Cirqle LTD ("Cirqle", "we", "us") is the data controller of the personal data we process about you when you use the Cirqle platform. We process your data in accordance with the EU General Data Protection Regulation 2016/679 ("GDPR") and the Cyprus Processing of Personal Data Law of 2018.
1. Data we collect
- Account data: email, display name, password hash (or Google account ID), country, preferred currency, phone (optional).
- KYC data: government-issued ID, proof of address, selfie (only when required for higher withdrawal tiers or risk review). Stored encrypted at rest.
- Financial data: deposits, withdrawals, trade history, prop-firm challenge purchases and equity records.
- Communication data: messages you send via the in-app live chat, support emails, AI trade requests.
- Technical data: IP address, device, browser, language, session timestamps and crash logs.
- Cookies: strictly necessary cookies for authentication; functional cookies for theme/currency; no third-party advertising cookies.
2. Why we process it (legal bases)
- Contract performance — to operate your account, process trades, deposits and withdrawals.
- Legal obligation — KYC/AML checks under EU directives.
- Legitimate interest — fraud prevention, platform security, product improvement.
- Consent — optional features (marketing emails, AI-powered analytics).
3. Who we share with
We only share personal data with carefully selected sub-processors:
- Supabase (database hosting, EU region) — under DPA.
- Payhero (Kenya, M-Pesa rails) and CoinPayments (crypto) — only the data needed to settle your transaction.
- Telegram (optional bot linking) — your Telegram user ID and chat ID.
- Lovable AI Gateway — anonymised prompt text only, never your KYC documents.
- Resend / Mailgun (transactional email, if connected) — recipient address and subject only.
We never sell your personal data. We never share it for third-party advertising.
4. International transfers
Where data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses and/or adequacy decisions adopted by the European Commission.
5. Retention
- Account and trade records: retained for 7 years after account closure (AML obligation).
- KYC documents: retained for 5 years after the end of the business relationship.
- Live-chat messages: retained for 2 years.
- Server logs: 90 days.
6. Your rights under GDPR
- Right of access — request a copy of your data.
- Right to rectification — correct inaccurate data.
- Right to erasure ("right to be forgotten") — subject to AML retention obligations.
- Right to restriction and objection.
- Right to data portability — receive your data in a machine-readable format.
- Right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus.
To exercise any of these rights, email cirqle@briceka.com with the subject line "GDPR request". We will respond within 30 days.
7. Security
We use TLS 1.3 in transit, AES-256 at rest, row-level security on every database table, server-seed commit-reveal for the Aviator game, and server-side validation on every trade. Service-role keys are never exposed to the browser and our edge runtime enforces strict origin checks. We perform regular security scans and penetration tests.
8. Children
Cirqle is not directed at children. We do not knowingly collect personal data from anyone under 18. If you believe a minor has registered, contact us immediately and we will delete the account.
9. Changes
We will notify you of material changes at least 14 days before they take effect by in-app banner and email. Continued use after the effective date constitutes acceptance.
10. Contact / Data Protection Officer
Cirqle LTD, Republic of Cyprus
Email: cirqle@briceka.com (mark "DPO" in the subject line).
Questions? Contact cirqle@briceka.com or use the in-app live chat (bottom-left). Cirqle LTD is a company registered in the Republic of Cyprus.