Privacy Policy

Last updated: 15 May 20268 min read
Download PDF

We never sell your data

Dream Options does not sell, rent, or trade your personal information to advertisers or third-party data brokers — ever.

You control your data

Request a full export, correct inaccuracies, or submit a permanent deletion request at any time from your account settings.

Encrypted everywhere

All data at rest is protected with AES-256. Data in transit uses TLS 1.3. Internal access is role-gated and audit-logged.

Contents

01

Information We Collect

Account information. When you register, we collect your email address, a hashed password, and optionally your full name and phone number. This is the minimum required to operate a secure account.

Identity documents (KYC). Regulated operations require us to verify your identity. We collect government-issued ID scans and a liveness check. These are processed by our third-party KYC provider and retained only as long as legally required.

Financial data. We record deposit and withdrawal transactions, trading history, and portfolio positions. This data is necessary to operate the platform and comply with anti-money-laundering (AML) obligations.

Device and usage data. We log IP addresses, browser type, device identifiers, and pages visited. We use this to detect fraud, debug errors, and understand how the platform is used in aggregate.

Communications. If you contact support, we retain the conversation to provide consistent help and to train our support team.

02

How We Use Your Data

We use your data only for purposes that are necessary to provide and improve the platform, or where we have a legal obligation to do so.

  • Authenticating your identity and securing account access.
  • Processing trades, deposits, and withdrawals accurately.
  • Detecting, investigating, and preventing fraud or policy violations.
  • Complying with AML, KYC, and tax reporting obligations in applicable jurisdictions.
  • Sending transactional notifications (trade confirmations, security alerts). You cannot opt out of these — they are necessary for platform safety.
  • Sending optional marketing emails about new features or promotions. You can unsubscribe at any time.
  • Improving platform performance through aggregated, anonymised analytics.

We do not use your data to train external AI models or for profiling that produces legal effects about you.

03

Data Sharing

We do not sell your personal data. We share it only in the following circumstances:

  • Service providers: KYC verification partners, cloud hosting providers, and email delivery services — only the data each provider needs to perform their specific function, under data processing agreements.
  • Legal obligations: When required by court order, regulatory request, or to comply with applicable law. We will notify you unless prohibited from doing so.
  • Business transfers: In the event of a merger, acquisition, or asset sale, your data may transfer to the acquiring entity under equivalent privacy protections.
  • With your consent: Any sharing beyond the above requires your explicit, informed, and revocable consent.
04

Cookies

We use three categories of cookies:

  • Strictly necessary: Session authentication, CSRF protection, and security tokens. These cannot be disabled without breaking the platform.
  • Functional: Remember your preferences (language, chart layout, theme). You can clear these in your browser at any time.
  • Analytics: Aggregated, anonymised data on feature usage. We use a self-hosted analytics tool — no data is sent to Google or Meta.

You can manage cookie preferences via the banner on your first visit, or in Account Settings at any time.

05

Data Security

We take security seriously and implement multiple layers of protection:

  • Data at rest encrypted with AES-256 using hardware security modules (HSMs).
  • All data in transit protected by TLS 1.3 with certificate pinning on mobile.
  • Database access restricted to named personnel with MFA and logged access.
  • Annual third-party penetration tests conducted by an independent security firm.
  • 24/7 intrusion detection and automated incident response.

No security system is infallible. If you suspect your account has been compromised, contact support immediately and we will lock it within minutes.

06

Your Rights

Depending on your location, you may have the following rights under GDPR (EU/EEA residents) and CCPA (California residents):

Access

Request a copy of all data we hold about you.

Correction

Correct inaccurate or incomplete personal data.

Deletion

Request erasure, subject to legal retention requirements.

Portability

Receive your data in a machine-readable format.

Objection

Object to processing based on legitimate interests.

Opt-out (CCPA)

California residents may opt out of any data sale (we conduct none).

To exercise any right, email privacy@dreamoptions.com. We respond within 30 days.

07

International Transfers

Dream Options is incorporated in the Marshall Islands. We process data on servers located in the United States and the European Union. When transferring personal data from the EEA to third countries, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on adequacy decisions where available. A copy of the relevant SCCs can be requested by emailing our DPO.

08

Updates to This Policy

We may update this policy when our practices change or regulations require it. When we make material changes — changes that meaningfully affect your rights or how your data is used — we will email registered users at least 14 days before the change takes effect, and display a prominent notice on the platform. Minor clarifications take effect immediately. The "last updated" date at the top of this page always reflects the most recent revision.

09

Contact for Privacy Matters

Our Data Protection Officer (DPO) oversees all privacy matters. For questions, rights requests, or complaints:

Dream Options DPO

privacy@dreamoptions.com

Trust Company Complex, Ajeltake Road, Marshall Islands MH96960

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Questions about your privacy?

Talk to our Data Protection Officer directly.

Email the DPO