CLEAREX.MARKET
PrivacyTermsGDPRData Protection← Home

Legal

Privacy Policy

Last updated: 11 June 2026
  1. Who We Are & Corporate Identity 1.1. CLEAREX.MARKET operates strictly as an independent, non-profit financial consumer protection institute and data routing intermediary. The Institute’s core mission is to safeguard global retail market participants and maintain financial market integrity through structural threat intelligence, cryptographic analysis, and independent research. 1.2. Our registered identity, corporate address indexes, and legal representation variables are detailed on our Contact page and can be provided on written demand to privacy@clearex.market. 1.3. For all data protection, privacy inquiries, or data subject rights execution, please contact our Data Protection Liaison directly at: privacy@clearex.market.
  2. Territorial Jurisdiction & Service Restrictions (Exemption from GDPR Article 27) 2.1. CLEAREX.MARKET explicitly states that its platform, tools, forums, and user review channels are not directed at, marketed to, or intended for individuals residing within the European Union (EU) or the European Economic Area (EEA). Concurrently, the Platform does not intentionally offer goods or services to, nor does it monitor the behavior of, data subjects within the Union pursuant to Article 3(2) of the EU General Data Protection Regulation (GDPR). 2.2. To enforce this spatial restriction and maintain full compliance, the Platform implements robust technological barriers, including automated geographic IP blocking (geofencing), preventing network access from EU/EEA jurisdictions. Consequently, the Platform is structurally and legally exempt from the statutory requirement to designate a permanent legal representative within the Union under Article 27 of the GDPR. Any attempt by an EU/EEA resident to circumvent these infrastructure-level blocks constitutes a material breach of our Terms of Service and automatically revokes any right to platform access.
  3. Journalistic and Public Interest Mandate (GDPR Article 85 Alignment) 3.1. CLEAREX.MARKET operates concurrently as an independent financial integrity forum and a journalistic intermediary dedicated to public interest and financial consumer safety. By routing evidence-backed and verified consumer reviews, the Platform exercises its rights under Article 85 of the EU GDPR (Processing for Cyber-Security and Journalistic Purposes). Consequently, requests for data erasure ("Right to be Forgotten" under Article 17) initiated by reviewed corporate entities or market actors shall be strictly balanced against the public's right to know, cyber-security emergency responses, and the freedom of information.
  4. Data We Collect, by Service Track We apply strict data minimisation rules across our core application tracks: 4.1. Account Data (All Services): Email addresses are structurally processed exclusively as immutable one-way cryptographic tokens utilizing the SHA-256 hashing algorithm at rest. User accounts operate under a strict Zero-Password Architecture — authentication strictly uses single-use, cryptographic "magic" links sent directly to your verified email address, governed by a fifteen (15) minute expiration lifecycle and immediate one-time invocation burnout. 4.1.1. Magic Link Authentication Telemetry: When a user requests a magic link to authenticate for the purpose of submitting a broker review or interacting with secure pipelines, the Platform temporarily processes the target email address in volatile RAM to generate the cryptographic token. Upon execution of the link within its fifteen (15) minute TTL (Time-To-Live) boundary, the temporary session is bounded to the user’s unique SHA-256 hashed identifier. This process ensures that every submitted review is linked to an authenticated digital identity, in strict compliance with EU DSA Article 20 accountability standards, while preserving the client-side database minimization architecture. 4.2. Account Security Check Infrastructure: When a User initiates a password verification scan, the system enforces a strict client-side cryptographic privacy protocol: Local Hashing: The User's browser computes the complete 40-character SHA-1 cryptographic hash of the input locally within the client-side environment. Prefix Transmission: The browser isolates and transmits strictly the first 5 characters (the prefix) of this 40-character hash to the Platform's infrastructure. API Relay: The Platform relays this 5-character prefix directly to the Have I Been Pwned range API to fetch all matching compromised hash suffixes. Local Matching: The full password, the complete SHA-1 hash, and any intermediate derived values never leave the User's local device and never reach or pass through the Platform's network infrastructure. The definitive comparison and final cryptographic match are performed entirely within the User's local browser memory. Email Breach Lookups: Evaluated transiently within volatile system memory (RAM) directly against our consolidated breach datasets. The submitted email address is structurally excluded from any persistent storage layers and is permanently dropped and completely expunged immediately upon the delivery of the lookup payload to the client. 4.3. Broker Rating & Review System (User-Generated Content): The Platform operates strictly as a neutral hosting provider enabling registered users to share personal trading experiences, ratings (1-5 stars), and reviews regarding third-party brokerage firms. Processing is restricted to display pseudonyms, user-submitted commentary, and optional cryptographic or transactional verification records metadata, processed solely under GDPR Article 6(1)(f) (Legitimate Interests) for platform security and market transparency. The Platform does not solicit, process, or maintain criminal offence data or judicial records under GDPR Article 10. All user-submitted metrics are handled under strict automated Notice-and-Takedown workflows. 4.4. Tools Marketplace: Public display name, encrypted email profiles, transaction logs (items, price metrics, timestamps), seller payout references, dispute logs, and Identity Verification (KYC) status indicators where triggered by security parameters. 4.5. Market News: As this service is entirely free and open-access, no billing details, payment methods, or transactional tracking logs are captured. Processing is restricted exclusively to essential system access logs to detect and combat malicious commercial scraping anomalies. 4.6. Community Forum ("Whisper"): Chosen public display handles, written text inputs, media attachments, and engagement histories (upvotes/downvotes). 4.7. Donation Club System Infrastructure: To operate a transparent mutual support framework, the Platform processes specific operational and financial metrics: Donors Data Processing: Processing is limited strictly to user-elected display choices (anonymous or public pseudonym handles), gift sums, currency selectors, and immutable ledger timestamps. Raw payment processing credentials or bank routing records are never handled or captured by the Platform's infrastructure. Recipients Evaluation & Loss Verifications: Individuals launching funding requests to alleviate catastrophic market liquidations or verified system fraud are required to submit supporting technical documentation (escrow logs, broker ledger balances, account screenshots). This evidence is analyzed under strict privilege-separated administrative isolation to evaluate legitimacy and combat systemic fraud. KYC Metadata Mapping: Payout indices and funding distributions trigger progressive Identity Verification (KYC) compliance status flags under threshold boundaries, processed under GDPR Article 6(1)(c) (Legal Obligation).
  5. Special Categories of Data 5.1. Review text inputs, forum threads, and donation/loss descriptions may naturally contain sensitive categories. We do not actively solicit these sensitive records. We process these data categories strictly on the basis of substantial public interest in defending retail consumers against market manipulation and establishing legal defenses under GDPR Article 9.
  6. Legal Bases for Processing We process personal data matching GDPR Article 6 pillars: Contract Execution: Account provision, marketplace escrow clearings; Legitimate Interests: Security tracking, anti-abuse blocks, proactive defensive threat-intelligence tracking of exposed credentials, and market transparency; Legal Obligation: Enforcing statutory anti-money laundering thresholds, enforcing the $25 marketplace max cap, $50 single donation max cap, and rolling 3-month $500 unverified profile velocity limits; Explicit Consent: Prior authorization for non-essential cookies.
  7. How We Protect Your Data (Technical & System Safeguards) Security is the core operational mandate of CLEAREX.MARKET. Enforcing rigorous, defense-in-depth technical and organizational measures matching the criteria of ISO/IEC 27001 and GDPR Article 32, the Platform deploys the following technical parameters to isolate and shield your personal data footprint: 7.1. Cryptographic Architecture and Passwordless Design: We store zero user account passwords. System access uses exclusively single-use, time-limited cryptographic "magic links" routed directly to verified email boxes, removing standard database compromise vectors. High-risk data rows are processed at the application layer using AES-256-GCM prior to storage. Administrative system access keys are securely hashed using scrypt alongside unique salts. 7.2. PostgreSQL Row-Level Security (RLS): Data isolation is hardcoded at the database engine level. Every active transaction is mathematically restricted to the boundary of the authenticated user's ID, blocking cross-user leakage even if a bugs occurs within the web application code layer.
  8. Data Retention and Erasure Architecture In accordance with GDPR Article 5(1)(e), personal data is structurally sequestered and stored exclusively for the minimum duration required to satisfy strict corporate accounting mandates and international Anti-Money Laundering (AML) directives. Account Core Variables: Erased immediately and permanently upon account deletion under cascade guidelines (DELETE /api/user), subject to the statutory retention exemptions outlined in Section 14 of the ToS. User Reviews and Ratings: Maintained for the active lifecycle of the user account, or until manually deleted post-request, unless flagged for active anti-fraud or dispute mediation investigations under DSA procedures. Non-Retention of Identity (KYC) Data: We do not store physical or digital copies of government-issued ID cards or passports. KYC records are maintained strictly as abstract validation metadata indicators (specifically: verification level and status flags). Upon account closure, these underlying status metadata structures are wiped instantly from our production databases. Donation Club and Financial Transaction Records Exemption: Where a user has executed finalized financial transactions, distributed funds, or verified losses within the Tools Marketplace or Donation Club, all historical escrow ledger entries, gift traces, verified loss supporting documents, and abstract verification status flags shall be securely archived for a mandatory seven (7) year statutory retention period to satisfy compliance with international anti-money laundering (AML) laws, statutory tax codes, and corporate auditing requirements. Archived fiscal trails are systematically decoupled from active production database clusters using privilege-separated administrative isolation.
  9. Your US State Privacy Rights (CCPA/CPRA Compliance) 9.1. You hold the absolute, non-waivable right to restrict data transmission at any time. To exercise this right, you may deploy the automated "Do Not Sell or Share My Personal Information" link located in our platform footer, or signal your preference via a recognized Global Privacy Control (GPC) browser emission.
  10. Cookies, Tracking Technologies, and Consent Architecture (ePrivacy Directive Alignment) 10.1. Telemetry and analytical scripts shall only load and process data after the user has provided an explicit, manufacturing-free, and affirmative action via our interactive Cookie Consent Banner (Opt-In mechanism).

Cookies & Analytics

We use Google Analytics (provided by Google LLC) to measure aggregate traffic — how many people visit and which pages they view — in real time and over time. We never send Google your email address or any personal identifier, and Google Analytics 4 does not store your IP address (it is used only momentarily to derive an approximate country, then discarded). Cross-device and ad-personalisation signals are turned off, so no advertising profile is built.

Google Analytics sets a cookie to recognise returning visits. You can opt out at any time using the Google Analytics Opt-out Browser Add-on or by blocking cookies in your browser. See Google's Privacy Policy.

© 2026 CLEAREX.MARKET. All rights reserved.

PrivacyTermsGDPRData Protection