Privacy

Privacy Policy

iBull · Paper Trading & Stock Market Learning Platform
Last updated: 2 July 2026 Effective: 2 July 2026

This Privacy Policy explains how iBull (“we”, “us”, or “our”) collects, uses, stores, and protects your information when you use our paper-trading mobile application and website (collectively, the “Service”). iBull is an educational, simulated stock market environment. We do NOT handle, hold, or facilitate any real money or actual securities transactions. All trades, profits, and losses shown on the Service are virtual and have no monetary value.

1. About This Service

iBull is a paper-trading platform intended solely for education, training, and skill-building. The Service simulates stock market activity using market data feeds for learning purposes. No real money is deposited, withdrawn, transferred, or otherwise handled through the Service.

Accounts are created upon registration or invitation, and access is granted through the iBull website or mobile application. The Service is not a brokerage, exchange, depository, or financial advisor, and nothing on the Service constitutes investment advice.

Use of the Service requires you to be 18 years of age or older.

2. Information We Collect

We collect the minimum information needed to operate the Service. Specifically:

  • Account information: a login code, password (stored hashed, never in plain text), display name, role (client / master / admin), phone number and email address (if provided during account setup or in your profile).
  • Simulated trading activity: virtual orders, virtual positions, simulated profit and loss, watchlists, and similar in-app activity. None of this represents real holdings or real money.
  • Device information: device type, operating system, app version, IP address, and crash logs, used for diagnostics and security.
  • Usage data: pages visited, features used, login timestamps, and session activity, used for product improvement and abuse prevention. This may include anonymized session replays (clicks, scrolls, and pointer movements) processed by our analytics provider; see Section 7 for details.
  • Push notification tokens (if you enable notifications), used solely to deliver alerts you have opted into.
  • Support communications: messages you send via the support form, including the contents of your message and the email address you provide.
3. We Do NOT Collect Financial or Payment Data

Because the Service does not handle real money, we do not collect, store, or process any of the following: bank account numbers, credit/debit card numbers, UPI IDs, demat or trading account credentials, PAN numbers, KYC documents, or any government-issued identification.

If you ever encounter a request for such information while using the Service, please report it immediately. It is not part of our legitimate flow.

4. How We Use Your Information

We use the information we collect for the following purposes:

  • To create and maintain your account and authenticate you when you log in.
  • To operate the simulated trading environment, calculate virtual P&L, and display reports.
  • To diagnose technical problems, monitor uptime, and improve performance and reliability.
  • To detect and prevent abuse, fraud, prohibited activity (such as jobbing, arbitrage, or coordinated multi-account behavior), and violations of our Rules and Regulations.
  • To communicate service-related notices, important changes, or responses to your support queries.
  • To comply with applicable laws and respond to lawful requests from authorities.
5. How We Share Information

We do not sell, rent, or trade your personal information. We share information only in the following limited cases:

  • With service providers that help us run the Service (for example, cloud hosting, market data feeds, email delivery, crash reporting). These providers process data only on our instructions and under appropriate confidentiality obligations.
  • Within your authorized hierarchy: if you are a client, certain activity may be visible to your assigned master or admin for support and supervision. This is part of how the Service is designed to operate.
  • If required by law, court order, or a valid government request, or to protect the rights, safety, or property of iBull, our users, or others.
  • In connection with a business transfer (such as a merger or acquisition), in which case we will require the recipient to honor this Privacy Policy.
6. Third-Party Services

The Service relies on a small number of third-party providers, including cloud infrastructure, market data vendors, email delivery (Brevo), crash and performance monitoring tools, Microsoft Clarity for product analytics (see Section 7), and Google Firebase Cloud Messaging (FCM) which is used solely to deliver push notifications you have opted into. These providers may process limited technical data on our behalf. We choose providers with reasonable security practices and limit the data shared to what is necessary.

7. Analytics and Session Recording

We use Microsoft Clarity, an analytics product provided by Microsoft Corporation, to understand how users interact with the Service so we can improve usability, diagnose bugs, and prevent abuse. On our website, Clarity records aggregated interaction signals from your browsing session — mouse movements, clicks, scrolls, page navigation, browser type, device type, and approximate geolocation derived from your IP address. The iBull mobile application uses the equivalent Microsoft Clarity mobile SDK, which records analogous interaction signals on the device — taps, gestures, screen transitions, device type, and OS version. The mobile SDK does not collect device location.

Sensitive form fields and sensitive on-screen data are masked before any information leaves your device. This includes login screens, password change forms, the create/edit user form, ledger balances, profit-and-loss values, M2M alert details, and your profile name and login code. Recordings cannot be used to read your password, login code, or other credentials and financial values that have been masked.

Recordings are processed and retained by Microsoft on its infrastructure under Microsoft's privacy terms (https://privacy.microsoft.com/privacystatement). We use the data solely for internal product improvement and operational diagnostics; we do not sell it or share it with advertisers.

Analytics is enabled only on our production website and on production release builds of the mobile app. Development, staging, preview, and debug builds are excluded. If you wish to opt out of session recording for your account, please contact us using the support page and we will exclude you from recording.

8. Data Storage and Security

Your data is stored on secured servers with access restricted to authorized personnel. Passwords are stored using industry-standard one-way hashing. Network traffic between the app and our servers is encrypted in transit using HTTPS / TLS, with certificate pinning enabled in the mobile application to protect against interception.

If you enable biometric login (Face ID, Touch ID, or fingerprint), your login credentials are stored encrypted on your device using the platform's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). They never leave your device. You can disable biometric login at any time from the profile screen, which removes the stored credentials.

While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we work continuously to maintain strong safeguards.

9. Data Retention

We retain account and activity data for as long as your account is active or as needed to provide the Service, comply with our legal obligations, resolve disputes, prevent abuse, and enforce our agreements. When data is no longer required, we either delete it or de-identify it.

10. Your Choices and Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you.
  • Correction: ask us to correct information that is inaccurate or incomplete.
  • Deletion: ask us to delete your account and associated personal information, subject to legitimate retention needs.
  • Withdrawal of consent: where we rely on consent, you may withdraw it at any time.
  • Notification preferences: opt out of non-essential push notifications and emails from within the app or by contacting support.
11. Children's Privacy

Use of the Service requires you to be 18 years of age or older. The Service is not directed to minors, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, please contact us and we will delete it.

12. International Data Transfers

Your information may be processed and stored on servers located in countries other than the one in which you reside. By using the Service, you consent to such transfers, which we conduct with appropriate safeguards.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The “Last Updated” date at the top of this page reflects the most recent revision. Material changes will be communicated through the Service or by other reasonable means. Your continued use of the Service after a change becomes effective constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of the rights described above, please reach out using the support page on our website. We will respond within a reasonable time.

Contact: updates@ibull.org  or visit our support page.