Privacy Policy

Effective date: 1 March 2026 · Last updated: March 2026

Trading gold (XAU) and other financial instruments involves significant risk of loss. Past performance is not indicative of future results. This is not financial advice.

1. Who We Are

This Privacy Policy describes how AutoXAU, a sole proprietorship registered in Malaysia operating under the brand name AutoXAU ("we", "us", "the Company"), collects, uses, stores, and protects your personal information when you use our website and services at autoxau.com ("the Service").

2. Information We Collect

We collect only the minimum information necessary to provide the Service:

  • Account Information: Your name (or display name), email address, and country when you register.
  • Authentication Data: Hashed password, session tokens. We never store your password in plain text.
  • Usage Data: Pages viewed, features used, timestamps, IP address, browser type, and device information collected automatically via server logs and essential analytics.
  • Communication Data: Any messages or support requests you send to us.

Payment Information: Payments are processed by Stripe. We do not store your credit card number, CVV, or full payment details on our servers. Stripe handles all payment data under their own Privacy Policy and PCI DSS compliance. We only receive a transaction reference, subscription status, and billing email from Stripe.

3. How We Use Your Information

We use your information for the following purposes:

  • To create and manage your account and subscription.
  • To deliver trading signals and service notifications.
  • To process payments and manage billing (via Stripe).
  • To respond to your support requests and communications.
  • To improve and maintain the Service (aggregated, anonymised analytics).
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data on the following bases:

  • Contract: Processing necessary to perform our contract with you (account management, service delivery).
  • Legitimate Interest: Service improvement, fraud prevention, and security.
  • Consent: Where you have given explicit consent (e.g., marketing emails, if applicable).
  • Legal Obligation: Where required by applicable law.

5. Data Sharing & Third Parties

We may share limited data with the following categories of third parties:

  • Stripe: Payment processing. Receives billing email and payment details you provide directly to Stripe.
  • Infrastructure Providers: Cloud hosting and CDN providers who process data on our behalf under data processing agreements.
  • Legal Authorities: If required by law, court order, or government request.

We do not share your data with advertisers or data brokers.

6. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest.
  • Hashed and salted passwords (bcrypt).
  • HttpOnly, Secure cookies for session management.
  • Server-side authentication and authorisation guards.
  • Regular security reviews and dependency updates.

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for up to two (2) years from your last account activity or subscription end date, whichever is later. After this period, your data will be permanently deleted or anonymised.

Specific retention periods:

  • Account data (name, email): Up to 2 years after account closure or last activity.
  • Usage logs: Up to 12 months, then aggregated/anonymised.
  • Billing records: As required by Malaysian tax and accounting law (typically 7 years for financial records), stored with Stripe.
  • Support correspondence: Up to 2 years after resolution.

8. Cookies

We use essential cookies for authentication and session management. These cookies are necessary for the Service to function properly and cannot be disabled. We do not use cookies for advertising or third-party tracking.

9. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Export / Portability: Request a machine-readable export of your data.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at support@autoxau.com. We will respond within 30 days of receiving your request.

10. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child under 18, we will delete it promptly.

11. International Data Transfers

Your data may be processed on servers located outside Malaysia (e.g., cloud infrastructure in Singapore or the United States). Where data is transferred internationally, we ensure appropriate safeguards are in place, including data processing agreements with our providers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the Service at least 14 days before taking effect. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

13. Contact Us

For questions about this Privacy Policy or to exercise your data rights, please contact us at:

AutoXAU
Email: support@autoxau.com
Country: Malaysia