Legal

Privacy Policy

Last updated: 31 May 2026  |  Effective immediately

1. Introduction

WhaleTraders KE ("we", "us", "our") is committed to protecting your personal information. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights regarding that data when you use our Platform at whaletraderske.co.ke.

By creating an account or using our Platform, you consent to the collection and use of your information as described in this Policy.

2. Information We Collect

Account Information: When you register, we collect your name, email address, and any other information provided during sign-up via our authentication provider (Clerk). You may optionally sign up using Google or GitHub, in which case we receive profile information from those providers.

Payment Information: When you deposit or withdraw via M-Pesa, we collect your M-Pesa phone number and transaction details (amount, receipt number, timestamp). We do not store full M-Pesa PINs or any payment card details.

Trading Activity: We record all trades placed on the Platform, including asset, direction, amount, entry/exit prices, timestamps, and trade outcomes.

Technical Data: We collect your IP address, browser type, device information, and usage logs to operate and secure the Platform.

Communications: If you contact us by email, we retain that correspondence to respond to your queries.

3. How We Use Your Information

We use your information to:

  • Create and manage your account and trading wallet.
  • Process deposits and withdrawals via M-Pesa.
  • Resolve trades and update wallet balances.
  • Detect and prevent fraud, abuse, and multiple-account violations.
  • Comply with legal obligations and respond to law enforcement requests.
  • Communicate important account or platform updates to you.
  • Improve Platform performance, features, and user experience.
  • Enforce our Terms and Conditions.

We do not sell your personal information to third parties for marketing purposes.

4. Third-Party Services

We share data with the following trusted third parties to operate the Platform:

  • Clerk (clerk.com): Provides authentication, user management, and session security. Clerk stores your email, name, and account metadata. See Clerk's Privacy Policy.
  • Safaricom / M-Pesa (Daraja API): Processes all deposits and withdrawals. Your phone number and transaction amounts are shared with Safaricom to execute M-Pesa transactions. See Safaricom's Privacy Policy.
  • Neon (neon.tech): Our serverless PostgreSQL database provider stores your account data, wallet balances, and trade history in encrypted cloud storage.
  • Deriv (deriv.com): Provides live synthetic index price feeds. No personal user data is shared with Deriv.
  • CoinMarketCap: Provides cryptocurrency price data. No personal user data is shared.
  • Vercel / Render: Our hosting providers that may process request logs including IP addresses for infrastructure purposes.

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • HTTPS encryption for all data in transit (TLS 1.2+).
  • HSTS (HTTP Strict Transport Security) enforcement.
  • Authentication via Clerk with support for multi-factor authentication.
  • Database encryption at rest via Neon's infrastructure.
  • Rate limiting and automated fraud detection on all sensitive endpoints.
  • Server-side input validation and parameterized database queries to prevent SQL injection.

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data. You are responsible for keeping your account credentials confidential.

6. Data Retention

We retain your account and trading data for as long as your account is active and for a period of 5 years after account closure to comply with financial record-keeping requirements.

Technical logs (IP addresses, request logs) are retained for up to 90 days.

You may request deletion of your personal data by contacting us. Note that we may be required to retain certain information for legal or regulatory compliance reasons.

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your data, subject to legal retention obligations.
  • Objection: Object to processing of your data for specific purposes.
  • Portability: Request your data in a structured, machine-readable format.

To exercise any of these rights, contact us at support@whaletraderske.co.ke. We will respond within 30 days.

8. Cookies

We use essential cookies and browser storage to maintain your login session and platform preferences. These are necessary for the Platform to function and cannot be disabled.

We do not use advertising or tracking cookies from third-party advertising networks.

9. Children's Privacy

Our Platform is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If we become aware that a minor has registered, we will immediately terminate the account and delete associated data.

10. International Data Transfers

Your data may be stored and processed in data centres outside Kenya (for example, in the United States or European Union by our third-party providers). We ensure that such transfers are subject to appropriate safeguards.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email or by prominently displaying a notice on the Platform. Continued use after the effective date constitutes acceptance of the revised Policy.

12. Contact Us

For privacy-related queries, requests, or complaints, contact us at:

support@whaletraderske.co.ke

WhaleTraders KE — Nairobi, Kenya

← Back to Home|Terms and Conditions →