Privacy & Security Policy / PRIVACY POLICY

GEX Monitor User Data Privacy and Security Governance Policy

This privacy policy details GEX Monitor’s data collection boundaries, cryptographic storage protocols, and user control rights across account credentials, platform sessions, VIP billing authorization, shared API telemetry, and WebSocket pushes. We enforce strict data minimization and de-identified logging, guaranteeing that your strategy preferences and query trajectories are never monetized or exposed to third parties.

CORE SPECIFICATION DOCUMENTEffective date: May 24, 2026. This policy constitutes the definitive specification regarding data privacy and transport security.

Data Scope

Account email, API credentials, SLA metrics, and secure session tokens

Encryption

SHA-256 credential hashing and end-to-end TLS transit

Third-Party Limits

Zero ad-trackers, zero behavioral profiling, and minimal integrations

Data Rights

GDPR-aligned access, data portability, and the Right to be Forgotten

Scope of Collection, Cryptographic Storage, and De-identification

We adhere to the strict data minimization rule, collecting information based solely on the functional modules you activate. For users browsing public analytical curves and service status pages, we process only de-identified technical session parameters. For API-integrating partners and subscribers, we log only basic account identifiers and routing telemetry.

Every API Key assigned to active quant desks undergoes one-way SHA-256 cryptographic hashing prior to database writing. No plaintext private keys are ever stored in GEX Monitor databases. Subscription billing runs inside isolated sandboxes operated by PCI-DSS compliant payment gateways (such as Stripe); our infrastructure never processes or stores private banking details.

Account Credentials: We store only securely hashed email addresses, session tokens, and subscription timestamps.
Gateway Telemetry: We measure query counts (for SLA limits), response latencies, throttling triggers, and latest usage timestamps.
Notification Bindings: We persist only the secure handshake identifiers required to run real-time push alerts or Telegram bot commands.

Processing Purposes, Security Audits, and Third-Party Transfer Policies

We believe securing trading privacy is a paramount operational requirement for quantitative managers. We process telemetry data for the sole purpose of infrastructure load-balancing, access-control shielding, and dispatching alerts. We promise: our systems contain zero commercial ad-tech SDKs (such as Google Ads or Meta Pixels), and your query parameters are never packaged for behavioural profiling.

If our gateways detect privilege bypass attempts or malicious server-probing, we log routing metadata to initiate automatic IP/Key blocks to protect platform SLA.
We do not share, exchange, or transfer analytical preferences with third-party commercial entities, unless compelled by applicable law, regulatory investigation, or legal process.

Data Retention, Right to Erasure, and Cross-Border Standards

We retain metadata for the minimum timeframe necessary to maintain account security. Under advanced privacy frameworks (such as GDPR), you retain comprehensive rights over your personal data.

Upon receiving an erasure request (Right to be Forgotten), we permanently destroy and zero your registered email, preference cache, and API Key hashes within 7 business days. A minimal set of billing metadata may be retained in de-identified states to comply with financial audits or legal obligations, which will be specified in our response.