This Privacy Policy explains what personal information KontrolFX collects when you use our website, the Kontrol EA software, and the member dashboard — and what we do with it. We process personal information in accordance with South Africa's Protection of Personal Information Act (POPIA) and recognised international privacy practices.
01Who We Are
KontrolFX is operated as an individual sole trader based in Johannesburg, Gauteng, South Africa. For the purposes of POPIA, the Responsible Party (data controller) is the operator of KontrolFX.
For all privacy enquiries, contact support@kontrolfx.com.
02Scope
This policy covers personal information collected through:
- The kontrolfx.com marketing website
- The dashboard.kontrolfx.com member portal
- The Kontrol EA software and its license validation, trial activation, and optional Trade Tracker telemetry features
- Email correspondence with our support address
03What We Collect
The table below sets out what personal information we collect and where it comes from:
| Category | What & Why |
|---|---|
| Account | Email address, password hash (bcrypt — never plaintext). Used to authenticate you on the dashboard. |
| License | License key, MT5 account number, machine fingerprint, IP addresses, activation timestamps. Used to enforce license terms and prevent unauthorised sharing. |
| Payment | Transaction confirmations from Yoco (order ID, plan, amount, currency). We never receive or store your payment card details. Yoco handles all card data per their privacy policy. |
| Trial | Email, MT5 account number, browser fingerprint, IP address. Used to issue trial keys, prevent duplicate trials, and detect abuse. |
| EA telemetry | When you enable the Trade Tracker feature: account balance, equity, open positions, P&L, broker name, magic number. Pushed every few seconds from your MT5 to the dashboard server for your own viewing. |
| Support | Email subject, message body, attachments you send. Used to respond to your enquiry. |
| Technical | Server logs (IP, request path, timestamp, user-agent). Standard for any web service; used for security monitoring and debugging. |
04Why We Collect (Lawful Basis under POPIA)
We process personal information on the following lawful bases:
- Performance of a contract — operating the Service you have purchased (license validation, dashboard access, support);
- Legitimate interest — preventing license abuse, fraud detection, security monitoring, service improvement;
- Compliance with law — tax records, regulatory enquiries, court orders;
- Consent — for any optional marketing or non-essential processing, which you can withdraw at any time.
05How We Use It
We use your personal information solely to:
- Provide the Service: issue keys, validate licenses, run the dashboard, deliver software updates;
- Communicate with you: license emails, payment receipts, trial confirmations, password resets, support replies;
- Enforce the Terms of Service: detect license sharing, IP abuse, automated brokerage;
- Improve the Service: aggregate, non-identifying analytics on which features are used;
- Meet legal obligations: respond to lawful information requests, retain tax records.
We do not sell your personal information. We do not share it with advertisers. We do not run advertising networks or marketing trackers on our properties.
06Third-Party Service Providers
We use the following operators (data processors) to deliver the Service. Each processes data only on our instructions, under data processing agreements, and in accordance with applicable privacy law:
| Provider | Purpose |
|---|---|
| Yoco | Payment gateway. Processes card payments, handles recurring billing, and stores card data on PCI-compliant systems on our behalf. |
| Resend | Transactional email delivery (license emails, password resets, support relays). |
| Render | Application hosting (license server, dashboard). |
| Turso | Cloud database (SQLite-compatible) for license and account records. |
| Cloudflare | DNS, CDN, DDoS protection, edge security. |
07International Transfers
Most of our infrastructure operators are based outside South Africa (United States, European Union, United Kingdom). When your data is transferred to these providers, we rely on:
- Data processing agreements binding the operator to confidentiality and POPIA-equivalent protections;
- Standard Contractual Clauses (SCCs) where applicable;
- Hosting in jurisdictions with adequate data protection frameworks.
Where transfers to jurisdictions without equivalent protection occur, they are made only where strictly necessary for service delivery, and with explicit reference in our service contracts.
08Data Retention
We retain personal information only as long as necessary:
- Active accounts: for the duration of your subscription or lifetime license, plus a reasonable wind-down period;
- Billing records: 5 years after the last transaction (SARS tax record requirement);
- License logs: while your license is active, then 12 months for fraud-pattern analysis, then deleted;
- Trial records: 30 days after trial expiry, then deleted on the nightly cleanup;
- Support correspondence: 2 years from last contact;
- Server logs: 90 days.
On request, we can delete identifiable personal data sooner than the above, subject to legal retention obligations that override.
09Security
We protect personal information with:
- Passwords: hashed with bcrypt (10 rounds). Plaintext passwords are never stored, logged, or transmitted;
- Transport: HTTPS/TLS for all connections to our servers;
- Database: hosted on Turso with authentication tokens and access controls;
- Authentication: bcrypt password verification; setup tokens expire after 7 days; reset tokens expire after 1 hour;
- Principle of least privilege: only the operator has administrative access to systems;
- Backups: automated by hosting providers with encryption at rest.
In the event of a data breach affecting your personal information, we will notify you and the South African Information Regulator as required by POPIA, without undue delay.
10Your Rights Under POPIA
As a data subject under POPIA, you have the right to:
- Be informed of what personal information we hold about you;
- Access a copy of that information;
- Correct any inaccurate or incomplete information;
- Delete your personal information where we have no overriding legal obligation to retain it;
- Object to processing in certain circumstances;
- Withdraw consent for processing that relies on consent;
- Lodge a complaint with the South African Information Regulator at inforegulator.org.za.
To exercise any of these rights, email support@kontrolfx.com. We will respond within 30 days, in line with POPIA timeframes. We may need to verify your identity before processing certain requests.
11Cookies
Our properties use only the cookies strictly necessary for the Service to function:
- Session cookies: keep you logged in to the dashboard;
- Cloudflare cookies: security challenge resolution, bot detection, edge caching;
- Functional preferences: remembering your dashboard tab and view selections.
We do not use advertising cookies, cross-site tracking pixels, or third-party marketing analytics tags. You can disable cookies in your browser settings; if you do, parts of the dashboard may not work as intended.
12Children
Our Service is not directed at or intended for use by persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.
13Changes to This Policy
We may update this Privacy Policy from time to time. For material changes affecting how we process your data, we will notify you by email and post a notice on the dashboard. The "Effective" date at the top of this page indicates the latest version.
14Contact
For any questions, requests, or complaints about how we handle your personal information:
- Email: support@kontrolfx.com
- Subject line:
Privacy Request(helps us route quickly)
If you are not satisfied with our response, you may escalate to the South African Information Regulator:
Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Web: inforegulator.org.za
Email: complaints.IR@justice.gov.za
This Privacy Policy is provided in addition to, and does not override, the privacy policies of our third-party operators (Yoco, Resend, Render, Turso, Cloudflare). For complete information about how those providers handle your data, please consult their respective policies.