Privacy and Data Protection Policy for MQL5 Algo Forge

(Domain: https://forge.mql5.io, hereinafter referred to as the "Platform")

This Privacy Policy explains what personal data MetaQuotes Ltd ("we", "us", "our") collects from users of the Platform, how this data is used, and the measures taken to protect it. The Policy is based on current EU data protection standards, including the General Data Protection Regulation (GDPR), and follows the corporate privacy principles applied on MQL5.com.

1. Terms and definitions

Personal Data: means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to a name, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Processing: means any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organization, structuring, storage, adaptation, retrieval, use, disclosure, dissemination, alignment, restriction, erasure, or destruction.

Restriction of Processing: means the marking of stored personal data with the aim of limiting future processing.

Controller: means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law. The controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent of the Data Subject: means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2. Data We Collect

Category	Examples	Legal Basis
Account Data	MQL5.com login, email address, OAuth keys	Contract performance (Terms of Use)
Repository Metadata	Branch names, commits, merge requests, comments, webhooks	Contract performance; legitimate interest (stability)
Files and Code	Source code, documentation, binaries, embedded resources	Contract performance; consent (for public repositories)
Log Data	IP address, browser type, access time, request URLs, HTTP headers	Legitimate interest (security, auditing)
Interaction Metadata	Issue discussions, reactions, attachments, notifications	Contract performance
Cookies and Similar Technologies	Auth cookies, interface settings, CSRF tokens	Consent (see Cookie Policy)

3. How We Use Your Data

Providing functionality – creating and storing repositories, version control, collaborative coding, CI/CD integration.
Authentication and security – account verification, access control, suspicious activity investigation.
Communication – notifications about commits, pull requests, repository updates, security alerts.
Analytics and service improvement – aggregate stats on usage and performance to optimize functionality.
Legal compliance – fulfilling obligations to regulatory and judicial authorities.

4. Repository Visibility and Content Disclosure

Public repositories and their contents are visible to all Internet users and may be indexed by search engines.
Private repositories are accessible only to the owner and invited contributors. We do not disclose their contents to third parties except as required by law or as outlined in Sections 7 and 8 of this Policy.
Users are responsible for assessing the risk of exposing personal or confidential data when uploading content. We are not liable for voluntarily disclosed information.

5. Cookies

We use cookies to:

Maintain user sessions
Remember interface preferences
Protect against CSRF attacks
Collect anonymous traffic statistics

For details, refer to our Cookie Policy, which applies to all subdomains.

6. Data Protection

We apply a combination of administrative, technical, and physical security measures, including:

Traffic encryption (HTTPS, SSH)
Two-factor authentication (2FA)
Infrastructure segmentation and CI container isolation
Regular external security audits
Access logs and instant token revocation mechanisms

While no method of online data transmission can guarantee to be 100% secure, we strive to minimize the risk of unauthorized access.

7. Data Sharing and Third-Party Service

Processors: Hosting providers, backup services, and analytics vendors.
Legal basis: Data processing agreements (DPAs) with each Processor; transfers outside the EEA follow GDPR mechanisms (e.g., Standard Contractual Clauses)
No data sales: We do not sell, rent, or otherwise disclose user data to third parties for commercial purposes.

8. Data Retention

The following retention periods apply to data storage:

Data Type	Retention Period	Deletion Basis
User account	While account is active + 3 years	Statutory limitation period
Repositories and commits	Until deleted by author	Technical necessity/user request
Security Logs	12 months	Incident analysis
Backups	30–90 days	Backup rotation

10. Security Incident Notifications

In the event of a data breach that may impact your rights or freedoms, we will notify you as soon as possible via email or system messages. Where required by law, we will also inform the relevant supervisory authorities.

11. Changes to This Policy

We may update this Policy periodically. By continuing to use the Platform after changes take effect, you confirm your acceptance of the updated Policy.

12. Contact

MetaQuotes Ltd 35 Dodekanisou str., Germasogeia, 4043, Limassol, Cyprus

Email: privacy@metaquotes.net