Legal
Privacy policy
Last updated: May 2026
What we collect
- Account data: email, hashed password, optional 2FA secret, optional name and country if you provide them.
- MT5 credentials: broker, server, login number, and trading password. The trading password is encrypted at rest using AES-256-GCM with a key held server-side.
- Operational logs: request timestamps, IP addresses, and session identifiers used for security and abuse prevention.
- Referral data: if you arrived via a referral link, we store the referrer code for attribution.
How we use it
We use your data to operate the service: authenticating your login, encrypting and forwarding trading credentials to the AI engine, sending account-related email, and investigating security incidents. We do not sell personal data, and we do not use it for third-party advertising.
Who we share with
We share only what is necessary to operate the service. That includes our email provider (transactional email delivery), our infrastructure provider (hosting the application and database), and the trading engine itself (placing orders on your behalf). We will share information if required to do so by law.
Security
Passwords are hashed with Argon2id. MT5 trading passwords are encrypted with AES-256-GCM. Sessions use opaque tokens stored as SHA-256 hashes server-side. We do not store plaintext credentials at any layer. Even with this care, no system is impenetrable — please use a unique, strong password for your x9.broker account.
Cookies
We use a small number of strictly-necessary cookies: a session cookie to keep you logged in, and an optional referral cookie to attribute signups to the link that brought you. We do not use third-party analytics or advertising cookies.
Your rights
You can request a copy of your data, ask us to correct inaccuracies, or request deletion at any time. Deleting your account removes your portal record and your stored MT5 credentials; trading history on your broker is unaffected.
Contact
Privacy questions or data requests? Contact us.
