Information We Collect

Running an investment monitoring platform means we need certain information to provide our services effectively. Here's what we collect and why it matters.

Account Information

When you sign up with us, we ask for basic details like your name, email address, and phone number. We also need to verify your identity for regulatory reasons — this includes documentation that proves who you are. It's not our favourite part of the process, but it keeps everything legitimate and secure.

Financial Data

To monitor your investments, we need access to portfolio information, transaction history, and account balances. We don't store your bank login credentials directly — instead, we use secure third-party services that connect to your financial institutions. Think of it as having a read-only view of your accounts.

Technical Information

Like most websites, we automatically collect certain technical data when you visit us. This includes your IP address, browser type, device information, and how you interact with our platform. We use this to improve our services and spot any unusual activity that might signal a security issue.

Data Type	Purpose	Retention Period
Account Details	Service provision, communication	Duration of account + 7 years
Financial Data	Investment monitoring, analytics	Duration of account + 7 years
Technical Logs	Security, troubleshooting	90 days
Communication Records	Support, compliance	3 years

How We Use Your Information

We're not in the business of selling your data or using it for purposes you didn't agree to. Here's what we actually do with the information we collect.

• Provide and maintain your investment monitoring services, including real-time tracking and performance analysis
• Send you important updates about your account, security alerts, and service changes you need to know about
• Improve our platform based on how people actually use it — spotting features that work well and ones that don't
• Comply with legal obligations under Irish and EU financial regulations
• Detect and prevent fraud, security breaches, or other potentially harmful activities
• Respond to your support requests and help resolve any issues you encounter

Data Sharing and Third Parties

We don't hand your information out freely, but we do work with carefully selected partners to provide our services. Here's who might see your data and under what circumstances.

Service Providers

We use third-party companies for things like cloud hosting, payment processing, and customer support tools. These providers only get access to the data they need to do their job, and they're contractually bound to protect your information just as carefully as we do.

Financial Institutions

When you connect your investment accounts, we share authentication tokens with your banks or brokers. This happens through secure APIs that are specifically designed for this purpose. Your financial institutions can see that you've authorized us to access your account data.

Legal Requirements

Sometimes we're legally required to share information with regulatory bodies, law enforcement, or courts. This isn't something we do casually — it only happens when we receive a valid legal request or when we're required to report certain activities under financial regulations.

Business Transfers

If Draxo Fwipu is acquired by another company or merges with one, your information would be part of that transfer. We'd notify you beforehand and explain any changes to how your data is handled.

Your Privacy Rights

Under GDPR and Irish law, you have substantial control over your personal data. These aren't just theoretical rights — we've built systems to make them practical and accessible.

Security Measures

Protecting financial data isn't optional for us — it's fundamental to everything we do. Here's how we keep your information secure.

Encryption

All data transmitted between your device and our servers uses TLS 1.3 encryption. Data stored on our systems is encrypted at rest using AES-256 encryption. This means even if someone gained unauthorized access to our servers, they couldn't read the data.

Access Controls

Only authorized staff members can access user data, and only when there's a legitimate reason. We log every access and regularly audit these logs to spot any unusual patterns. Our team goes through background checks and regular security training.

Infrastructure Security

We host our services with tier-one cloud providers that maintain ISO 27001 certification and undergo regular security audits. Our infrastructure includes firewalls, intrusion detection systems, and automated vulnerability scanning.

Incident Response

We have a documented incident response plan. If we detect a data breach that affects your information, we'll notify you within 72 hours and explain what happened, what data was affected, and what steps we're taking.

Data Retention

We don't keep your data forever. Different types of information have different retention periods based on regulatory requirements and legitimate business needs.

Account information and financial data must be retained for seven years after your account closes — this is required under Irish financial regulations. Technical logs are kept for 90 days unless there's an active security investigation. Communication records are stored for three years to handle any disputes or regulatory inquiries.

When retention periods expire, we securely delete the data. This means overwriting it multiple times so it can't be recovered. For particularly sensitive information, we use certified data destruction services.

International Data Transfers

We primarily store data within the European Economic Area. However, some of our service providers operate globally, which means your data might occasionally be processed outside the EEA.

When this happens, we ensure appropriate safeguards are in place. This usually means using Standard Contractual Clauses approved by the European Commission. These are legal agreements that require overseas providers to protect your data according to EU standards.

We conduct regular assessments of data transfer risks and maintain documentation of all international transfers. If you want specific information about where your data is stored or processed, just ask.

Children's Privacy

Our services aren't designed for anyone under 18. We don't knowingly collect information from minors. If we discover we've inadvertently collected data from someone under 18, we'll delete it promptly.

If you're a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can address the situation.

Changes to This Policy

We update this privacy policy occasionally to reflect changes in our practices, technology, or legal requirements. When we make significant changes, we'll notify you by email and display a prominent notice on our platform.

The "Last Updated" date at the top tells you when the most recent changes were made. We encourage you to review this policy periodically, especially if you haven't looked at it in a while.

Continued use of our services after changes take effect means you accept the updated policy. If you disagree with changes, you can close your account — though we'd obviously prefer to keep you as a customer.

Complaints and Regulatory Contact

If you're not satisfied with how we've handled your privacy concerns, you have the right to lodge a complaint with Ireland's Data Protection Commission. They're the supervisory authority for data protection matters in Ireland.

That said, we'd appreciate the chance to address your concerns directly before you go to the regulator. Often we can resolve issues more quickly through direct communication.