Privacy Policy

Elysium Trade (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Platform at elysiumtrade.cfd.

We operate under MISA License BFX2025124 and comply with applicable data protection requirements.

2.1 Data you provide directly:

• Email address (required for registration)
• Password (stored as irreversible cryptographic hash — bcrypt)
• Identity documents (KYC — only when required for higher withdrawal tiers)
• Wallet addresses (for withdrawal processing)
• Communication with our support team

2.2 Data collected automatically:

• IP address (for fraud prevention and regulatory compliance)
• Browser type and version
• Device information
• Login timestamps and session data
• Trading activity and transaction history

2.3 Data we do NOT collect:

• We do not use advertising cookies or third-party tracking pixels
• We do not sell your data to third parties
• We do not use social login (no Google/Facebook OAuth)

We process your personal data for the following purposes:

4.1 User data is stored on servers hosted by Railway (railway.app), located in the United States (AWS infrastructure). By using our Platform, you consent to this transfer.

4.2 All data is encrypted in transit using TLS 1.2 or higher.

4.3 Passwords are never stored in plaintext — only bcrypt hashes (cost factor 12).

4.4 Session tokens use SHA-256 hashing with secure, HttpOnly cookies.

4.5 We implement rate limiting, brute-force protection, and multi-factor authentication (TOTP + Email OTP) to protect accounts.

4.6 We retain transaction records for a minimum of 5 years as required by AML regulations.

We do not sell, rent, or share your personal data with third parties except:

• Infrastructure providers: Railway (hosting), Resend (transactional email)
• Legal obligation: When required by applicable law or regulatory authority
• Fraud prevention: Sharing with law enforcement when there is evidence of criminal activity

All third-party providers are subject to data processing agreements and are contractually obligated to maintain data security.

We use only strictly necessary cookies for:

• Session management (authentication token)
• Security (CSRF protection)

We do not use advertising, analytics, or tracking cookies. No cookie consent banner is required as we only use functional cookies.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of your data (subject to regulatory retention requirements)
• Portability: Request your data in a machine-readable format
• Objection: Object to processing based on legitimate interest

To exercise any of these rights, contact us at: privacy@elysiumtrade.cfd. We will respond within 30 days.

Our Platform is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, contact us at privacy@elysiumtrade.cfd and we will delete the account immediately.

We may update this Privacy Policy periodically. Material changes will be communicated by email or notice on the Platform. Continued use of the Platform after changes constitutes acceptance.

For privacy-related inquiries:

Email: privacy@elysiumtrade.cfd

License: MISA BFX2025124