Privacy Policy

JM Global

1. Introduction

This Application Privacy Policy (the “Policy”) explains how JM Global (the “Company”, “we”, “us”, or “our”) collects, uses, stores, protects, and manages personal information received from users (“Users”, “you”, or “your”) through the JM Global mobile application and related services (collectively, the “Application”).

The Company is committed to maintaining the confidentiality, integrity, and security of Users’ personal information. We do not sell, rent, or otherwise make Users’ personal information publicly available. We process personal information only for the purposes described in this Policy and in accordance with applicable legal, regulatory, contractual, security, and service requirements.

The Application may allow Users to access financial, trading, account, verification, communication, analytics, and related service functionality. Depending on the services used, Users may be required to provide additional information to enable certain features, comply with legal and regulatory obligations, verify identity, prevent fraud, and provide a secure service environment.

Third-party service providers

The Application may use third-party service providers to support secure operation, analytics, attribution, crash reporting, notifications, identity verification, fraud prevention, customer support, infrastructure, and other technical or service-related functionality. Such providers may process data in accordance with their own privacy policies and contractual obligations. Depending on the Application configuration, these providers may include:

  • Google services, including Google Privacy Policy and Google Analytics for Firebase
  • Google Cloud services and related data processing services
  • Firebase Crashlytics
  • Meta/Facebook technologies
  • Amplitude
  • AppsFlyer
  • OneSignal
  • OpenAI services
  • Onfido or other identity verification providers
  • Other infrastructure, analytics, security, customer support, and communication providers used to provide and improve the Application

The specific third-party services used may vary depending on the jurisdiction, Application version, technical configuration, and features available to the User.

2. Collection of information

By creating an account, accessing the Application, or using the services, the User acknowledges that the Company may collect and use information in accordance with this Policy. Certain information may be required before the Company can provide specific services or establish and maintain a business relationship with the User.

To create and operate an account, Users may be asked to complete registration forms and provide information through the Application, personal area, verification process, support channels, payment or transaction flows, or other secure interfaces.

The Application may collect, transmit, store, and verify personal data to enable secure and compliant service provision, including account registration, identity verification, transaction processing, risk management, fraud prevention, customer communication, and service improvement.

3. Personal data collected by the Company

Depending on the services used, the Company may collect the following categories of personal data:

  • Registration information: full name, date of birth, gender, country of residence, phone number, email address, city or region, tax identification number, and other registration details.
  • Contact and profile information: account details, communication preferences, support requests, language preference, and other information provided by the User.
  • Verification documents: government-issued identification documents, passport, national ID, driver’s licence, or similar documents, as well as documents confirming place of residence such as utility bills, bank statements, or other legally acceptable documents.
  • Transaction and financial information: information connected with deposits, withdrawals, money transfers, payment methods, transaction confirmations, account balances, trading account activity, and related service records, where applicable.
  • Technical information: device identifiers, IP address, browser or device type, operating system, mobile network information, application version, crash reports, diagnostic data, log files, cookies or similar technologies, and interaction data.
  • Compliance and risk information: data required for know-your-customer (KYC), anti-money laundering (AML), sanctions screening, politically exposed person (PEP) checks, fraud detection, risk monitoring, and regulatory reporting.
  • Marketing and analytics information: campaign attribution, interaction with notifications, email engagement, advertising identifiers where permitted, and aggregated or pseudonymized analytics data.
  • Other identifying information: any other information customarily used to identify the User or required by applicable law, regulation, service terms, or risk management requirements.

If the User chooses not to provide certain required data, the Company may be unable to provide some or all requested services, including account registration, verification, transactions, or access to specific Application features.

4. Use of information

The Company uses personal data only for legitimate business, legal, security, compliance, contractual, and service-related purposes. Personal data may be used to:

  • create, maintain, verify, and manage User accounts;
  • confirm the User’s identity and conduct checks required by applicable laws and regulations, including KYC, AML, fraud, sanctions, and PEP checks;
  • perform contractual obligations and provide access to Application features and services;
  • process transactions, payments, account operations, and related service requests where applicable;
  • maintain accurate User records and customer databases;
  • provide customer support and respond to inquiries, requests, or complaints;
  • send service-related notices, security messages, account updates, and important operational communications;
  • inform Users about Company updates, products, services, promotions, and marketing communications, subject to applicable consent and opt-out rules;
  • monitor, analyze, and improve the Application, user experience, performance, security, and service quality;
  • detect, prevent, investigate, and respond to fraud, misuse, unauthorized access, technical issues, security incidents, and prohibited activities;
  • comply with legal, regulatory, court, law enforcement, tax, audit, and record-keeping obligations.

Where marketing communications are sent, Users may opt out where required or permitted by applicable law, for example through unsubscribe links, account settings, or by contacting the Company.

5. Information protection

The Company applies appropriate technical, organizational, and administrative security measures designed to protect personal data against accidental loss, unauthorized access, misuse, alteration, disclosure, or destruction.

Access to personal data is limited to employees, contractors, service providers, and authorized persons who need access to perform their duties or provide services. Specific categories of personnel may have access to certain categories of personal data, such as verification, compliance, account management, technical support, security, and customer service teams.

The Application and related systems may use encryption, secure communication protocols, access controls, monitoring, logging, and other security mechanisms to protect information. Where the Company provides or the User chooses a password to access certain parts of the Application, the User is responsible for keeping that password confidential.

The Company will not ask Users to disclose their password to anyone, including Company employees. Users should notify the Company immediately if they suspect unauthorized access to their account or credentials.

6. Retention period

The Company retains personal data for as long as necessary to fulfill the purposes for which it was collected, provide the services, comply with legal and regulatory obligations, resolve disputes, enforce agreements, prevent fraud, and maintain business records.

Unless a shorter or longer period is required by applicable law or justified by legitimate business, regulatory, security, or technical reasons, the standard retention period for personal data may be up to seven (7) years from the end of the business relationship or account closure.

The Company may retain data for a longer period where required for legal, regulatory, audit, tax, dispute resolution, fraud prevention, security, or technical reasons. The Company may delete or anonymize personal data when it determines that such data is no longer necessary for the purpose for which it was collected and is no longer required to be retained.

7. Disclosure of information to third parties

The Company does not rent or sell Users’ personal data to third parties. The Company may disclose personal data only where necessary and appropriate, including in the following circumstances:

  • to comply with applicable laws, regulations, regulatory requirements, court orders, legal processes, or official requests from law enforcement or competent authorities;
  • to protect the rights, property, security, and legitimate interests of the Company, Users, employees, partners, or third parties;
  • to business partners, affiliates, contractors, service providers, and vendors who support the operation, improvement, security, compliance, analytics, verification, communication, payment, infrastructure, or customer support functions of the Application;
  • to identity verification, fraud prevention, payment, analytics, attribution, cloud, hosting, customer communication, or technical service providers acting on behalf of the Company;
  • in connection with a merger, acquisition, restructuring, sale of assets, financing, transfer of business, or similar corporate transaction, subject to appropriate safeguards and notices where required;
  • with the User’s consent or at the User’s request.

Where third parties process personal data on behalf of the Company, the Company takes reasonable steps to ensure that such third parties process personal data only for authorized purposes and in accordance with applicable confidentiality, security, and data protection requirements.

8. Changes in personal information

The Company relies on Users to provide accurate, complete, and up-to-date information. Users should promptly notify the Company of any changes to their personal data through the relevant forms, account area, support channels, or other designated methods in the Application.

The Company may request updated information or documentation where necessary to comply with legal, regulatory, security, or service requirements.

9. Rights of the User

Subject to applicable laws and any legal or regulatory limitations, Users may have the following rights regarding their personal data:

a) Right to be informed and right of access

Users have the right to be informed about how their personal data is processed and may request access to personal data held by the Company. Questions may be submitted by contacting the Company at the email address specified in this Policy.

b) Right to rectification

Users may request correction of inaccurate, incomplete, or outdated personal data by contacting the Company or using the appropriate forms in the Application.

c) Right to restrict processing

Users may request restriction of processing in certain circumstances, such as when they contest the accuracy of personal data or object to certain processing activities.

d) Right to data portability

Where applicable, Users may request to receive personal data they have provided in a structured, commonly used, and machine-readable format or request that such data be transferred to a third party.

e) Right to object

Users may object to the processing of their personal data in certain circumstances, including processing for direct marketing purposes. Users who receive marketing communications may opt out using the methods provided in those communications or by contacting the Company.

f) Right to erasure

Users may request deletion of personal data in certain circumstances, including where the data is no longer needed for the purposes for which it was collected or where the User withdraws consent and there is no other legal basis for processing. Such requests are subject to any legal, regulatory, security, fraud prevention, audit, or record-keeping obligations that require the Company to retain data.

If a User wishes to delete an account in the Application, the User should submit a request to the Company at the contact email specified in this Policy. Data associated with the Application account will be deleted or anonymized unless the Company is required or permitted to retain it for legitimate reasons, including security, fraud prevention, compliance, dispute resolution, or regulatory obligations.

g) Right to refuse to provide information

Users may refuse to provide personal information. However, where information is required for legal, regulatory, compliance, security, or service purposes, refusal may prevent the Company from providing some or all services.

If a User does not want the Company to process personal data necessary for the provision of services, the Company may be unable to continue providing those services or information requested by the User.

10. Updates to this Policy

The Company may update this Policy from time to time to reflect changes in services, technologies, business operations, legal requirements, regulatory requirements, or data processing practices.

When this Policy is updated, the Company may post the updated version within the Application, on the relevant website or policy page, or notify Users through other appropriate communication channels. The updated Policy will apply from the effective date stated in the updated version, unless otherwise required by applicable law.

11. Children’s privacy

The Application is not intended for use by individuals under the age of 18. The Company does not knowingly collect personal information from individuals under 18. If the Company becomes aware that personal data has been collected from an individual under 18, the Company will take appropriate steps to delete such information, unless retention is required by law or for security or fraud prevention reasons.

12. Risk and service notice

The Application may relate to financial, trading, account, analytical, educational, or informational services. Such services may involve risks. Information provided through the Application should not be interpreted as investment advice, a recommendation, or a solicitation to engage in any investment activity unless expressly stated by an authorized entity in accordance with applicable law.

Users are responsible for reviewing the relevant terms, risk disclosures, client agreements, service conditions, and other applicable legal documents before using any financial or trading-related services.

JM Global Application Privacy Policy