Your trading account is ready...
Effective Date: April 20, 2024
These Terms of Service (the “Agreement”) constitute a legally binding contract between you (“you,” “your,” or “User”) and Fortune Trade (“Fortune Trade,” “we,” “us,” or “our”), governing your access to and use of the Fortune Trade platform, including the website, mobile applications, APIs, trading interfaces, digital wallets, and all related services (collectively, the “Platform”). By registering an account, accessing the Platform, or using any Service, you acknowledge that you have read, understood, and unconditionally agree to be bound by this Agreement, our Privacy Policy, our Compliance Program, and any supplemental terms, fee schedules, trading rules, or operational guidelines that we publish or display during deposit, withdrawal, trading, swapping, staking, verification, or other workflows (together, the “Supplemental Terms”), all of which are incorporated herein by reference. If you do not agree to every provision of this Agreement, you must not create an account, fund an account, or otherwise interact with the Platform.
1.1. Formation of Agreement. An account with Fortune Trade is created when you complete the registration process and accept these Terms. A funded account is created when you successfully deposit digital assets or fiat currency into a wallet designated by the Platform. Any use of the Platform—whether by logging in, placing a trade, executing a swap, participating in a promotion, contacting support, or initiating any transaction—further affirms your acceptance of the then-current version of these Terms. The Agreement remains in full force and effect until terminated in accordance with Section 8.
1.2. Scope of Services. Fortune Trade provides a hosted digital asset platform that allows eligible users to deposit, withdraw, trade, convert, and monitor certain digital assets and, where available, fiat currencies. Services may vary by jurisdiction and are subject to geolocation controls, regulatory licensing, and internal risk assessments. We do not provide investment management, fiduciary services, financial planning, tax counseling, legal advice, or any form of discretionary account management. Any market data, research, signals, commentary, or analysis made available through the Platform is purely informational and does not constitute a recommendation or solicitation.
1.3. Changes to the Agreement. We reserve the right to modify, amend, or replace any part of this Agreement or the Supplemental Terms at any time. Material changes will be communicated through the Platform, via the email associated with your account, or through other reasonable notice channels at least fifteen (15) calendar days before the changes take effect, unless a shorter period is required by law or due to an immediate security, compliance, or operational need. By continuing to use the Platform after the effective date of any change, you accept the revised terms. If you do not agree, you must cease all use and close your account before the changes become effective.
2.1. Eligibility Requirements. You represent and warrant that: (a) you are at least eighteen (18) years of age, or the age of majority in your jurisdiction, whichever is higher; (b) you have the legal capacity and authority to enter into this Agreement; (c) your use of the Platform does not violate any applicable law, regulation, ordinance, or court order to which you are subject; (d) you are not a resident of, located in, or acting on behalf of a jurisdiction that is subject to comprehensive economic sanctions imposed by the United States, the European Union, the United Kingdom, the United Nations, or any other authority that governs our operations; (e) you are not identified on any government-issued list of sanctioned, restricted, or debarred persons, including the Specially Designated Nationals and Blocked Persons List (SDN) maintained by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), the Consolidated List of the United Nations Security Council, or similar lists; (f) you have not been previously suspended, banned, or terminated from using the Platform; and (g) you are not using the Platform on behalf of any third party unless expressly authorized in writing by Fortune Trade under a separate institutional or sub-account agreement.
2.2. Accurate Registration Data. All information you provide during registration, verification, or any subsequent interaction must be truthful, complete, accurate, and kept up to date. This includes, but is not limited to, your legal name, residential address, email address, telephone number, date of birth, government-issued identification details, tax identification numbers, and any information about the source of funds or source of wealth that we may request. If any of your information changes, you must update it through the Platform within five (5) business days. You are solely responsible for any consequences arising from outdated, false, or misleading information, including transaction delays, account restrictions, or permanent closure.
2.3. Enhanced Documentation Requests. As part of our risk-based compliance program, we may request additional identification documents, proof of address, utility bills, bank statements, salary slips, tax returns, corporate formation documents, trust deeds, ownership structure charts, or other materials before enabling specific account functionalities—such as higher withdrawal limits, fiat currency services, API access, or institutional features. We may also ask you to participate in a video verification call, provide a selfie with a government ID and a handwritten sign, or answer questionnaires about your trading experience and financial sophistication. Failure to provide satisfactory documentation within the timeframe we specify may result in service limitations or account suspension.
3.1. Ongoing Screening. All accounts are subject to continuous Know‑Your‑Customer (“KYC”), Anti‑Money Laundering (“AML”), Counter‑Terrorist Financing (“CTF”), sanctions, fraud, source‑of‑funds, and jurisdictional reviews, both before and after activation. We use internal controls, third‑party screening providers, blockchain analytics tools, and watchlist databases to detect, prevent, and report prohibited activity. By using the Platform, you consent to such screening and agree not to take any steps designed to obscure or misrepresent your identity, location, or transaction patterns.
3.2. Prohibited Uses. You may not, under any circumstances, use the Platform for unlawful, abusive, or harmful purposes. Prohibited activities include, but are not limited to: (a) money laundering, terrorist financing, sanctions evasion, or any conduct designed to conceal the origin or destination of funds; (b) fraud, phishing, impersonation, identity theft, or deceptive solicitation; (c) account sharing, credential leasing, or selling access to your account to any third party; (d) high‑frequency algorithmic trading, latency arbitrage, or automated order entry systems that excessively consume Platform resources without our prior written consent; (e) market manipulation practices, such as wash trading, spoofing, layering, painting the tape, front‑running, or any act that creates a false or misleading impression of market activity; (f) attempts to bypass security, payment, or withdrawal controls, including the use of VPNs, proxy networks, Tor, geolocation spoofing, or device spoofing to circumvent jurisdictional restrictions; (g) distribution of malware, viruses, or any code intended to damage the Platform or other users; (h) harvesting or scraping data from the Platform beyond what is explicitly permitted through our API terms; and (i) any activity that, in our sole judgment, compromises the security, integrity, or reputation of Fortune Trade or could expose us to legal liability or regulatory action.
3.3. Internal Investigations and Disclosures. We may, at any time and without prior notice, place temporary or permanent restrictions on an account, freeze assets, or suspend access if we detect suspicious activity, receive a lawful subpoena or order from a governmental authority, or determine in our sole discretion that continued use presents an unacceptable compliance, legal, or reputational risk. We reserve the right to report suspicious transactions to the relevant financial intelligence unit, law enforcement, or regulatory body and to provide information about your account in response to valid legal process. Except where prohibited by law, we will attempt to notify you of any such actions via the email address on file; however, we are under no obligation to provide details that could compromise an ongoing investigation.
4.1. Nature of Quotes and Data. All price quotes, order books, charts, candlestick data, depth‑of‑market visualizations, market‑cap figures, percentage changes, gauges, signals, and any other data displayed on the Platform (collectively, “Market Data”) are provided for informational purposes only. Market Data may be derived from internal matching engines, external liquidity providers, third‑party data aggregators, or a combination thereof. It may be delayed, inaccurate, incomplete, or subject to interpolation during periods of network congestion, API outages, or other technical disruptions. You should not rely solely on the Platform’s display when making trading decisions, and you are encouraged to verify prices against independent sources.
4.2. Order Handling and Execution. When you submit an order—whether a market order, limit order, stop order, trailing stop, or any other order type we offer—you authorize us to execute that order according to the prevailing market conditions, the liquidity available on our internal order book and connected liquidity venues, and the order fulfillment rules published in our Trading Rules supplement. We do not guarantee that any order will be filled, filled at the displayed price, or filled without slippage, gapping, or partial execution. Execution quality and timing are influenced by factors outside our control, including blockchain network congestion, latency in third‑party data feeds, market volatility, and the speed with which other participants place competing orders.
4.3. Service Interruptions and Self‑Managed Trading. The Platform is provided on an “as is” and “as available” basis. We do not warrant uninterrupted, error‑free, or secure access, and we may experience service outages for maintenance, upgrades, cyber‑attacks, force majeure events, or unexpected technical failures. During any outage, you may be unable to place, modify, or cancel orders, monitor positions, or withdraw assets. You are solely responsible for managing your own risk, including the use of stop‑loss orders (which are not guaranteed execution mechanisms), position sizing, and contingency plans for when the Platform is not reachable. We will never instruct you to reverse or cover losses, and we do not offer any form of loss compensation, trading rebate, or profit guarantee.
4.4. Rejection and Suspension of Orders. We reserve the right to reject, cancel, or reverse any order that we reasonably believe violates this Agreement, would exceed your available balance, exploits a technical bug or mispricing, or would trigger a market disruption event. In extreme market conditions, we may temporarily halt trading activity for certain instruments, impose price bands, or limit the types of orders accepted, all without prior notice. You remain liable for any executed trades that occur before cancellation or suspension takes effect.
5.1. Asset Selection and Network Compatibility. You are entirely responsible for selecting the correct asset, blockchain network, protocol version, and any required memo, destination tag, payment ID, or reference code (collectively, “Transaction Identifiers”) for every deposit or withdrawal transaction. The Platform may support deposits and withdrawals on multiple networks (e.g., ERC‑20, TRC‑20, BEP‑20) for the same underlying asset, and choosing an unsupported or incompatible network will likely result in total and permanent loss of funds. Before initiating any transaction, you must verify that the address, network, and Transaction Identifiers you are using match exactly those displayed in the Platform’s deposit or withdrawal interface. We cannot, and do not, recover assets sent to the wrong address, the wrong network, or a contract address that is not under our control.
5.2. Transaction Delays, Reversals, and Declines. Deposits and withdrawals are processed on a best‑efforts basis. We may delay, reverse, or decline a transaction if: (a) the information you provided is incomplete, inaccurate, or inconsistent with your verified identity; (b) the originating address or destination address appears on a sanctions list or is flagged by our blockchain analytics providers as high‑risk (e.g., associated with darknet markets, ransomware, or mixers); (c) the transaction exceeds a predefined risk threshold or is part of a pattern of unusual activity; (d) we are required to obtain additional verification under applicable AML/CTF regulations; or (e) a court, law enforcement agency, or regulatory authority issues a valid order requiring us to freeze or redirect the assets. We will use reasonable efforts to notify you of any such delay or decline, but we are not required to disclose the specific risk indicators that triggered the action.
5.3. Irreversible Mistakes and User Responsibility. Blockchain transactions are, by nature, irreversible once confirmed on the underlying ledger. Errors involving unsupported networks, incorrect destination details, misspelled wallet addresses, missing memos, or sending tokens to contract addresses that are not designed to receive them may result in the irretrievable loss of your assets. You acknowledge and accept that Fortune Trade bears no liability for losses arising from user‑initiated mistakes, and you waive any right to seek compensation or restitution from us in such events. We recommend sending a small test amount before executing large transfers.
5.4. Custody and Ownership. Digital assets held on the Platform in your account are reflected in an internal ledger balance that represents your entitlement to the underlying assets held in our omnibus wallets. Title to the digital assets remains with you, free of any security interest, lien, or encumbrance in our favor, except to the extent necessary to satisfy outstanding fees or close a position in accordance with this Agreement. We do not lend, pledge, rehypothecate, or otherwise use your assets for our own trading, hedging, or financing activities, unless you opt into a separate yield‑earning product that expressly authorizes such use.
6.1. Market and Volatility Risks. Trading and holding digital assets involves extremely high risk. Prices can experience dramatic swings in seconds, and historical performance is not indicative of future results. The value of any digital asset may decline to zero, and there is no guarantee that any market for a particular asset will remain liquid or continue to exist. You may suffer losses that exceed any initial deposit, particularly if you use leverage or margin products (where available). You should carefully consider whether digital asset trading is appropriate for your financial situation, risk tolerance, and investment objectives, and you should be prepared to lose all of the funds you commit.
6.2. Technological and Protocol Risks. Digital assets are built on underlying software protocols that may contain bugs, vulnerabilities, or design flaws. Forks, consensus failures, 51% attacks, smart‑contract exploits, governance attacks, and network congestion can lead to unexpected changes in asset functionality, irreparable transaction delays, or loss of access to your assets. We do not control the operation, development, or governance of any blockchain protocol, and we cannot guarantee that assets held on your behalf will be immune from losses caused by protocol‑level events. Our decision to support or delist any digital asset is based on internal listing standards that incorporate safety, legal, and liquidity considerations, and we reserve the right to suspend or discontinue support for any asset with minimal advance notice if required for compliance or security reasons.
6.3. Regulatory and Legal Risks. The legal status of digital assets remains unsettled in many jurisdictions. Changes in legislation, regulatory guidance, enforcement actions, or tax treatment could materially affect the value, liquidity, and utility of digital assets, as well as the legality of our services in your country. We may be required to restrict or terminate access in certain geographies, freeze assets, or report information to authorities in response to evolving legal requirements. You are solely responsible for understanding and complying with all local regulatory obligations, including tax reporting and payment obligations that arise from trading or holding digital assets.
6.4. No Professional Advice. Everything on the Platform—including written content, video tutorials, support‑agent communications, social‑media posts, market commentary, dashboards, and performance metrics—is provided for informational and educational purposes only and does not constitute financial advice, investment advice, trading advice, legal advice, tax advice, accounting advice, or any other type of professional consulting. No fiduciary relationship is created between you and Fortune Trade. You must make independent assessments of the suitability and risks of any transaction, and, where appropriate, consult a qualified professional before acting. We do not recommend that you buy, sell, or continue to hold any digital asset, and any reliance you place on Platform‑provided information is strictly at your own risk.
7.1. Credential Protection. You are fully responsible for safeguarding the confidentiality of all access credentials associated with your account, including your username, password, API keys, multi‑factor authentication (MFA) devices, backup codes, recovery phrases, and any one‑time verification codes sent via SMS, email, or authenticator applications. You must not share your credentials with any person, write them in unsecured locations, or enter them into any website or application other than the official Fortune Trade Platform. We will never ask you for your password, MFA token, or private keys, and any communication that does so should be considered fraudulent.
7.2. Device and Communication Security. You must maintain the security of the devices and communication channels you use to access the Platform. This includes keeping your operating system, browsers, and mobile applications updated, using updated anti‑malware software, avoiding jailbroken or rooted devices, and securing the email account and phone number linked to your account against unauthorized access. You must immediately notify us of any change to your contact information or if you lose possession of a device used for MFA. SIM swap fraud, email compromise, and social engineering attacks are increasingly common; you must take active steps to protect yourself, such as enabling a SIM lock with your mobile carrier, using hardware security keys where supported, and verifying all platform‑related communications through the official Fortune Trade communication channels.
7.3. Incident Response. If you have any reason to believe that your account has been compromised, that you have revealed credentials to a third party, that an unauthorized transaction has occurred, or that you are the target of phishing, spoofing, or social engineering, you must contact our Security Operations team without delay through the in‑app support channel or via the dedicated security email listed in our Security Policy. You must provide all relevant details, including timestamps, screenshots, and transaction IDs, to assist our investigation. Prompt notification significantly increases the likelihood that we can apply protective restrictions—such as freezing activity, initiating a forced MFA reset, or coordinating with external wallet operators—although we cannot guarantee recovery of lost assets. You agree to cooperate fully with any post‑incident forensic review.
8.1. Fee Structure and Modifications. All fees charged by Fortune Trade—including trading fees, spread models, deposit and withdrawal fees, network charges, conversion markups, inactivity fees, and any subscription or premium feature fees—are disclosed in our Fee Schedule, which is incorporated into this Agreement by reference. We reserve the right to introduce new fees or modify existing fees at any time. Material changes to the standard fee rates applicable to retail accounts will be announced via the Platform and by email at least seven (7) calendar days in advance. Your continued use after the change date constitutes acceptance of the new fee terms. Certain expedited or premium services may carry non‑refundable charges, even if the associated transaction is later reversed or disputed.
8.2. Availability and Jurisdictional Restrictions. The Platform is not available in all countries and territories. We use geolocation controls, IP‑based blocking, and identity verification to enforce jurisdictional restrictions. We do not represent that the Platform is appropriate or lawful in your location, and you must ensure that you comply with any local laws that restrict or prohibit the use of digital asset services. We may change the list of supported jurisdictions at any time without prior notice, and if your country of residence becomes restricted, you will be required to withdraw your assets and close your account within the timeframe specified in our notification.
8.3. Suspension, Limitation, and Termination. We may, in our sole discretion and without limiting any other remedies available at law or in equity, suspend, limit, freeze, or permanently close any account that: (a) violates any provision of this Agreement or the Supplemental Terms; (b) creates, in our judgment, an unacceptable credit, compliance, security, or reputational risk; (c) fails to provide requested documentation or pass ongoing verification checks; (d) engages in activity that threatens the safety, stability, or performance of the Platform or harms other users; or (e) is the subject of a valid legal or regulatory directive. If your account is terminated for cause, you remain liable for all outstanding obligations, including fees incurred before closure, and we may retain records of your activity for as long as necessary to satisfy audit, regulatory, dispute‑resolution, or law‑enforcement requirements. If you wish to close your account voluntarily, you must withdraw all assets and contact support; after closure, we will delete or anonymize personal data in accordance with our Privacy Policy, subject to mandatory retention periods.
8.4. Survival of Provisions. Even after the termination of this Agreement, the following provisions shall survive and continue in full force and effect: any obligations regarding outstanding balances, fee accruals, indemnifications, limitations of liability, dispute‑resolution clauses, confidentiality obligations (to the extent consistent with our Privacy Policy), and any other term that by its nature is intended to survive termination. You are not released from any liability to pay outstanding sums or to fulfill any obligations that arose prior to the termination date.
8.5. Data Retention and Legacy Records. Following account closure, we will retain certain information in our archives as required by applicable law—typically for a period of five to ten years—or as necessary to defend against legal claims, comply with audit procedures, or assist with ongoing investigations. Aggregated, de‑identified data may be retained indefinitely for statistical and analytical purposes in accordance with our Privacy Policy. We will not use your retained data for marketing purposes after account closure, and you may submit a formal request under our Privacy Policy to obtain details of the stored information.
Last Updated: April 20, 2024
This Privacy Policy describes how Fortune Trade (“Fortune Trade,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects your personal information when you access our website, mobile applications, APIs, trading interfaces, and any associated services (collectively, the “Platform”). It also explains the choices available to you regarding our handling of your information, the measures we take to safeguard your privacy, and your rights under applicable data protection laws.
By using the Platform, you acknowledge that you have read and understood this Privacy Policy. We may update this Privacy Policy from time to time, and material changes will be communicated through the Platform or via the email associated with your account. Continued use after the effective date of any revision constitutes your acceptance of the updated terms. If you do not agree, you should cease using the Platform and close your account.
1.1. Information You Provide Directly. When you register, verify your identity, fund your account, contact support, or participate in optional features, you may give us:
• Identity Data: full legal name, date of birth, nationality, government-issued identification numbers (e.g., passport, driver’s license, national ID), and photographic or video selfies used for biometric liveness checks.
• Contact Data: email address, phone number, residential address, and billing or shipping address.
• Financial Data: wallet addresses, bank account details, payment card information (which are tokenized and processed by PCI‑compliant payment partners), and source‑of‑funds declarations.
• Compliance Documents: copies of identification documents, proof‑of‑address materials, tax identification numbers, and any additional verification records we request.
• Communications: support tickets, chat transcripts, email correspondence, call recordings, and survey responses.
1.2. Information Collected Automatically. As you navigate and interact with the Platform, we automatically collect:
• Device and Connection Data: device type, operating system, browser version, device identifiers (such as IDFA, AAID, or a unique device fingerprint), mobile network information, and time zone settings.
• Log and Session Data: Internet Protocol (IP) address, approximate geolocation, access times, pages viewed, features used, click‑stream data, and crash logs.
• Security and Activity Signals: login timestamps, multi‑factor authentication challenges, navigation patterns, typing cadence, and biometric behavioral data derived from your interaction with the Platform, used solely for fraud prevention and account integrity.
• Blockchain and Transaction Data: public wallet addresses, transaction hashes, deposit and withdrawal amounts, and any associated metadata (e.g., memos or destination tags) that appear on a public ledger.
1.3. Information From Third Parties. We may receive information about you from:
• Identity verification and KYC/AML service providers.
• Blockchain analytics and wallet‑screening services, which return risk scores and associated wallet‑address categorizations.
• Sanctions lists, watchlists, Politically Exposed Persons (PEP) databases, and adverse media screenings.
• Publicly available data sources, such as company registries, court records, and social media profiles, where relevant to our compliance or fraud‑investigation obligations.
• Advertising and analytics partners, who provide aggregated demographic or interest‑based insights that do not identify you individually without your consent.
2.1. Providing the Platform. We use your personal data to create and maintain your account, verify your identity, authenticate logins, process deposits and withdrawals, execute and settle trades, display transaction history, and provide customer support. Without certain data, we may be unable to deliver core Platform functionality or comply with our contractual obligations to you.
2.2. Legal and Regulatory Compliance. We process personal data to fulfill our obligations under anti‑money laundering (AML), counter‑terrorist financing (CTF), sanctions, and tax reporting laws. This includes screening accounts against government‑issued lists, conducting ongoing due diligence, filing suspicious‑activity reports with relevant financial intelligence units, and responding to lawful requests from courts, law enforcement, and regulatory agencies.
2.3. Risk and Fraud Management. Information is analyzed to detect, prevent, and investigate fraudulent transactions, account takeovers, market manipulation, credential stuffing, bot attacks, and other prohibited or illegal conduct. We use a combination of automated rules and human review to evaluate the risk profile of accounts and transactions.
2.4. Service Improvement and Analytics. Aggregated and de‑identified data helps us understand how the Platform is used, measure performance, optimize user experience, develop new features, and conduct data‑driven business research. Any published reports or statistics will not identify you personally.
2.5. Communications and Marketing. We may use contact details to send service‑related announcements (which are non‑promotional and essential to account management), security alerts, and, with your separate consent where required by law, promotional materials about new products or features. You may opt out of marketing messages at any time via the unsubscribe link or in‑app settings, without affecting your ability to use the core services.
2.6. Legal Bases for Processing (EEA/UK Users). For individuals in the European Economic Area or the United Kingdom, our legal bases include: performance of a contract (Article 6(1)(b) GDPR), compliance with legal obligations (Article 6(1)(c)), legitimate interests (Article 6(1)(f)) such as fraud prevention and network security, and consent (Article 6(1)(a)) where we rely on it for optional features.
3.1. Continuous Monitoring. We monitor account activity, device fingerprints, IP geolocation, transaction patterns, login velocities, and behavioral signals in real time to identify anomalies that may indicate session abuse, account takeover attempts, unusual withdrawal spikes, payment irregularities, bot‑driven automation, or other operational threats. This monitoring is limited to what is necessary to protect the integrity and security of the Platform and the interests of our users.
3.2. Automated Decisions. Certain security and compliance decisions—such as temporarily freezing an account or declining a withdrawal—may be made entirely by automated systems. Where required by law, you will be informed of the logic involved, and you may request human review of the decision by contacting our Data Protection Officer. We do not make automated decisions that produce legal effects or similarly significant impacts concerning you without a human‑intervention mechanism, except where authorized by law (e.g., AML screening).
3.3. Data Integrity and Protection. We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, alteration, disclosure, or destruction. Measures include encryption in transit and at rest, multi‑factor authentication for employees with data access, intrusion‑detection systems, and regular penetration testing. However, no security system is impenetrable; we cannot guarantee absolute security.
3.4. Employee Access. Access to personal data is restricted to authorized personnel who have a legitimate need to know for the purposes described in this Policy. All employees and contractors are bound by confidentiality obligations and receive regular privacy and security training.
4.1. No Sale of Personal Information. We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration. We only share information as described in this section.
4.2. Service Providers. We engage carefully vetted third‑party companies to perform services on our behalf, including identity verification, cloud hosting, email delivery, customer support software, blockchain analytics, payment processing, audit, and legal services. These providers only receive the data necessary to perform their functions and are contractually prohibited from using it for any other purpose.
4.3. Financial and Payment Partners. To process fiat deposits and withdrawals, we share required payment information with banking partners, card networks, and payment processors, all of which operate under their own privacy policies and applicable financial data protection standards (such as PCI‑DSS).
4.4. Blockchain and Public Ledgers. When you initiate a withdrawal to an external wallet address, the transaction is broadcast to the relevant blockchain network, where your public address, the recipient address, the amount, and the transaction hash become publicly visible. We have no control over that data once it is on‑chain.
4.5. Legal and Regulatory Disclosures. We may disclose personal data if we determine in good faith that such disclosure is necessary to: (a) comply with a valid legal process, court order, warrant, or regulatory request; (b) enforce our Terms of Service or other agreements; (c) protect our rights, property, or safety, or the rights, property, or safety of our users or the public; or (d) respond to an emergency involving potential harm, illegal activity, or significant operational risk.
4.6. Business Transfers. In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, user information may be transferred to the successor entity, provided that the recipient agrees to handle your information in a manner consistent with this Privacy Policy. We will notify you of any such change in ownership or control via the Platform and, where practical, by email.
5.1. Retention Principles. We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, to satisfy legal, accounting, regulatory, audit, or reporting requirements, and to defend or assert legal claims. The specific retention period varies depending on the nature of the data, the jurisdiction, and our legal obligations.
5.2. Account Duration. While your account remains active, we keep your profile information, transaction records, compliance documents, and communications on file. If you close your account, we will generally delete or anonymize personal data within ninety (90) days, except for information that must be retained to comply with mandatory retention laws (typically five to ten years under applicable anti‑money laundering and tax legislation), to resolve disputes, or to enforce our agreements.
5.3. Residual Copies. Following deletion, some data may persist in encrypted backup archives for a limited period until those backups are overwritten in the ordinary course of business. We maintain reasonable access controls over such backups to prevent processing beyond storage and integrity assurance.
5.4. Deletion Requests and Compliance Holds. If you request deletion of your personal data, we will assess your request against any legal record‑keeping requirements that override that right. Where information cannot be immediately deleted because it is subject to a litigation hold, regulatory investigation, or statutory retention period, we will restrict its processing to storage and preservation until the legal constraint is lifted, after which it will be securely deleted.
6.1. What Cookies Are. Cookies are small text files placed on your device by websites you visit. Similar technologies include web beacons (pixel tags), local storage objects (flash cookies), and software development kits (SDKs) in mobile apps. These tools help us recognize your browser or device, remember your preferences, and collect certain operational data.
6.2. Types of Cookies We Use.
• Strictly Necessary Cookies: essential for core functions like session persistence, secure login, and load balancing. The Platform cannot operate properly without them.
• Preference Cookies: store choices such as language, currency display, and device preferences so you can navigate more efficiently.
• Security and Operational Cookies: assist in detecting suspicious behavior, preventing cross‑site request forgery, and enforcing rate limits.
• Analytics Cookies: allow us to compile aggregated statistics about site traffic, feature usage, and performance, typically using self‑hosted or privacy‑compliant analytics tools. We do not use third‑party advertising cookies that track you across other websites for behavioral advertising purposes.
6.3. Third‑Party Tools. We may use third‑party services (such as Cloudflare for security and content delivery, or a self‑hosted analytics engine) that place their own cookies or read your device fingerprint under their own privacy policies. We select partners who commit to protecting your privacy and not using our Platform’s data for their own marketing purposes.
6.4. Managing Your Choices. You can configure your browser to reject cookies, alert you when a cookie is placed, or delete previously stored cookies. Disabling certain cookies may affect the functionality of the Platform—for example, you may be required to log in repeatedly, experience failures in verification workflows, or lose interface protections that rely on session integrity. On mobile devices, you can adjust advertising and tracking settings within your operating system. For more detail, consult our Cookie Settings page or the help documentation of your browser.
7.1. Scope of Rights. Depending on your jurisdiction, you may have the following rights regarding your personal data:
• Right of Access: request confirmation that we process your data and receive a copy of that data.
• Right to Rectification: ask us to correct inaccurate or incomplete information.
• Right to Erasure (“Right to be Forgotten”): request deletion of your data, subject to legal retention obligations.
• Right to Restriction of Processing: ask us to limit how we use your data under certain circumstances.
• Right to Data Portability: receive your data in a structured, commonly used, machine‑readable format and, where technically feasible, have it transmitted to another controller.
• Right to Object: object to processing based on legitimate interests, including profiling for direct marketing purposes.
• Right to Withdraw Consent: where we rely on your consent to process data, you may withdraw that consent at any time without affecting the lawfulness of prior processing.
• Right to Non‑Discrimination: we will not discriminate against you for exercising any of these privacy rights, such as by denying services, charging different prices, or providing a different level of quality, except to the extent permitted by law (e.g., where the service depends on mandatory identity verification).
7.2. How to Exercise Your Rights. Submit a request via the in‑app privacy request form, or by emailing our Data Protection Officer at privacy@fortunetrade.example. To protect your account, we will verify your identity before processing any request, which may involve multi‑factor authentication, document re‑submission, or a video‑verification step. We will respond to verifiable requests within one month, or within a longer period when permitted by law, and we will notify you if an extension is required.
7.3. Limitations and Appeal. In certain situations, we may be unable to fulfill a request in whole or in part—for example, if retaining the information is necessary for compliance with a legal obligation, to establish or defend a legal claim, or if deletion would compromise the security or integrity of the Platform. If we deny or defer your request, we will provide a written explanation of the grounds for our decision. You may appeal our decision by following the instructions in our response, and we will conduct an independent review. You also have the right to lodge a complaint with the relevant data protection supervisory authority in your jurisdiction.
7.4. California Privacy Rights. If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and its successor laws, including the right to know the categories and specific pieces of personal information we collect, the sources of that information, the business purpose for collection, and the categories of third parties with whom we share it. You may request the deletion of personal information, opt out of any future sale (though we do not sell data), and designate an authorized agent to make requests on your behalf. We will not discriminate against you for exercising your CCPA rights. To submit a CCPA request, please use the privacy request form in your account or contact our privacy team.
7.5. International Transfers. Fortune Trade operates globally, and your personal data may be transferred to, stored in, or processed in countries that may not provide the same level of data protection as your home jurisdiction. When we transfer data across borders, we implement appropriate safeguards—such as Standard Contractual Clauses approved by the European Commission, binding corporate rules, or reliance on adequacy decisions—to ensure that your information remains protected in accordance with this Privacy Policy. You may request a copy of the relevant safeguard documentation by contacting us.
Fortune Trade employs a comprehensive, defense‑in‑depth security program designed to protect every layer of the platform—from the infrastructure that hosts our systems, to the applications you interact with, to the internal tools our teams use, to the individual user accounts that hold digital assets. Our approach combines preventive controls, continuous monitoring, real‑time anomaly detection, human review, and rigorous incident‑response procedures. Security is not a one‑time effort but an ongoing commitment that adapts to evolving threats, regulatory expectations, and industry best practices.
1. Infrastructure and Network Security
• All platform components are hosted in top‑tier data centers with physical security controls, including biometric access, 24/7 guard personnel, and redundant power and connectivity.
• Network traffic is protected by enterprise‑grade firewalls, intrusion detection and prevention systems (IDS/IPS), and web application firewalls (WAF) that filter malicious requests before they reach application servers.
• Distributed Denial‑of‑Service (DDoS) mitigation is in place to absorb volumetric attacks and maintain service availability.
• Communication between your browser and our servers is encrypted using TLS 1.3 (or the strongest version your device supports), with certificate pinning and strict transport security headers to prevent interception.
2. Data Encryption
• Sensitive data at rest is encrypted using AES‑256 or equivalent algorithms. Encryption keys are managed through a dedicated key management service with automatic rotation.
• Backup data is encrypted both in transit and at rest, and access to backup storage is severely restricted to a small number of infrastructure engineers under strong access controls.
3. Access Management and Administrative Controls
• Employee access to production systems, databases, and internal tooling follows the principle of least privilege and is granted only after thorough background checks and management approval.
• All administrative access requires multi‑factor authentication (hardware security keys or time‑based one‑time passwords) and is logged to an immutable audit trail.
• Access rights are reviewed quarterly. Employees who change roles or depart have their credentials promptly revoked.
• Internal applications are segmented by function; no single person can unilaterally authorize a withdrawal, modify core trading logic, or alter financial records. Critical actions require multi‑party approval (the “operational separation” principle).
4. Wallet and Key Management
• The majority of digital assets under custody are stored in cold (offline) wallets that are geographically distributed, secured in safe deposit boxes or vaults, and accessible only through a multi‑signature protocol that requires multiple independent authorizers.
• Hot wallets that facilitate day‑to‑day withdrawals hold only a limited portion of assets, sized based on real‑time liquidity models, and are protected by hardware security modules (HSMs) and threshold signing.
• All wallet transactions are subject to automated risk scoring and, above predefined thresholds, to manual review by security and compliance personnel before broadcast to the network.
5. Continuous Monitoring and Anomaly Detection
• Our Security Operations Center (SOC) monitors platform activity around the clock using a Security Information and Event Management (SIEM) system that aggregates and correlates logs from servers, databases, applications, and network devices.
• Automated behavior‑analytics engines evaluate sign‑in patterns, IP reputation, device fingerprints, transaction velocity, withdrawal destinations, and session characteristics to identify potential account takeover, credential stuffing, insider threats, and unauthorized access attempts.
• Any anomalous signal—such as a login from a new country, a sudden balance sweep to a previously unseen external address, or a sequence of failed two‑factor challenges—generates an alert that is triaged by an on‑call analyst.
6. Risk‑Based Manual Review
• When automated checks flag an account or transaction as high‑risk, the request is routed to a queue for manual examination by our team. This includes:
– Changes to email, password, or multi‑factor authentication settings.
– Withdrawals to addresses that are newly added or that appear on blockchain analytics watchlists.
– Deposits originating from mixers, sanctioned addresses, or high‑risk jurisdictions.
– Unusual trading activity that may indicate market manipulation or automated abuse.
• Manual review may involve verifying your identity again, contacting you through an out‑of‑band channel, or requesting additional documentation. Until the review is complete and the risk is resolved, the transaction or account function may remain paused.
7. Secure Development and External Validation
• Our engineering teams follow secure software development lifecycle (SDLC) practices, including static code analysis, dependency scanning, peer code reviews, and threat modeling for new features.
• We engage independent security firms to conduct annual penetration tests of our web applications, mobile apps, and API endpoints. Critical vulnerabilities are remediated urgently and re‑tested.
• We maintain a vulnerability disclosure program (and, where practical, a public bug bounty), encouraging ethical hackers to report issues responsibly. Valid findings are addressed promptly.
8. Audit Trails and Operational Separation
• All sensitive actions—such as granting admin privileges, executing a database change, approving a manual withdrawal override, or modifying a user’s verification status—are logged with the acting employee’s identity, timestamp, and a description of the change.
• Logs are stored in an append‑only, tamper‑resistant system and are regularly reviewed by our compliance and internal audit teams. Unauthorized log deletion or modification is designed to be technically impossible for standard administrators.
• Duties are operationally separated so that the staff member who handles a support ticket does not also have the ability to approve a financial transaction on the same account without independent oversight.
Your role is essential. Even the most advanced platform security cannot compensate for weak account‑level practices. You are responsible for protecting your credentials, devices, and communication channels. We strongly urge you to follow these best practices:
1. Use a Strong, Unique Password
• Create a password of at least 16 characters, using a mix of upper‑ and lower‑case letters, numbers, and symbols. Avoid dictionary words, birth dates, or sequences.
• Use a reputable password manager to generate and store unique passwords for each service. Never reuse your Fortune Trade password on other websites or apps.
• Change your password immediately if you suspect it has been exposed; enable password breach notifications in your browser or password manager.
2. Secure Your Email and Phone Account
• The email address linked to your Fortune Trade account is a primary recovery and communication channel. Use a similarly strong, unique password and enable multi‑factor authentication on that email account.
• If your mobile phone is used for SMS‑based authentication (where offered), contact your carrier to activate a SIM lock or port‑out freeze, reducing the risk of SIM‑swap fraud. We encourage the use of authenticator apps or hardware security keys over SMS wherever possible.
• Regularly review the recovery options and connected devices on your email and phone accounts, and remove any that are unrecognized.
3. Enable and Secure Multi‑Factor Authentication
• Activate at least one strong multi‑factor authentication method: a time‑based one‑time password generated by an authenticator app (such as Google Authenticator, Authy, or similar), or a FIDO2/U2F hardware security key.
• Store backup codes offline in a secure location (e.g., a locked safe or encrypted file). Never screenshot them or store them in cloud‑synced note apps.
• Never share one‑time passcodes, login links, or screenshots of your verification prompts with anyone—including anyone claiming to be Fortune Trade support. We will never ask you for these.
4. Device Hygiene and Network Safety
• Keep your device’s operating system, browser, and all installed apps updated with the latest security patches. Enable automatic updates where possible.
• Install and maintain reputable anti‑malware software on your desktop and mobile devices. Avoid installing applications from unofficial stores or unknown sources.
• Do not access your Fortune Trade account from jailbroken, rooted, or otherwise altered devices, as they may expose your credentials.
• Avoid using public, open Wi‑Fi networks when trading or performing sensitive operations. If you must, use an encrypted VPN service from a trusted provider.
• Lock your device with a strong PIN, passphrase, or biometric lock, and set it to auto‑lock after a short period of inactivity.
5. Verify All Transaction Details
• For every withdrawal or deposit, double‑check the destination address, the blockchain network, and any required memo, destination tag, or payment ID. Confirm that the address exactly matches the one you intend to use, preferably by checking it character‑by‑character or using QR code scanning where supported.
• Test new or large transfer patterns by sending a small test amount first and waiting for it to arrive successfully before committing the full sum.
• Be aware of clipboard‑hijacking malware that replaces a copied address with an attacker’s address. Use the “whitelist” address‑book feature (if enabled) and re‑verify the destination on a second device before confirming.
6. Recognize and Report Phishing
• Be vigilant for emails, SMS messages, social‑media posts, or phone calls that impersonate Fortune Trade. Check that the sender’s email domain is exactly fortunetrade.example (without substitutions, such as replacing “o” with “0” or adding hyphens).
• Always access the Platform by typing the URL directly into your browser or using the official mobile app; never follow links in unsolicited messages.
• Look for the lock icon in your browser’s address bar and verify the TLS certificate is issued to Fortune Trade.
• If you receive a suspicious communication, do not click any links, open any attachments, or provide any information. Forward it to our security team at phishing@fortunetrade.example and then delete it.
7. Monitor Your Account Activity
• Regularly review your sign‑in history, trusted devices, and transaction logs from within the Platform’s security dashboard.
• Enable push notifications or email alerts for logins, withdrawals, and security‑sensitive actions so that you are immediately aware of unexpected events.
• If you notice any activity you do not recognize, report it to support immediately; early notification can be critical in containing potential loss.
1. Detection and Immediate Action
We maintain a formal incident response plan that is activated the moment our automated systems or security personnel identify an event that threatens user accounts, platform integrity, or digital asset holdings. An event may be detected through SIEM alerts, an internal report, a customer notification, a third‑party intelligence feed, or a penetration test finding. Once a potential incident is validated, the incident response team (comprising members from security, engineering, compliance, legal, and executive leadership) follows a structured process:
• Containment: Affected components or accounts are isolated immediately. This may involve temporarily freezing a specific account, disabling an API key, revoking active sessions, placing a hold on pending withdrawals, or, in extreme cases, taking a subsystem offline.
• Preservation: All relevant logs, forensic images, and transaction traces are captured and stored in a secure, tamper‑evident repository to support investigation and any potential legal action.
• User Notification: If your individual account is affected, we will attempt to contact you through the verified email on file, and, where appropriate, through an out‑of‑band channel such as a phone call to the number you have registered. The notification will include what we know, what steps we have taken, and what you need to do.
2. Investigation and Ownership Verification
• Security analysts will examine the sequence of events that led to the alert—reviewing login IPs, device fingerprints, transaction timestamps, any changes to account settings, and communication logs.
• If the incident involves a potential unauthorized access, we will require you to re‑establish account ownership through an elevated verification process: this may involve a video call while holding a government ID, answering in‑depth knowledge‑based questions, and re‑provisioning your multi‑factor authentication.
• During the investigation, all withdrawal and sensitive change functions will remain suspended to prevent further unauthorized activity. Trading may be restricted depending on the nature of the alert.
3. Restoration and Remediation
• Once ownership is verified and the extent of the incident is understood, we will work with you to restore the account to a secure state: mandatory password reset, new MFA enrollment, removal of unauthorized devices, and review of any whitelisted addresses.
• We will provide a timeline and summary of the investigation findings, subject to any legal or confidentiality constraints.
• Post‑incident, our security engineering team conducts a root‑cause analysis and, where necessary, implements additional platform‑level controls, such as new detection rules, stricter thresholds, or enhanced user education, to reduce the likelihood of recurrence for all users.
4. Cooperation with Authorities
• Where a confirmed incident constitutes or may constitute a criminal act, we will report it to the appropriate law enforcement and regulatory bodies, and we will cooperate fully with any resulting investigation, including providing relevant records as permitted by applicable privacy laws.
• We may also coordinate with blockchain analytics firms and other exchanges to trace and, if possible, flag misappropriated assets. While we cannot guarantee recovery of lost funds, we take all reasonable steps within our power.
5. Your Responsibilities During an Incident
• Contact our Security Operations team immediately via the in‑app support chat or the dedicated security hotline/email listed in our Security Policy. Provide every detail you can: what you observed, suspicious messages or emails you received, recent account changes, transaction hashes, and times (with timezone).
• Do not attempt to “test” the suspicious activity by repeating the transaction or clicking links. Preserve the evidence—do not delete emails, messages, or screenshots.
• Follow the instructions provided by our incident response team; they are designed to minimize harm and expedite recovery.
6. No Guarantee, But a Commitment
• No system can be guaranteed 100% safe from sophisticated attacks, zero‑day exploits, or human error. However, Fortune Trade is committed to deploying industry‑leading protection, responding swiftly and transparently when issues arise, and continuously improving our security posture. We view security as a shared responsibility and will always strive to earn your trust through our actions.
Join thousands of successful traders today
Already have an account?
Sign In to Your AccountLightning-fast
256-bit encryption
Advanced tools
Always here