Privacy policy

GemiFX is operated by EZCA (the "Company", "we", "us"). This policy covers the GemiFX marketing website (gemifx.com) and the GemiFX iOS application (the "App").

Contact for privacy matters: [email protected].

Account data. Email address, display name, and a unique user identifier (Firebase Authentication UID) when you sign in with Email, Apple, or Google. If you sign in with Apple using "Hide My Email", only the relay address is stored.

Device and usage data.When you use the App, Firebase Analytics automatically collects a device identifier (Firebase Installation ID and Identifier for Vendor), app version, OS version, screen views, and interaction events (e.g. "bot_created", "screen_view") so we can understand which features are used. Google Analytics for Firebase derives a coarse, country/region-level location from the IP address; precise location is never collected.

Diagnostics. Crash logs and performance metrics from Firebase, used solely to diagnose and fix bugs.

Broker credentials. If you connect a broker via API key, the key and secret are stored on your device in the Apple Keychain (encrypted, biometric-protected). They are transmitted to our server over TLS only when you trigger a connect/trade action and are never shared with third parties.

Trading activity. Bot configurations, simulated and real trade events, and aggregate statistics that are required to run your automated strategy.

We don't collect your broker login password (only API keys you generate yourself). We don't collect precise location, contacts, photos, microphone, health data, browsing history, or biometric data. We don't use the App or website to track you across other companies' apps or websites; the iOS app does not show an App Tracking Transparency prompt and does not include NSUserTrackingUsageDescription.

To provide and operate the service (run your strategy, show you your accounts and trades), to authenticate you, to communicate with you about the service, to diagnose crashes and improve performance, and to understand which features are used so we can improve the product. We do not use your data for advertising, ad targeting, or profiling.

We use the following processors. Each receives only the data necessary to perform its function and acts under our written instructions.

• Google LLC— Firebase Authentication, Firebase Analytics (Google Analytics for Firebase), Firebase Crashlytics, and Google Sign-In. Receives email, display name, user ID, device ID, IP address (used to derive coarse location), product interaction events, crash reports, and performance metrics. See Google's Firebase privacy and security documentation.
• Apple Inc. — Sign in with Apple, App Store / StoreKit subscriptions, and Keychain (on-device only). Apple receives only what is required to authenticate you and process App Store purchases.
• Vercel Inc. — hosts the marketing website and serverless API endpoints.
• Cloudflare, Inc. — DNS for gemifx.com.
• Your broker— receives the orders and account queries you initiate. We do not control your broker's privacy practices; please consult their policy.

We do not sell personal data and do not share it for cross-context behavioural advertising. We do not use Facebook Pixel, advertising trackers, or any third-party advertising cookies.

Broker API keys are stored on your device in the Apple Keychain. Server-side records are encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to authorised engineers and audited.

Account data is retained while your account is active. You can delete your account at any time from Settings → Account → Delete Account in the iOS app, which removes your Firebase Authentication record and trading data. Backup copies are purged within 30 days. Anonymised aggregate statistics may be retained indefinitely.

Our processors (Google, Apple, Vercel, Cloudflare) operate globally and may process data in the United States and other jurisdictions. Where required, transfers from the EEA / UK rely on Standard Contractual Clauses or equivalent safeguards.

The website uses one essential session cookie (__session) to keep you signed in. It is required for authentication and is not used for analytics or advertising. The website does not set tracking, advertising, or analytics cookies.

Your browser stores a single preference key (gemifx-cookie-consent-v1) in localStorage to remember that you have seen the cookie notice. This is not a cookie and is not transmitted to any server.

The iOS app does not display web cookies in its main UI. When the app opens our Terms or Privacy pages in an in-app browser, only the essential session cookie above may be set, and only if you sign in.

Depending on your jurisdiction (including the EEA, UK, and California), you may have the right to access, correct, delete, port, or restrict processing of your personal data, and to object to processing or withdraw consent. To exercise these rights, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

The App and website are not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children.

We'll notify registered users about material changes at least 30 days in advance via email or in-app notice.