate your ability to access or use the Platform.
8.7 Authorized Agents
In certain jurisdictions, you may designate an authorized agent to submit privacy rights requests on your behalf. If you use an authorized agent, we may require: (a) written proof of the agent’s authority to act on your behalf (such as a signed power of attorney or notarized authorization letter); and (b) direct verification of your identity with us.
9. California Privacy Rights
If you are a resident of the State of California, the California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”), provides you with specific rights regarding your personal information. This section supplements the information contained elsewhere in this Privacy Policy and applies solely to California residents.
9.1 Categories of Personal Information Collected
In the preceding twelve (12) months, we have collected the following categories of personal information from California consumers, as those categories are defined under the CCPA:
- Identifiers: Username, email address, IP address, device identifiers, and account identifiers
- Commercial Information: Subscription tier history, payment transaction records, and purchase history
- Internet or Other Electronic Network Activity: Browsing history within the Platform, search history, simulated trading activity, algorithm configurations, feature interactions, and Platform usage patterns
- Geolocation Data: Approximate geographic location derived from IP address
- Audio, Electronic, Visual, or Similar Information: Profile pictures, avatars, and any images you upload to the Platform
- Inferences: Profiles reflecting preferences, characteristics, behavior, and trading patterns drawn from the information described above
9.2 Sources of Personal Information
We collect personal information from the following categories of sources: (a) directly from you through your use of the Platform; (b) automatically through cookies, server logs, and similar technologies; (c) from our service providers, including payment processors and market data providers; and (d) from publicly available sources where applicable.
9.3 Business and Commercial Purposes
We collect and use personal information for the business and commercial purposes described in Section 4 of this Privacy Policy, including providing and managing the Platform, improving services, communications, security and fraud prevention, and legal compliance.
9.4 Disclosure and Sale of Personal Information
We disclose personal information to the categories of third parties described in Section 5, including service providers, the Platform community (as applicable), and as required by law.
Sale and Sharing of Personal Information
We do not “sell” personal information for money as that term is defined under the CCPA. However, if you consent to advertising cookies, our use of Google AdSense to serve personalized ads may constitute “sharing” for cross-context behavioral advertising under the CPRA. You can opt out at any time by selecting “Essential only” in our cookie banner, by withdrawing your consent, or by visiting Google Ads Settings. We do not knowingly sell or share the personal information of consumers under 16 years of age.
9.5 Your California Consumer Rights
As a California resident, you have the following rights under the CCPA/CPRA:
- Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting or selling the information, and the categories of third parties with whom we have shared the information.
- Right to Delete: You may request deletion of personal information we have collected from you, subject to certain exceptions permitted by law.
- Right to Correct: You may request correction of inaccurate personal information that we maintain about you.
- Right to Opt Out of Sale/Sharing: While we do not currently sell or share personal information as defined by the CCPA/CPRA, you have the right to opt out if our practices change in the future.
- Right to Limit Use of Sensitive Personal Information: You may direct us to limit our use of sensitive personal information to purposes necessary to provide the services. We do not currently use sensitive personal information beyond such necessary purposes.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA/CPRA rights.
9.6 Exercising Your California Rights
To exercise your California privacy rights, submit a verifiable consumer request to [email protected]. We will verify your identity by matching information you provide with the information we maintain about you. You may make a verifiable consumer request up to two (2) times within a twelve-month period. We will respond to verified requests within forty-five (45) days, with a possible extension of an additional forty-five (45) days if reasonably necessary, in which case we will provide notice of the extension and the reason therefor.
9.7 California “Shine the Light” Law
California’s “Shine the Light” law (Civil Code Section 1798.83) permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes as defined by this law.
10. International Data Transfers
MongoTrader is operated from the United States and may transfer, store, and process your personal information in the United States and other countries where we, our affiliates, or our service providers maintain operations or facilities. These countries may have data protection laws that differ from, and may afford a lesser degree of protection than, the laws of your country of residence.
10.1 Cross-Border Transfers
By accessing or using the Platform, you acknowledge and consent to the transfer of your personal information to the United States and other countries outside your country of residence for the purposes described in this Privacy Policy. If you are located outside the United States, you understand that your information will be processed in a jurisdiction that may not provide the same level of data protection as your home jurisdiction.
10.2 Transfer Safeguards
When we transfer personal information internationally, we implement appropriate safeguards to protect your information in compliance with applicable law, including:
- Requiring service providers to enter into data processing agreements containing contractual obligations to provide adequate protection for personal information
- Implementing Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms where required for transfers out of the European Economic Area or United Kingdom
- Ensuring transfers are necessary for performance of our contract with you, for the establishment, exercise, or defense of legal claims, or based on your explicit consent
- Conducting transfer impact assessments where required by applicable law to evaluate the level of data protection in recipient jurisdictions
10.3 European Economic Area (EEA) and United Kingdom Users
If you are located in the EEA or United Kingdom, we process your personal information on the following legal bases under the General Data Protection Regulation (GDPR) and the UK GDPR:
- Contract Performance (Article 6(1)(b)): Processing necessary to perform our agreement with you and to provide the Platform and its features
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate business interests, including service improvement, security, fraud prevention, and direct marketing, where such interests are not overridden by your rights and freedoms
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with applicable legal and regulatory requirements
- Consent (Article 6(1)(a)): Processing based on your freely given, specific, informed, and unambiguous consent, which you may withdraw at any time without affecting the lawfulness of processing performed prior to withdrawal
EEA and UK residents have the right to lodge a complaint with a supervisory authority in their jurisdiction. A list of EEA supervisory authorities is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
11. Children’s Privacy
The MongoTrader Platform is not directed to, and we do not knowingly collect personal information from, individuals under the age of eighteen (18) years (“minors” or “children”). Our Terms of Service require that all users be at least eighteen (18) years of age to create an account and use the Platform.
11.1 Age Restriction
By accessing or using the Platform, you represent and warrant that you are at least eighteen (18) years of age or the age of legal majority in your jurisdiction, whichever is greater. We do not intentionally collect, solicit, or process personal information from individuals who are under the age of eighteen (18). If you are under eighteen (18), you may not create an account, use the Platform, or provide any personal information to us.
11.2 Parental Notice and Remediation
If you are a parent or legal guardian and believe that a child under the age of eighteen (18) has provided personal information to MongoTrader without your knowledge or consent, please contact us immediately at [email protected]. If we become aware that we have collected personal information from an individual under the age of eighteen (18) without appropriate parental or guardian consent, we will take prompt steps to delete that information and terminate the associated account.
11.3 COPPA Compliance
We comply with the Children’s Online Privacy Protection Act (“COPPA”) and other applicable children’s privacy laws. We do not knowingly collect, use, or disclose personal information from children under the age of thirteen (13). Our platform-wide age restriction of eighteen (18) years exceeds the COPPA threshold and is designed to ensure that the Platform is used exclusively by adults.
12. Third-Party Services and Links
The Platform integrates with and may contain links to third-party websites, services, and applications that are not owned or controlled by MongoTrader. This Privacy Policy applies solely to information collected by MongoTrader through the Platform and does not govern the practices of any third party.
12.1 Integrated Third-Party Services
We integrate the following categories of third-party services into the Platform:
- Payment Processing — Stripe: We use Stripe to process all subscription payments. When you subscribe to a paid tier (Premium or Max), your payment information is collected, transmitted, and processed directly by Stripe in accordance with their privacy policy. MongoTrader does not directly store your complete payment card numbers, CVV codes, or full bank account details on our servers. Stripe’s privacy policy is available at stripe.com/privacy.
- Market Data — Finnhub and Other Providers: We integrate real-time and historical market data from Finnhub and other financial data services to power the simulated trading features of the Platform. These providers may receive information about API requests routed through their systems, including request metadata. Their privacy practices are governed by their respective privacy policies.
- Cloud Hosting and Infrastructure: We utilize cloud hosting and infrastructure services to store, process, and serve Platform data. These providers process data on our behalf under contractual data processing agreements that require them to protect the confidentiality and security of your information.
- Analytics and Performance Monitoring: We use analytics and monitoring services to understand Platform usage, measure performance, identify errors, and optimize the user experience. These services may collect usage data and technical information subject to their own privacy policies.
12.2 External Links
The Platform may contain hyperlinks to third-party websites, services, or resources that are not owned, operated, or controlled by MongoTrader. We provide these links solely for your convenience and information. We are not responsible for the privacy practices, content, security measures, or policies of any third-party websites. When you navigate to an external link, you leave the MongoTrader Platform and become subject to the privacy policy and terms of service of the external site. We strongly encourage you to review the privacy policies and terms of any third-party websites before providing them with personal information.
12.3 Third-Party Responsibility
MongoTrader is not responsible or liable for the privacy practices, data collection methods, or data handling procedures of any third party, even where we integrate their services into the Platform or link to their websites. Your interactions with third-party services — including the information you provide directly to those services — are governed exclusively by their own privacy policies and terms of service. We make no representations or warranties regarding the privacy or security practices of any third party.
13. Changes to This Privacy Policy
We reserve the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our information practices, applicable law, regulatory guidance, or other factors. When we make changes, we will update the “Last Updated” date at the top of this Policy.
13.1 Notification of Material Changes
For material changes that significantly affect your rights or the manner in which we collect, use, or disclose your personal information, we will provide notice through one or more of the following methods:
- Posting a prominent notice on the Platform, including within your account dashboard
- Sending an email notification to the email address associated with your account at least thirty (30) days prior to the effective date of the material change
- Displaying an in-application notification upon your next login to the Platform
- Requiring acknowledgment of the updated Privacy Policy before continued use of certain Platform features, where appropriate
13.2 Acceptance of Changes
Your continued use of the Platform following the posting of changes to this Privacy Policy constitutes your acceptance of and agreement to those changes. If you do not agree with a modified Privacy Policy, you must discontinue use of the Platform and may request deletion of your account. We encourage you to review this Privacy Policy periodically to remain informed about how we collect, use, and protect your information.
13.3 Prior Versions
Prior versions of this Privacy Policy may be made available upon request. If you wish to review a prior version, please contact us at [email protected] specifying the date or version you wish to review.
14. Contact Information
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our information handling practices, please contact us using the information below:
When contacting us regarding privacy matters, please provide sufficient detail to allow us to understand and respond to your inquiry, including your account email address (if applicable) and a clear description of your question, concern, or request.
14.1 Response Time
We will make commercially reasonable efforts to respond to privacy inquiries within thirty (30) days of receipt. For requests requiring identity verification, complex analysis, or involving a high volume of data, we may require additional processing time and will notify you of any extension and the reasons therefor.
14.2 Dispute Resolution
If you have an unresolved privacy or data use concern that we have not addressed to your satisfaction, you may, depending on your jurisdiction, have the right to lodge a complaint with a data protection supervisory authority in your country of residence. We encourage you to contact us first at [email protected] so that we may address your concerns directly and attempt to reach a resolution.
14.3 Data Protection Officer
If required by applicable law, we will designate a Data Protection Officer (“DPO”) who can be contacted regarding data protection matters at [email protected].
© 2026 MongoTrader. All rights reserved.