LAST UPDATED 09 JULY 2026

Privacy Policy

Privacy Policy2
Privacy PolicyLast updated 09 JULY 2026

This privacy policy (the "Policy") explains how the BABA group (collectively "BABA", "we" or "us" and each member of the BABA group for whose services you registered, the "BABA Entity") collects, uses and discloses personal information through its websites, mobile applications, and other online products and services that link to this Policy, including any of the products and services detailed in the following paragraph (collectively, the "Services") or when you otherwise interact with us.

1. General Information

The collection and use of personal information constitute an integral part of our daily business activity, whereby we intend to provide the best services and products to you, including potential clients.

The present Privacy Policy ("Policy") is an integral part of the public documents' set, which is aimed to establish and regulate our approach in relation to the application of aggregated your personal information while providing services to you. The Policy is revised periodically to ensure that all newly appeared legislative changes, technological solutions, changes related to business practice are comprehensively incorporated in a proper way and maintain the most up-to-date character.

Since the Policy has been adopted as a part of our set of documents, the acceptance of this Policy is indispensable for the provision of our services. If a potential or actual client refuses to give consent to the terms of this Policy, it shall immediately lead to the cessation of all services and termination of other contractual arrangements between you and us.

This Policy applies a range of privacy-related terms, among others the listed definitions are:

  • Consent shall mean intentional, unambiguous and freely given permission by you to process the data relating to you;
  • Encryption shall mean the method whereby the data (irrespectively of its form and format) is converted to an encoded version which can be subsequently decoded by the persons having access and decryption key;
  • Processing shall mean an action or a set of actions, performed on personal data or personal information whether or not by automated means;
  • Third party shall mean any legal or natural person, public authority, body or agency which is authorized to request access to or process personal data under our authority or in cases prescribed by law;
  • Personal Data or Personal Information shall mean any information related to an identified or identifiable client, i.e., you;
  • Secure Sockets Layer ("SSL") shall mean a cryptographically secured protocol, used for secure connection and transmission of data;
  • PCI Data Security Standard ("PCI") shall mean a self-regulatory system that provides an enforceable security standard for payment card data which also covers a compulsory application of the security assessments and violations' detection.
Privacy Policy3
Privacy PolicyLast updated 09 JULY 2026

2. Personal Information: Types and Methods of Collection

Your personal information is collected in two possible ways, namely manual and via automated means. The data collected manually means that you take all reasonable steps in the provision of the particular information or a document.

This Policy sets the following types of personal data to be acquired from you prior to and in the course of business relations between you and us:

  • Full name as provided in passport or other ID, date of birth and residence address;
  • Contact details such as emailing address, telephone number, fax of any other;
  • Information regarding your income, including source of funds, financial assets and liabilities, bank account information;
  • Trading performance, knowledge and experience;
  • Identity verification documents such as Passport, ID Card or Driving License;
  • Residence verification documents such as utility bill, residence certificate or other; and
  • Preferences on which of our services and products you are interested in.

The Policy sets the following information that is acquired via the automated means:

  • IP-address;
  • Network system;
  • Type of operational system; and
  • Types and settings of browser;

By general rule, information collected via automated means should not be considered as able to identify you either directly or indirectly. The list of information requested from you should not be considered exhaustive. We preserve the right to request additional data especially in cases when it is necessary to ensure compliance with the regulations of existing legislation.

3. Cookies

Cookies are small files stored on a computer or other device and used by the web server for keeping track of your browser activities, including delivering individually tailored requests into a session. This means that cookies are used for assessing advertisements and promotions as well as evaluating your interests in services and products provided by us.

Cookies foresee the possibility of choice whether to accept all, restrict to limited range or withdraw from them. However, you should note that partial or full restriction of cookies would lead to the impossibility to access or use certain parts of our website or its features.

Privacy Policy4
Privacy PolicyLast updated 09 JULY 2026

4. Types of Data Acquired from Users' Devices

Web Bugs (or web beacon, pixel tag, clear GIF) which constitute a little graphic image that is usually delivered via web-browser or an email and used for the tracking of emails' delivery, web-page viewing and other statistical information.

Device information which is obtained at the moment of your access to the website. The recognition of your device is important for delivering the most appropriate version of the website.

Log information which is necessary for the tracking of website user's activity and ensure the diminishing any potential inconsistencies.

Location information, through the identification of the IP address in order to be able to localize the content for a particular country that you see on our website.

5. Basis and Purposes of Personal Data Processing

Statutory compliance: In order to provide our services, we are subject to compliance with a range of legislative provisions, in particular those regulating the prevention of money laundering and terrorism financing, financial services provision, taxation, corporate and other branches of law.

Performance of contractual obligations: We process personal data to accomplish onboarding, Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures and provide our services and products.

Formation of a profile and assessment of appropriateness: We need to process your personal information at the moment of account opening. Subsequently, on a periodic basis, we perform an assessment to provide only appropriate services to you.

Marketing purposes: Personal data processed by us may be used to send marketing communications to you, ensuring you are informed about the latest news, changes, and improvements related to our services. You may withdraw from marketing communications; however, this does not cover cases where we intend to deliver legally required information.

Improvements to services and products: We may use information acquired from your activity and use of services to monitor and improve the quality of our services.

Development and marketing of new services and products: Information may be used for creation and promotion of new services.

Legitimate interests: We have to protect and ensure the efficiency of our legitimate interests, including internal business management, risk management, records keeping, security measures, IT system operation, marketing purposes, and communication with you on legal matters. We commit that the use of personal information for legitimate interests will not violate the security of your data.

Privacy Policy5
Privacy PolicyLast updated 09 JULY 2026

6. Storing of Personal Data and Retention Period

We undertake all reasonable efforts to ensure comprehensive security of personal data against external vulnerabilities. Secure Sockets Layer (SSL) encryption technology is used to enhance protection of information.

Application of PCI scanning measures, Transport Layer encryption, and AES algorithm in Application layer with 256-bit key length reduce risks associated with external threats related to data stored on credit cards.

Complex authentication systems and access control mechanisms avoid unauthorized access to systems and data, which are kept on different internal systems and secured servers.

If the business relationship is terminated, we may be obliged to retain your personal information for a certain period, as prescribed by law, which may vary in duration and scope.

7. Data Deletion Request

Users have the right to request deletion of their personal data held by BABA Option.

This applies to personal information collected directly through our services as well as information obtained through any third-party authentication or social login services supported by BABA Option.

To submit a data deletion request, please contact us using the following details:

Email:[email protected]

Subject:Data Deletion Request

Please include sufficient information to identify your account, such as your registered email address and full name.

Upon receipt of a valid request, we will verify your identity and delete or anonymize the applicable personal data within a reasonable period, except where retention is required or permitted by applicable laws, regulatory obligations, fraud prevention, dispute resolution, security purposes, or other legitimate business interests.

Where appropriate, we will notify you by email once the request has been completed.

Privacy Policy6
Privacy PolicyLast updated 09 JULY 2026

8. Third - Party Disclosure

We shall not disclose your personal data to any third party. However, the following cases exempt us from any liability for disclosure or sharing of personal information:

  • In accordance with applicable laws, regulations, prescriptions, or other binding instruments, we may disclose personal information to the required extent, either on our own initiative or upon legitimate request by state authorities, law enforcement agencies, judicial orders, or regulatory bodies; or
  • Disclosure to third parties performing specific functions on behalf of us, acting under our authorization, following our compliance procedures, and maintaining adequate personal data security.

Additionally, in the course of providing services to you, we may share your personal data with our affiliates or group entities. Such transfers may occur after you complete the sign-up process, particularly during the account activation stage, for the purposes of account management and service provision.

These affiliated entities are contractually bound to adhere to the same data protection standards set forth in this Privacy Policy and are obligated under applicable laws to maintain the confidentiality and security of your personal data.

9. Changes in This Policy

This Policy is subject to timely revision to account for new laws, technologies, changes to our operations and practices, and to ensure it corresponds to the changing environment. You will be notified about these revisions through available communication means.