GetBackFX
Legal

Privacy Policy

Last updated: May 25, 2026. We collect the minimum data necessary to deliver rebates. Nothing more.

What we collect
  • ✓ Email address (for account access)
  • ✓ Broker account number (XM or Exness, to track rebate)
  • ✓ Rebate transaction history (lots traded, rebate paid)
  • ✓ Telegram username (if you link Telegram for notifications)
  • ✓ IP address & device info (for fraud prevention only)
What we never collect
  • ✗ KYC documents (no ID, no passport, no proof of address)
  • ✗ Payment details (no credit card, no bank account)
  • ✗ Trading positions or strategy (broker has this, not us)
  • ✗ Personal contact data (no phone, no address)

1. Data we collect

  • Account registration: email, password (hashed), preferred language
  • Broker linking: XM or Exness account number, broker name
  • Rebate tracking: lot volume per trade, rebate amount, timestamp
  • Communication: Telegram user ID (if linked), support conversation log
  • Technical: IP address, browser type, device type (for fraud detection)

2. How we use it

  • Display your rebate balance and history
  • Send rebate-related notifications (daily summary, payout confirmations)
  • Detect fraud (multiple accounts, broker abuse, etc)
  • Improve the product (anonymized aggregate analytics)

3. Who we share with

We do NOT sell or share personal data with third parties for marketing. We share limited data with:
  • The broker (XM or Exness) to verify your account linkage
  • Email service (transactional email delivery only)
  • Telegram (if you opt to link your Telegram for notifications)
  • Legal authorities when required by law (subpoena, court order)

4. Cookies

We use minimal cookies: session cookie (to keep you logged in), language preference cookie. We do NOT use third-party tracking cookies or advertising cookies.

5. Data retention

Active account data is kept while your account is open. After account deletion, we retain rebate transaction history for 3 years for tax and audit purposes, then permanently delete.

6. Your rights

You can request: data export (download all your data), data deletion (remove your account and personal data), data correction (fix errors). Email support@getbackfx.com with your request. We respond within 30 days.

7. Security

Passwords are hashed (bcrypt). Data in transit is encrypted (HTTPS only). Database access is restricted to authorized engineers. We do not store sensitive financial data (no card, no bank account).

8. International transfers

Our infrastructure is hosted globally on Vercel and Neon. Your data may be processed in the US, EU, or APAC depending on routing. We rely on standard contractual clauses for international transfers.

9. Children

The Service is not intended for users under 18. If we discover a user is underage, we will delete the account immediately.

10. Contact

Privacy questions: support@getbackfx.com
Note: This is a placeholder privacy policy. Final document will be drafted by qualified counsel and GDPR-reviewed before public launch.