Aurex AI

Privacy Policy

Last updated: January 2026

1. Information We Collect

When you register for and use Aurex AI, we collect several categories of information to provide and improve our services:

Account Information: Full name, email address, phone number, and country of residence. This information is collected during registration and is used to identify your account, communicate with you, and comply with applicable regulations.

MT5 Account Details: Your MetaTrader 5 account number, broker name, and server information. We use read-only investor passwords only — we never request, collect, or store master or trading passwords. The investor password grants us the ability to view your account balance, trade history, and execute trades, but does not permit withdrawals or fund transfers.

Payment Information: Payment records including subscription plan, billing history, and transaction amounts. We do not store full credit card numbers or banking credentials — payment processing is handled by our third-party payment processors who are PCI-DSS compliant.

Usage Data: We automatically collect information about how you interact with the Platform, including pages visited, features used, time spent on the Platform, browser type, device information, and IP address. This data helps us improve the Platform and diagnose technical issues.

2. How We Use Your Information

Your information is used exclusively for the following purposes:

Service Delivery: To create and maintain your account, connect your MT5 account to the trading bot, execute trades on your behalf, and generate performance reports. Without this information, the core functionality of the Platform cannot operate.

Payment Processing: To process subscription payments, manage billing cycles, send payment receipts, and handle refund requests in accordance with our Refund Policy.

Communication: To send service-related communications including account verification emails, password reset links, subscription confirmations, billing notifications, trade performance summaries, and responses to your support inquiries. We may also send occasional product updates or promotional materials — you may opt out of marketing communications at any time.

Platform Improvement: To analyze usage patterns, identify bugs, improve user experience, and develop new features. This analysis is performed on aggregated and anonymized data whenever possible.

3. Data Storage & Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS 1.3) and at rest (AES-256), secure server infrastructure with regular security audits, role-based access controls limiting employee access to personal data, and continuous monitoring for suspicious activity.

MT5 credentials are stored encrypted using strong encryption algorithms. Account passwords are hashed using bcrypt with appropriate salt rounds and are never stored in plain text. While we take commercially reasonable precautions, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data. In the event of a data breach that affects your personal information, we will notify you promptly in accordance with applicable data protection laws.

4. Data Retention

We retain your personal information for as long as your account remains active or as needed to provide you with the Platform's services. If you close your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain certain information for longer periods to comply with legal obligations (such as tax and financial record-keeping requirements), resolve disputes, or enforce our agreements. Trade history records may be retained in anonymized form for analytical and product improvement purposes even after account deletion.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your data only in the following limited circumstances:

Service Providers: With trusted third-party vendors who perform services on our behalf, including payment processors, cloud hosting providers, email delivery services, and analytics platforms. These providers are contractually bound to use your data only as necessary to provide services to us and are required to maintain appropriate security measures.

Legal Compliance: When required by applicable law, regulation, legal process, or governmental request. We will make reasonable efforts to notify you before disclosing your information in response to such requests, unless prohibited by law.

Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email or a prominent notice on the Platform of any change in ownership or use of your personal information.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data: the right to access and receive a copy of the personal data we hold about you; the right to request correction of inaccurate or incomplete data; the right to request deletion of your personal data under certain circumstances; the right to restrict or object to the processing of your personal data; the right to data portability, allowing you to obtain and reuse your data for your own purposes; and the right to withdraw consent at any time where we rely on consent to process your data.

To exercise any of these rights, please contact us at info@nftbox.online with the subject line "Data Privacy Request." We will respond to your request within 30 days and may require verification of your identity before processing certain requests. You also have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.

7. Cookies & Tracking

The Platform uses essential cookies and similar tracking technologies to maintain your session, remember your preferences, and ensure the security and proper functioning of the service. These essential cookies do not require your consent. We may also use analytics cookies to understand how visitors interact with the Platform and improve our services. You can control cookie preferences through your browser settings, though disabling essential cookies may affect the Platform's functionality. We do not currently use third-party advertising cookies or tracking pixels for behavioral advertising purposes.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction. When we transfer data across borders, we implement appropriate safeguards such as standard contractual clauses and ensure that recipients provide an adequate level of protection for your personal data in accordance with applicable law.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will notify you via email or through a prominent notice on the Platform at least 30 days before the changes take effect. The date at the top of this page indicates when the policy was last revised. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.