Privacy Policy
Updated · 2026-05-20Plain English. PipGap collects the minimum data needed to run the service. We don't sell your data. You have full rights to access, export, or delete what we have. Email contact@pipgap.com any time.
01 What we collect
You give us:
- Email — if you subscribe to updates or contact us
- Broker account number — only if you ask us to verify your cashback (we never collect broker passwords)
Automatic (when you visit):
- IP address (anonymized after 30 days)
- Browser type and language
- Pages visited, time spent
- Referrer URL (where you came from)
02 Why we collect it
| Data | Purpose | Lawful basis |
|---|---|---|
| Send updates, reply to inquiries | Consent | |
| IP / browser | Detect abuse, analyze traffic | Legitimate interest |
| Cookies | Save language, track referrals | Consent |
| Broker account # | Verify cashback payments | Consent |
03 Who we share with
- Forex broker partners (the broker you click through to) — when you sign up via our referral link, we pass your email and IP at the moment of referral so the broker can attribute commission. Each broker is an independent data controller; brokers operate in multiple jurisdictions including offshore. See the destination broker's privacy policy.
- Analytics providers — Cloudflare Web Analytics (anonymized). Where Google Analytics is used, IP is anonymized and not linked to your email.
- Email service provider — if you subscribe, we use a standard transactional email provider to send messages.
- Cloud infrastructure — hosting on AWS (Singapore region) with backup in Vietnam.
- Authorities — only if legally compelled (court order, regulatory request, MLAT).
Cross-border transfers (e.g., to broker partners outside Vietnam/EEA) are made under appropriate safeguards — Standard Contractual Clauses (SCCs) where applicable, or your explicit referral consent. We assess each cross-border data flow before it is enabled (Transfer Impact Assessment).
04 Cookies
- Essential — language preference, session state. Required for the site to function. No opt-out.
- Analytics — Cloudflare Web Analytics. No personal identification. Default off in EU/UK; activated only with explicit consent through a cookie banner.
- Referral tracking — first-party cookie set when you click a broker link, used to attribute cashback. Lifetime: up to 90 days.
You can disable cookies in your browser. Some features (language toggle, cashback tracking) may break. We do not use third-party advertising cookies.
05 Your rights
Under GDPR (EU), CCPA (California), and Vietnam PDPL, you can:
- Access — request a copy of your data
- Delete — ask us to erase everything we have on you
- Correct — fix wrong or outdated information
- Export — get your data in JSON or CSV
- Opt-out — stop marketing emails (unsubscribe link in every email)
- Withdraw consent — at any time
Email contact@pipgap.com with your request. We respond without undue delay and no later than 30 days, extendable by up to 60 days if the request is complex (we will tell you if we extend). If you are not satisfied with our response, you can complain to your local data protection authority — for EU/EEA, contact the supervisory authority in your member state; for Vietnam, the Ministry of Public Security (Cục An ninh mạng).
06 How long we keep data
- Email — until you ask us to delete it
- IP logs — typically up to 90 days for security and abuse-detection purposes, then deleted or anonymized
- Referral cookies — up to 90 days
- Cashback transaction records — retained for the period required by applicable tax and accounting law (commonly up to 10 years in Vietnam)
07 Security
- HTTPS site-wide (TLS)
- Industry-standard at-rest encryption on managed cloud storage
- Internal access restricted on a need-to-know basis with logged access
- No payment-card data ever collected or stored on our systems
We follow generally accepted industry security standards but no system is 100% secure. If we discover a personal-data breach materially affecting you, we will notify affected users without undue delay in line with applicable law (e.g., GDPR Art. 33/34, Vietnam PDPL Art. 23).
08 Children
PipGap is intended for adults aged 18 and over and is not directed to children under 18. We do not knowingly collect data from minors. We rely on users' self-declaration of age. If you are a parent or guardian and believe your child has provided us with personal data, email contact@pipgap.com and we will delete it.
09 International data transfers
PipGap operates primarily from Vietnam. Our cloud infrastructure is hosted in Singapore (AWS) with backup in Vietnam. When data is transferred outside your country (e.g., to broker partners in other jurisdictions), we rely on appropriate safeguards: Standard Contractual Clauses (SCCs) for EU/UK personal data where applicable, your explicit consent at the moment of broker referral, and contractual data-protection obligations with partners.
10 Changes to this policy
We may update this policy. The "Updated" date at the top reflects the latest version. Material changes are announced on this page and via email to subscribers at least 14 days before they take effect, where required by law.
11 Notice for California residents (CCPA / CPRA)
In the past 12 months, we have collected the categories of personal information described in Section 01 (identifiers, internet activity, geolocation derived from IP).
"Do Not Sell or Share My Personal Information" — PipGap does not sell personal information and does not share it for cross-context behavioral advertising. There is therefore nothing to opt out of in that sense. To submit any other CCPA request (access, deletion, correction), email contact@pipgap.com with subject "CCPA Request".
You may also designate an authorized agent to act on your behalf; we will verify the agent's authority before acting.
Privacy questions or data requests?
Email contact@pipgap.com — we respond without undue delay, within applicable legal timelines.