Last Modified: September 18, 2023
The official language used by Topstep is English and translations are made for convenience and reference only; in the event of a conflict between the English language version of this document and any version translated into any other language, the English language version shall prevail.
“Account” means an account of a User that is registered with Topstep that has access to specified Services of Topstep.
“Authorization” means the set of rights and privileges on the Sites assigned to a User by Topstep.
“Brazilian User” means a User who resides in Brazil.
“Content” means all information and other materials present on the Sites, including Topstep’s products and services, text, images, photos, trading ideas, opinions, rumors, advice, charts, financial information, ratings, reviews, or similar information.
“Controller” means a person or entity who, either alone or jointly, determines the purposes and means of the processing of Personal Data, controls the data, and is responsible for it.
“Credit Card Information” means that information required to process a credit card payment, including name of the debit card holder, credit card number, CVV number, expiration date, billing address, phone number, and email address.
“Data” means information generated by you and other Users (whether aggregated or otherwise).
“Data Protection Officer” means the person or entity in charge of the data processing operation.
“Data Subject” means an identified or identifiable natural person.
“Debit Card Information” means that information required to process a debit card payment, including name of the debit card holder, debit card number, CVV number, expiration date, billing address, phone number, and email address.
“EU” means the European Union.
“EU User” means a User who resides in the European Union.
“Feedback” means your comments, feedback, information, or other materials regarding the Sites and Services.
“GDPR” means the General Data Protection Regulation, adopted as Regulation (EU) 2016/679 of the European Parliament on April 14, 2016.
“LGPD” means Lei Geral de Proteção de Dado, Brazil’s Data Protection Law.
“Log Data” means information that your browser sends whenever you visit a website; this information is automatically recorded by our servers.
“Personal Data” means any information relating to an identified or identifiable natural person or any information that is used for the behavior profiling of a particular natural person, if that person is identified.
“Sensitive Data” means data that reveals social security numbers, driver’s license numbers, government identification cards, financial account numbers or payment card numbers in combination with any required security or access code, password or credentials allowing access to an account, a persons’ precise geolocation, racial or ethnic origin, citizenship or immigration status, political opinions, religious or philosophical beliefs, or trade union membership, biometric data, data that concerns health, or data that concerns a natural person’s sex life or sexual orientation.
“UK” means the United Kingdom.
“UK GDPR” means the United Kingdom’s Data Protection Act of 2018, adopted pursuant to the GDPR.
“UK User” means a User that resides in the UK.
“User Submission” means any comment, or personal information, including, without limitation, ideas, suggestions, opinions, comments, observations, or other material , posted to any public form on our Sites or Services, including any publication, article, social network page, blog, chat room, or other such forum.
“Visitor” means a legal or natural person who visits our Site without having an Account.
Accounts and Personal Information. You may choose to register an Account with our Sites or Services, and we may collect certain personal information from you in order to provide services and to complete transactions. Any information you choose to submit will be collected.
When you register with us through our Sites or Services, we will ask you for Personal Data. Personal Data may include your name, phone number, email address, postal address, username, password, zip code, and age (optional).
Requests for Support; Contact Forms. To contact us for more information or to request support via the Sites and/or Services, you will need to provide your contact information (e.g., full name, postal address, email address, phone number) as applicable and the subject matter in which you are interested.
User Submissions. If you post a User Submission to any public forum on our Sites or Services, including, without limitation, any publication, article, social network page, blog, chat room, or other such forum, please be aware that any Personal Data disclosed in your User Submission can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor we control. You are responsible for the User Submission enter, submit, create, post, upload, transmit, or otherwise provide through or using the Sites or Services. All user-generated content is provided at your own risk. We cannot guarantee that User Submissions will not be viewed by unauthorized persons. You understand that, even after removal, copies of user-generated content you have provided may remain viewable in cached and archived pages and may have been copied or stored by Internet archives and other Users or Visitors. We may make User Submissions available, including publicly available, to other Sites and Services Users and Visitors, as applicable and at its sole discretion.
We may also aggregate all or any part of User Submissions. Topstep is not responsible for the Personal Data contained in your User Submission.
Payment Information. Certain features on the Sites and certain Services may require you to provide Credit Card Information or Debit Card Information. We do not directly access, handle, or store your Credit Card Information or Debit Card Information as we employ the services of a third-party payment processor.
Marketing Communications. If you sign up or otherwise provide your email address to us, we will use this information to send you updates about Topstep and promotional and other electronic communications. You may opt out of receiving updates and other emails from us at any time by following the unsubscribe instructions in the applicable email or by contacting us using the contact information provided below under “Contact Us.” Note that, even if you opt out of receiving promotional communications from Topstep, you may still receive administrative communications from us with respect to your use of the Sites and/or Services. We may use third-party email providers to deliver these communications to you.
We are active on social media. You may have the opportunity to comment on those social media platforms regarding our Sites and Services and/or to submit or upload related photographs and other materials. We reserve the right to post on the Sites and Services, other websites, and social media pages any comments, photographs, or content that you post on our social media pages or provide to us through social media.
Chat Features. If you use any chat or messaging feature on the Sites or Services, we will collect all text and other information and content that you may provide or input using those features. If you use a chat or messaging feature while signed into your account, we may link that information to your account.
Purposes for Which We Collect Personal Data
Topstep uses the information we collect for the following purposes:
How We Use and Share Your Personal Data
Topstep may share your Personal Data with our affiliates or with third parties (such categories of third parties as identified above), which provide services to us and which agree to keep such Personal Data confidential.
We may employ third-party companies and individuals for any of the following:
Additionally, we retain the right to disclose Personal Data as allowed or required by law. We may also disclose Personal Data under the following circumstances:
You acknowledge that Topstep may collect and aggregate information about you and your particular simulated trades, trading patterns and preferences, and other preferences and interests and use such information in its sole discretion. Topstep may share or sell such information to Topstep’s business partners, affiliates, vendors, distributors, or other collaborators for these same purposes and each of them may use all such information to influence their own trading habits through mirroring simulated trades in actual financial markets or use them in any other manner. You agree that such activities may be performed automatically and in no circumstance shall you be entitled to any payment or compensation.
Location of Processing
Personal Data is processed in the United States of America. Personal Data from EU Users and Brazilian Users is processed in the United States. Topstep shall process such Personal Data in accordance with the requirements of the GDPR and LGPD.
This Section only applies to California, Colorado, Connecticut, Utah, and Virginia residents and such other persons as may be required under applicable U.S. state law. This Section does not apply to such categories of Personal Data (which includes “personal information” and “personal data” as such might be defined under applicable U.S. state law) excluded or exempted from applicable U.S. state data protection laws, including, without limitation:
In particular, our Sites or Services has collected the following categories of Personal Data from consumers within the last 12 months:
To target advertisements for goods and services and to display those advertisements on other websites.
To administer the Sites and Services and its servers, to generate statistical information, to monitor and analyze Sites and Services traffic and usage patterns, to monitor and help prevent fraud, to investigate complaints and violations of our policies, and to improve the Sites and Services.
We obtain the categories of Personal Data listed above from the following categories:
Applicable laws in your jurisdiction may grant you certain rights—subject to all applicable limitations, exemptions, or exceptions—regarding our collection and use of your Personal Data. These rights may include, to the extent applicable and to the extent granted under applicable law:
We do not use your Personal Data to profile you in furtherance of decisions that produce legal or significantly similar effects (as may be defined under applicable law).
We do not sell your personal information as the term “sell” is commonly understood to require an exchange for money. Please note that our use of advertising and analytics cookies on our Sites and Services may be considered a “sale” / “sharing for cross-contextual behavior advertising purposes” of personal information as the term “sale” or “share” is defined under applicable data protection laws to include both monetary and other valuable consideration. To be as transparent as possible with you, we consider these uses a “sale” or “share” and will comply with the restrictions of the “sale” or “share” of this information to the extent technologically feasible.
In the preceding 12 months, we have ““sold” and “shared” for cross-contextual behavioral advertising purposes Internet or other electronic network activity information, as defined in the table above and the cookies and other data as described in the “Log Data, Cookies, and Related Tracking Technologies” section below.
Under applicable data protection laws, you may have the right to opt-out of our “sale” or “sharing” of Personal Data to third parties. You may exercise this right to opt-out by contacting us through the methods set forth in the “Exercise Your Rights” section below, or by clicking the “DO NOT SELL OR SHARE MY PERSONAL DATA” link.
California, Colorado, Connecticut and other applicable U.S. state privacy laws may require us to let you know how we respond to web browser Do Not Track Signals or other mechanisms that provide consumers the ability to exercise choice regarding the automatic collection about your online activities over time. California, Colorado, Connecticut and other residents of applicable U.S. states can opt out by broadcasting an Opt-Out Preference Signal, including through the use of the Global Privacy Control (“GPC”), depending on which browsers and/or browser extensions you use that may support such signals. To take a look at extensions and browsers supporting the GPC browser signals, please visit here: https://globalprivacycontrol.org/. Note that if you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.
The above rights are only exercisable by you where the applicable law grants you the right being exerted and where no exception or exemption under applicable law applies. You may also have a registered agent (if and only as permitted under applicable law) that you authorize to act on your behalf. If you have a registered agent act on your behalf, we have the right to authenticate such agent’s authority to act. To exercise the rights described herein (only to the extent applicable), you may submit a verifiable request to us through the methods set forth under the “Exercise Your Rights” section below.
EU and UK GDPR Supplemental Privacy Notice
The GDPR and UK GDPR, addresses the protection of natural persons located in the EU or UK with respect to the processing of their Personal Data. The UK GDPR and the GDPR recognize that Personal Data shall be:
As a Controller, Topstep shall be responsible for, and shall be able to demonstrate compliance with, the foregoing principles. Subject to all applicable exemptions and exceptions, you may have the right:
LGPD Supplemental Privacy Notice
This Section addresses legal obligations and rights set forth in the LGPD that apply only to eligible residents of Brazil. These obligations and rights apply to businesses doing business in Brazil and to Brazilian residents and information that relates to Brazilian Users. It does not apply to information that has been anonymized.
The above rights are only exercisable by you where applicable law in the jurisdiction in which you reside actually grant you the right being exerted.
Visiting: Data Subject Rights Request Form
Only you or a registered agent (if and only as permitted under applicable law) that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Data. If you have a registered agent act on your behalf, we have the right to authenticate such agent’s authority to act. Without limiting the foregoing, the verifiable consumer request must:
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
We will respond to your request within the applicable timeframe required under applicable law. If we deny your request, you can appeal such denial by visiting firstname.lastname@example.org.
We have in place reasonable and appropriate technical, physical, and organizational procedures and security measures designed to prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information we collect, taking into account the cost of implementing such measures commensurate with the risks posed by the particular type of processing, the nature of the Personal Data, and in accordance with applicable law. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the security of your Personal Data.
Topstep Sites or Services are not intended for use by minors under the age of 18 and are not targeted to children.
We do not intentionally collect, process, transfer, or store Sensitive Data.
The servers used to operate and provide the Sites and Services may collect data pertaining to you and the equipment, software, and communication methods you use to access the Internet and the Sites and Services, including Internet protocol (“IP”) addresses assigned to the computers and other devices from where you access the Internet, your Internet service provider (ISP), device ID numbers and unique identifiers, your media access control (MAC) address, your operating system, your computer screen resolution, your web browser type, the pages you access on the Sites and Services, the websites you access before and after visiting the Sites and Services, the length of time you spend on the Sites and Services, date and time stamps, clickstream data, your approximate geographic location, performance statistics, and usage data. WE may use this information to administer the Sites and Services and its servers, to generate statistical information, to monitor and analyze Sites and Services traffic and usage patterns, to monitor and help prevent fraud, to investigate complaints and violations of our policies, and to improve the Sites and Services. We may combine this information with other Personal Data (including personal information) and information obtained from third parties for security reasons and to protect our rights or the rights of others. The suppliers that we use to provide the Sites and Services may collect information about your visits to the Sites and Services and other websites. Some of this information may be collected using cookies and similar tracking technologies as explained below.
Most browsers automatically accept cookies. Browsers generally also allow users to manage cookies in the browser’s settings. For example, a browser may allow you to reject cookies from certain websites, reject certain types of cookies regardless of the website, reject or disable all cookies from all websites, and/or delete cookies stored previously. Some browsers also give you the option of being notified every time a cookie is sent to your browser by a website. You can disable or limit cookies but doing so may impact your use and enjoyment of the Sites and Services and other websites. For example, the Sites and Services may not be able to be personalized for you, may no longer capture or remember your preferences or other choices you have made on the Sites and Services in the past, and may not remember your name or contact information. Changing your cookie preferences in one browser will not necessarily carry over to other browsers, so you may need to adjust your preferences each time you get a new computer, install a new browser, upgrade an existing browser, or alter or delete a browser’s cookie file.
The Sites and Services may also use the following types of tracking technologies: web beacons (also called clear GIFs), flash cookies, and pixels (also called pixel tags). Web beacons are tiny graphics with unique identifiers that function similar to how cookies function but, in contrast to cookies, web beacons are embedded invisibly on websites. Flash cookies collect and store information about your use of a website and are commonly used for advertisements and videos. Pixel tags can be placed on websites or within emails to track your interactions with those websites and when emails are opened.
Our servers also automatically record Log Data which includes information such as your internet service provider, your computer’s internet protocol address, browser type and operating system, referring/exit pages, clickstream data, pages of our Sites and Services that you visit (and the time spent on these pages), information you search for on our Sites or Services, and other statistics. We use this information to monitor and analyze your use of our Sites or Services and to better tailor them to your needs in order to provide you with a better experience.
Please click here to see the Cookies used on our site.
The Sites and Services uses third-party analytics tools (e.g., Google Analytics) to collect and process data about your use of the Sites and Services, including when you visit the Sites and Services, URLs of the websites that you visit prior to visiting the Sites and Services and when you visit those websites, and IP addresses assigned to the devices from where you access the Internet. Our analytics providers may set and read cookies to collect this data and your web browser will automatically send data collected by those cookies to our analytics providers. Our analytics providers use this data to provide us with reports that we will use to improve the Sites’ and Services’ structure and content.
Additionally, the Sites and Services may use or participate in advertising networks and related advertising services that are managed and provided by third-party advertising servers, advertising agencies, technology vendors, and research firms, including, without limitation, Google Ads. These services collect information about your visits to and interactions with the Sites and Services and other websites and will use that information to target advertisements for goods and services and to display those advertisements on other websites. The information collected may be associated with your personal information.
For certain Facebook advertising services, Facebook Ireland is a Joint Controller (as defined in the GDPR) and that information required under the GDPR related to such processing can be found at https://www.facebook.com/about/privacy. We work with Facebook and use their advertising services to measure and improve our ads and marketing efforts, as well as to display more relevant advertising to you. For further information on how Facebook Ireland processes your personal information, including the legal basis, and the ways to exercise your rights, please visit https://www.facebook.com/about/privacy.
To change your preferences with respect to certain online ads and to obtain more information about third-party ad networks and online behavioral advertising, please visit the National Advertising Initiative Consumer opt-out page or the Digital Advertising Alliance Self-Regulatory Program. Please remember that changing your settings with individual web browsers or ad networks will not necessarily carry over to other browsers or ad networks. As a result, depending on the opt-outs you request, you may still see our ads from time to time. Your device may also include a feature (“Limit Ad Tracking” on iOS or “Opt Out of Interest-Based Ads” on Android) that allows you to opt out of having certain information collected through apps used for behavioral advertising purposes.
Personal Data you provide to us should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date. Topstep strives to keep your Personal Data accurately recorded. You have the right to access and request the correction, amendment, or deletion of all of your recorded personal information that has been collected by us. In addition to those methods set forth in the “Exercise Your Rights” section above, if you wish to review your recorded Personal Data, please contact us at:
c/o Topstep LLC, Attn: Data Protection Officer, 141 West Jackson Boulevard, Suite 4240, Chicago, IL 60604.
Topstep retains Personal Data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Topstep takes into consideration local laws, contractual obligations, and the expectations and requirements of our Users. We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. When we no longer need personal information, we securely delete or destroy it.