Security and privacy

The Company recognises the importance of protecting the client's personal and financial information.

All the information that the Company obtains about the client assists the Company in servicing the client and the client's account. The Company knows that the client may be concerned about what the Company does with this information.

The Company has outlined the Company's privacy practices for the client as follows:

Use of information

The Company operates in full compliance with the General Data Protection Regulation (GDPR) and other applicable Data Protection laws. These regulatory measures place obligations on users of personal data like the Company. They also lay down the principles for fair and lawful processing of all the information that the Company acquires.

It is the Company's commitment to safeguard the client's privacy online at all times. The Company only uses the client's personal information to help the Company service the client's account, to improve the Company's services to the client, and to provide the client with products that the client has requested. The Company does not sell the client's personal information to third parties, but the Company may provide it to payment providers to facilitate transactions on the client's account.

The client's personal information is used primarily as a way of validating the client as the legitimate account owner and proper recipient of withdrawal payments. The Company also uses this information to process the client's trades. The Company collects from the client all personal and financial data directly relating to the client when the client fills in the Company's account opening form. In all instances, the client has either a legal or a contractual obligation to provide the Company with the information. If such information is not provided, the Company will be unable to provide the client with its services.

The Company reserves the right to request further information from the client whenever deemed appropriate under the circumstances. For example, the Company may ask the client to send the Company additional acceptable documents to confirm the authenticity of the client's account details or of any withdrawal request.

The client agrees that when using the Live Chat feature on the Company website and applications, all personal information that the client enters in the chat channel, including but not limited to the client's first name and email address, is processed by the Company and stored in the Company's databases.

The Company holds all the personal data that the Company collects from the client with due diligence and only processes them for purposes as required or allowed by law. This includes the process of obtaining and sharing of certain information with third parties for credit or identity checks to comply with legal and regulatory obligations. In certain cases, the Company may process the client's data to fulfill the Company's contractual obligations with the client.

The Company also collects basic tax residence information for the purposes of CRS/FATCA compliance. The tax information that the client provides may only be disclosed to the authorities who are legally charged with collecting this information for CRS/FATCA reporting, and will only do so to the extent that it is legally obliged to collect it from the clients and disclose it to the authorities. The Company does not use, disclose, or process this information in any other way at any time.

The client may update the client's personal information at any time by logging in to the "Settings" section of the client's account. It is the client's responsibility to ensure that is promptly and continually informed of any change in the client's personal information. The client should note that if the client provides the Company with inaccurate information, or if the client fails to notify the Company of any changes to the information previously supplied by the client, this may adversely affect the quality of the services that the Company can provide.

Profiling and categorisation

The Company collects and assesses the client's data to profile the client in relation to the Company's products. The Company does this manually with the assistance of automated processing. By categorisation, the Company will be able to provide the most appropriate products and services to the client.

Cookies and device information

Cookies are small text files stored on computer drives and are widely used in order to make websites work and to improve the user experience. All recent versions of browsers give the client a level of control over cookies. The client can delete all cookies that are already on the client's computer, and the browser can be set to prevent them from being placed. However, if the client chooses not to receive the Company's cookies, the full usability of the Company's website may be adversely affected.

The client should note that the Company's website generates log files that record the IP addresses of accesses to the client's account, login attempts, and device information such as the manufacturer, model, operating system, and browser. This information is gathered for the sole purpose of providing assistance with investigating a client's account in the unlikely event that the account is accessed by unauthorised users. Information supplied by some cookies also helps the Company understand how visitors use the website, so that the Company can improve how it presents its content.

The Company's cookies are not deemed dangerous and cannot access any other information on the client's computer.

By using or interacting with the website, the client is giving permission to the use of the Google Analytics User ID Feature, which allows Google to capture the client's login ID such as VRTC1234 and MT1234. When this feature is enabled, no personally identifiable information other than the client's login ID, or other data that can be linked to such information by Google, is shared with or disclosed to Google.

To provide the client with a better experience, some of the services offered by may require permission to access the client's cloud storage services, such as Google Drive, to save or load DBot trading strategies. In such instances

  • The Company does not store any data related to the client's cloud storage service on any of the Company's servers. All files are downloaded on the client's local machines.
  • The Company does not share any data related to the client's cloud storage service with anyone.
  • The Company only accesses the client's cloud storage when the client's action initiates it. Clients can disconnect their storage service at any time.

Transfer of data

The Company may also transfer relevant personal and financial data to any company within the Deriv Group companies. This includes any of the Company's business associates or payment providers within or outside of the EEA, including countries that might not offer an equivalent level of protection of personal data. In all instances, the Company places a contractual obligation on such third parties to offer the same level of rights and protection as stipulated in the GDPR.

The client also has the right to request copies of any personal information that the client has provided to the Company and to request that the Company transmit such information to other service providers.


When the client opens an account with the Company, the Company will request the client's consent for the distribution of marketing materials to the e-mail address that the client provides to the Company upon sign-up.

Right to object

The client has the right to object to the direct distribution of marketing materials. This can be done by either not providing the client's consent to any marketing material before the service is rendered or revoking it at any point during the service. In both cases, the Company will refrain from distributing marketing materials to the client.

Access to personal data

Access to the client's personal data is strictly prohibited, with the exception of key personnel and only as needed for the performance of their duties.

If is legally required to disclose the client's personal or financial information by law, regulation, or pursuant to the order of a court of competent jurisdiction or a governmental agency, the Company will promptly notify the client, as it deems appropriate, to give the client the opportunity to seek protection for the information. The Company will do so unless legally prohibited. Such required disclosure shall not be interpreted as a breach of this terms and conditions agreement.

The client also has the right to request that the Company copy, modify, or remove the client's personal information as long as such actions do not breach any legal or regulatory obligations that the Company may have.

Data retention

If the client chooses to close the client's account, the client's data will be kept only until the Company's legal and regulatory obligations on data retention are met. The Company will delete the client's data once the applicable retention period expires.

Security statement

Taking the following measures, the Company is committed to making sure that the client's personal data and transactions are secure:

  1. The client's password and login ID are unique, and passwords are hashed so that not even staff can read them. This is the reason why the Company cannot retrieve the client's password and has to issue the client with a new one, sent to the client's email address, if the client cannot recall it.
  2. The Company maintains customer balances in cash or cash equivalent. The Company ensures that 100% of each customer's balance is available for immediate withdrawal, subject to verification.
  3. All credit card details are submitted directly to the Visa/Mastercard network using the latest SSL encryption technology, in accordance with bank policies.
  4. The Company's information security policies are based on industry best practices in access control and business continuity.
  5. The Company uses identity verification services and real-time fraud detection measures to help protect the client from unauthorised access to the client's account. The Company also monitors account activity for signs of unusual activity that might indicate fraud and work with collection and law-enforcement agencies to address fraud issues.
  6. The responsibility for the security of the client's login credentials, any linked email address, and any personal device on which the client's account is accessible lies solely with the client. The Company shall not be held responsible if there is unauthorised use of the account when the Company is not at fault.
  7. Whether the client uses a shared device or the client's own device in a public place either offline or on public WiFi, doing so might put the information that the client enters or receives in danger of being captured. To protect data in such cases, it is the clients' responsibility to take the following precautions and educate themselves on other security measures they can take:
    • Not sending or receiving private information unless a secure webpage is being used (preferably, use a secure, encrypted Virtual Private Network (VPN)
    • Making sure of having effective and updated antivirus/antispyware software and firewall in place before using public WiFi
    • Not leaving devices unattended
    • Avoiding financial transactions that might reveal valuable passwords or personal information such as credit card numbers
    • Using browser tools to delete files and cookies and clearing browsing history
    • Not saving login credentials on a shared device
    • Logging out of account-based websites at the end of the session


The Company's website contains links to other websites and may contain banner or icon advertisements related to third-party websites. These websites and their advertisements may submit cookies to the client's web browser, which is beyond the Company's control. The Company is not responsible for the privacy practices or the content of such websites. The Company encourages the client to read the privacy policies of these websites because their practices may differ from the Company's.

Notification of changes

Any changes in the Company's privacy policy or security statement will be posted on this website. For any material changes that directly affect the economic use of the client's personal information, the Company will request the client's prior authorisation in writing before effecting such changes on the client's account.

The client also has the right to request that the Company inform the client about the personal data that the Company processes about the client and to provide its correction where necessary.