Privacy Policy
Effective Date: March 8, 2026 — Last Updated: March 8, 2026
1. Introduction
FundaFX ("we," "us," or "our") operates the FundaFX mobile application and associated API services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
By using FundaFX, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.
2. Information We Collect
2.1 Information You Provide
- Email address — provided during account registration, used for account identification, service communications, and password recovery.
- API key credentials — generated upon registration to authenticate your requests to the FundaFX API.
2.2 Information Collected Automatically
- Device tokens — collected with your consent to deliver push notifications via Firebase Cloud Messaging (FCM). You may opt out of push notifications at any time through your device settings.
- API usage data — request counts, endpoints accessed, timestamps, and rate-limit metrics. This data is used for enforcing rate limits, maintaining service quality, and generating aggregated analytics.
- Device and app metadata — device type, operating system version, app version, and locale. Used for compatibility, debugging, and improving the user experience.
- Error and crash reports — collected via Sentry to identify and resolve technical issues. These may include device state, stack traces, and anonymized usage context at the time of an error.
2.3 Information We Do NOT Collect
- We do not collect financial account information, brokerage credentials, or trading data.
- We do not collect precise geolocation data.
- We do not collect contacts, photos, or other personal files from your device.
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide and maintain the Service | Email, API key, device tokens |
| Deliver push notifications | Device tokens |
| Enforce rate limits and subscription tiers | API usage data |
| Diagnose errors and improve reliability | Crash reports, device metadata |
| Communicate service updates | |
| Comply with legal obligations | All data as required |
We do not sell your personal information to third parties.
4. Third-Party Services
We use the following third-party services that may process your data:
4.1 RevenueCat (Subscription Management)
- Purpose: Manages in-app purchases and subscription status.
- Data shared: Anonymous app user ID, purchase receipts (processed by Apple/Google).
- Privacy policy: https://www.revenuecat.com/privacy
4.2 Firebase Cloud Messaging (Push Notifications)
- Purpose: Delivers push notifications to your device.
- Data shared: Device tokens.
- Privacy policy: https://firebase.google.com/support/privacy
4.3 Sentry (Error Tracking)
- Purpose: Monitors application errors and performance.
- Data shared: Anonymized crash reports, device metadata, app version.
- Privacy policy: https://sentry.io/privacy/
4.4 Apple App Store / Google Play Store
- Purpose: Processes payments for subscription purchases.
- Data shared: Purchase transactions are handled entirely by Apple/Google; we receive only subscription status confirmation via RevenueCat.
5. Data Retention
- Account data (email, API key): Retained for the duration of your account. Deleted within 30 days of account deletion request.
- Device tokens: Retained while push notifications are enabled. Removed when you disable notifications or delete your account.
- API usage data: Retained in aggregated form for up to 12 months for analytics. Real-time rate-limit counters expire automatically within 1 hour.
- Error reports: Retained in Sentry for up to 90 days.
6. Data Security
We implement industry-standard security measures to protect your data:
- API keys are stored as SHA-256 hashes; we cannot retrieve your original key.
- All communications between the app and our servers use TLS encryption.
- Database access is restricted to authorized services only.
- Rate limiting protects against abuse and unauthorized access.
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
7.1 All Users
You have the right to:
- Access your personal data by contacting us.
- Correct inaccurate information in your account.
- Delete your account and associated data by contacting us at the address below.
- Opt out of push notifications through your device settings.
7.2 GDPR (European Economic Area Residents)
If you are located in the EEA, you have additional rights under the General Data Protection Regulation:
- Right to portability — receive your data in a structured, machine-readable format.
- Right to restriction — request that we limit processing of your data.
- Right to object — object to processing based on legitimate interests.
- Right to lodge a complaint — with your local data protection authority.
Legal basis for processing:
- Contract performance (providing the Service you registered for).
- Legitimate interests (service improvement, security, analytics).
- Consent (push notifications).
7.3 Japanese APPI
For users in Japan, we comply with the Act on the Protection of Personal Information (個人情報の保護に関する法律). Specifically:
- We clearly specify the purpose of use for all personal information collected.
- We do not provide personal information to third parties without your consent, except as required by law or as described in this policy for service operation (Article 27).
- We respond to requests for disclosure, correction, or deletion of personal information in accordance with APPI requirements (Articles 33-39).
- Cross-border data transfers: Your data may be processed on servers located outside Japan. We ensure that any such transfer complies with APPI requirements for cross-border provision of personal information.
To exercise any of your rights under APPI, please contact us at the address below.
8. Children's Privacy
FundaFX is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.
9. International Data Transfers
Your information may be transferred to and processed on servers located outside your country of residence, including the United States and Japan. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy and applicable law.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy within the app.
- Updating the "Last Updated" date at the top of this document.
- Sending a notification for significant changes (if you have push notifications enabled).
Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
- Email: privacy@fundafx.app
- Subject line: Privacy Inquiry
We aim to respond to all requests within 30 days.
This document is provided in English. A Japanese translation is available upon request.
Last Updated: March 8, 2026