Skip to content
Home / Legal / Privacy Policy

Privacy Policy

Last updated: 16 July 2026 · Brand: Xntara · Public legal notice

This Privacy Policy explains how Xntara group entities collect, use, share, and protect personal data when you use xntara.com, create or manage an account, access the trading platform, or communicate with us. Additional notices may apply at the point of collection or for specific products.

On this page

  1. 1. Who we are
  2. 2. Data we collect
  3. 3. How we collect data
  4. 4. Purposes and legal bases
  5. 5. Platform and trading data
  6. 6. Sharing
  7. 7. International transfers
  8. 8. Retention
  9. 9. Security
  10. 10. Your rights
  11. 11. Cookies
  12. 12. Children
  13. 13. Changes
  14. 14. Contact

1. Who we are (data controllers)

Personal data is controlled by the Xntara group company responsible for the relevant activity — for example the entity operating the public Site, the entity onboarding you as a client, or a technology affiliate processing data on behalf of group companies. Your contracting entity is confirmed during onboarding and appears in account documents. See Entities.

Where two group companies jointly determine purposes of processing, they will arrange transparency as required by applicable law.

2. Categories of personal data we may collect

  • Identity and contact data — name, date of birth, nationality, residential address, email, telephone, government identifiers (for example passport or national ID numbers) where required for KYC
  • Verification data — copies of identity documents, proof of address, selfie/liveness checks, source-of-funds or source-of-wealth information, tax residency information (for example TIN/CRS/FATCA where applicable)
  • Account and profile data — username, preferences, language, marketing choices, account tier, suitability or appropriateness answers
  • Financial and transaction data — deposit and withdrawal instructions, payment method tokens or partial card/bank references, balances, trading history, orders, positions, P&L, margin, and related ledger entries
  • Technical and usage data — IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, session diagnostics, approximate location derived from IP
  • Communications — support tickets, emails, chat transcripts, call recordings where notified, complaint files
  • Marketing and analytics data — campaign attribution, cookie IDs, consent logs (where used)
  • Risk and compliance data — sanctions/PEP screening results, fraud signals, device reputation, investigation notes

3. How we collect data

We collect data directly from you (forms, onboarding, Platform use, support), automatically via cookies and similar technologies (see Cookie Policy), and from third parties such as identity-verification providers, payment processors, sanctions data providers, publicly available sources, and, where lawful, credit or fraud databases.

4. Purposes and legal bases

Depending on your jurisdiction, we rely on one or more of: performance of a contract; legitimate interests (balanced against your rights); consent; and legal obligation. Typical purposes include:

PurposeExamplesTypical legal basis
Provide the SiteHosting pages, security, language preferencesLegitimate interests / contract
Onboarding & KYCIdentity checks, suitability, entity assignmentLegal obligation / contract
Provide the PlatformLogin, trading, statements, fundingContract
PaymentsDeposits, withdrawals, chargeback handlingContract / legal obligation
Risk, fraud & AMLMonitoring, investigations, SAR/STR where requiredLegal obligation / legitimate interests
Customer supportResponding to queries and complaintsContract / legitimate interests
Analytics & improvementAggregated traffic analysis, UX improvementConsent or legitimate interests (as applicable)
MarketingProduct updates where permittedConsent or soft opt-in where lawful
Legal defenceEstablishing or defending claimsLegitimate interests / legal obligation

Where we rely on consent, you may withdraw it at any time without affecting prior lawful processing.

5. Platform and trading-related processing

When you use the trading platform connected to this Site, we process order and position data as necessary to execute and administer your account, manage margin and risk, produce statements, detect abuse, and meet regulatory record-keeping duties. This processing is inherent to providing CFD services and is typically required to perform our contract with you and to comply with law.

6. Who we share data with

We may share personal data with:

  • Other Xntara group companies for operations, compliance, and support
  • Service providers under contract (hosting, cloud, KYC vendors, payment processors, communications, analytics, customer support tools, auditors)
  • Liquidity and execution counterparties or market-data licensors where required to provide services
  • Professional advisers (legal, accounting)
  • Regulators, courts, law enforcement, or tax authorities when required or permitted by law
  • A buyer or successor in the event of a corporate transaction, subject to appropriate safeguards

We do not sell personal data. Providers are required to protect data and process it only on documented instructions where they act as processors.

7. International transfers

Xntara operates internationally. Your data may be processed in countries other than your country of residence. Where required (for example under GDPR/UK GDPR), we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other lawful transfer mechanisms, and implement supplementary measures where appropriate.

8. Retention

We keep personal data only as long as necessary for the purposes described, including:

  • Account and trading records — typically for the duration of the relationship plus a statutory retention period (often five to seven years or longer where AML or tax rules require)
  • Marketing consents and suppression lists — as needed to honour opt-outs
  • Support and complaint files — for the period needed to resolve issues and meet legal duties
  • Technical logs — for shorter operational periods unless needed for security investigations

When retention ends, we delete or irreversibly anonymise data where feasible.

9. Security

We implement administrative, technical, and organisational measures appropriate to the risk, including access controls, encryption in transit where standard, segregation of environments, monitoring, and staff confidentiality obligations. No method of transmission or storage is completely secure; you also play a role by protecting credentials and devices.

10. Your rights

Depending on applicable law (for example GDPR, UK GDPR, or other local privacy laws), you may have rights to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data in certain circumstances
  • Restrict or object to certain processing
  • Data portability
  • Withdraw consent
  • Lodge a complaint with a supervisory authority

Some rights are limited where we must retain data for AML, tax, or legal claims. To exercise rights, contact privacy@xntara.com. We may need to verify your identity before responding. We aim to respond within one month or the period required by local law.

11. Cookies and similar technologies

We use cookies and similar technologies as described in our Cookie Policy. You can manage non-essential cookies via the Site banner (where shown) and browser settings.

12. Children

Our services are not directed to individuals under the legal age for opening a trading account. We do not knowingly collect personal data from children. If you believe we have done so, contact us and we will take appropriate steps to delete the data.

13. Changes to this policy

We may update this Privacy Policy periodically. The “Last updated” date will change when we do. Significant changes may be notified via the Site, email, or Platform message where appropriate.

14. Contact

Privacy enquiries and data-subject requests: privacy@xntara.com
General support: support@xntara.com

If you have a designated Data Protection Officer for your entity, contact details will be provided in your client documentation or on request.

Related legal pages

  • Risk disclosure
  • Terms of use
  • Privacy policy
  • Cookie policy
  • AML & KYC
  • Complaints
  • Entities