Privacy Policy

Last Modified: January 26, 2022

1. Scope of This Privacy Policy

This Privacy Policy outlines what types of information are collected from our account holders, users, and visitors (“you”, “your”, or “User”), to whom it may be disclosed, and how that information may be used by Topstep LLC, a Delaware limited liability company, and its affiliated entities (collectively, “Topstep”, “we”, “our”, or “us”), as each of the foregoing relates to your use of Topstep’s Websites (“Sites”), software, applications, content, platforms, products, and services (each, a “Service, and collectively, the “Services”). This Privacy Policy contains capitalized words or phrases throughout which are defined terms. Their definitions are found either in this Privacy Policy or the Terms of Use.

By using the Sites or Services, you agree that you have read, understood, and consented to this Privacy Policy, our Terms of Use, all amendments, addenda, and licenses to each of the Privacy Policy and the Terms of Use (collectively, the “Agreement”). You should review the Terms of Use, along with this Privacy Policy. By using our Sites or Services, you consent to Topstep’s use of your information and data as described in the Agreement. If you do not agree to the terms of this Privacy Policy, do not use the Sites or Services. Please check back periodically as Topstep reserves the right to change, modify, add, or remove portions of this Privacy Policy after providing notice to you. The form of such notice is determined at our discretion.

The official language used by Topstep is English; in the event of a conflict between the English language version of this document and any version translated into any other language, the English language version shall prevail.

2. Definitions

“Account” means an account of a User that is registered with Topstep that has access to specified Services of Topstep.

“Agreement” means this Privacy Policy, our Terms of Use, all amendments, addenda, and licenses to each of the Privacy Policy and the Terms of Use.

“Authorization” means the set of rights and privileges on the Sites assigned to a User by Topstep.

“Brazilian User” means a User who resides in Brazil.

“Content” means all information and other materials present on the Sites, including Topstep’s products and services, text, images, photos, trading ideas, opinions rumors, advice, charts, financial information, ratings, reviews, or similar information.

“Controller” means a person or entity who, either alone or jointly, determines the purposes and means of the processing of Personal Data, controls the data, and is responsible for it.

“Cookies” means small files that are placed on your hard drive for identification purposes. These files are used for site registration and customization the next time you visit us.

“Credit Card Information” means that information required to process a credit card payment, including name of the debit card holder, credit card number, CVV number, expiration date, billing address, phone number, and email address.

“Data” means information generated by you and other Users (whether aggregated or otherwise).

“Data Protection Officer” means the person or entity in charge of the data processing operation.

“Data Subject” means an identified or identifiable natural person.

“Debit Card Information” means that information required to process a debit card payment, including name of the debit card holder, debit card number, CVV number, expiration date, billing address, phone number, and email address.

“Designated Agent” means the Topstep representative identified in Section 2 of the Terms of Use.

“EU” means the European Union.

“EU User” means a User who resides in the European Union.

“Feedback” means your comments, feedback, information, or other materials regarding the Sites and Services.

“GDPR” means the General Data Protection Regulation, adopted as Regulation (EU) 2016/679 of the European Parliament on April 14, 2016.

“LGPD” means Lei Geral de Proteção de Dado, Brazil’s Data Protection Law.

“Log Data” means information that your browser sends whenever you visit a website; this information is automatically recorded by our servers.

“Personal Data” means any information relating to an identified or identifiable natural person or any information that is used for the behavior profiling of a particular natural person, if that person is identified.

“Sensitive Data” means data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, biometric data, data that concerns health, or data that concerns a natural person’s sex life or sexual orientation.

“Terms” means Topstep’s Terms of Use.

“User” means a natural or legal person over the age of 18 who has accepted Topstep’s Terms of Use and, if applicable, has been authorized to use the Account on behalf of himself/herself.

“User Submission” means any comment, or personal information, including ideas, suggestions, opinions, comments, observations, or other material , posted to any public form on our Sites or Services, including any publication, article, social network page, blog, chat room, or other such forum.

“Visitor” means a legal or natural person who visits our Site without having an Account.

3. Topstep as Data Controller / Data Protection Officer

This Privacy Policy applies to the information and data collected by Topstep as a Controller. Should you have questions or requests regarding your Personal Data, you may contact Topstep’s Data Protection Officer at any time at support@Topstep.com. You may also call us at (888) 407-1611 or write to us at: Topstep LLC, Attn: Data Protection Officer, 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661.

4. Designated Agent

Topstep’s Designated Agent for purposes of the Digital Millennium Copyright Act may be contacted at support@Topstep.com. Please refer to “Designated Agent” in the subject line of your email. You may also call us at (888) 407-1611 or write to us at: Topstep LLC, Attn: Designated Agent, 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661.

5. Collection of Personal Data

You may choose to register an Account with our Sites or Services, and we may collect certain personal information from you in order to provide services and to complete transactions.

When you register with us through our Sites or Services, we will ask you for Personal Data. Personal Data may include your name, phone number, email address, postal address, username, password, zip code, and age (optional).

Our Sites or Services may provide links to third-party applications, products, services, or websites for your convenience and information. If you access those links, you will leave our Sites or Services. We do not control those third-party sites and services or their privacy practices, which may differ from our practices. We do not endorse or make any representations about third-party sites. Any information you choose to provide to, or that is collected by those third parties is not covered by the Agreement. We cannot control the activities of third parties, and we have no responsibility for any use of the information provided by such third parties. Any information you choose to provide to third party websites or products will be governed by the policies of those third-party websites and products.

If you post a User Submission to any public forum on our Sites or Services, including any publication, article, social network page, blog, chat room, or other such forum, please be aware that any Personal Data disclosed in your User Submission can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor we control. We may also aggregate all or any part of User Submissions into a resource that we may use, share, or distribute provided that any Personal Data has been anonymized. Topstep is not responsible for the Personal Data contained in your User Submission.

6. Legal Basis for Collecting Your Personal Data

Our legal basis for collecting and using your Personal Data will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so, where we need your Personal Data to perform a contract with you, where the processing is in our legitimate interests and is not overridden by your data protection interests or fundamental rights and freedoms, and when we have a legal obligation to do so. Your consent to our Terms of Use and this Privacy Policy also constitutes the legal basis upon which we may collect your Personal Data.

7. Purposes for Which We Collect Personal Data / How We Use and Share Your Personal Data / Location of Processing

Purposes for Which We Collect Personal Data

We do not sell your Personal Data to third parties to use for their own marketing purposes. Topstep uses the information we collect for the following purposes:

Provide our Services. To provide the services we offer on our Sites and Services, to communicate with you about your use of our Sites or Services, to respond to your inquiries, to provide troubleshooting, and for other customer services designed to make your experience better.

Personalization. To tailor the content and information that we may send or display to you, to suggest personalized help and instructions, and to otherwise personalize your experience while visiting or using our Sites or Services.

Advertising. To display interest-based advertising to you, to improve our advertising and measurement systems so that we can show you more relevant ads, and to measure the effectiveness and reach of ads and services.

Marketing and Promotions. For marketing and promotional purposes, such as to send you news and updates, special offers, and promotions, or other otherwise contact you about products, services, or information we think may interest you, including information about third party products and services.

Analytics. To gather metrics to better understand how Users access and use the Sites and Services; to evaluate and improve the Sites and Services; and to develop new products and services.

Comply with the Law. To comply with legal obligations, as part of our general business operations, and for other business administration purposes.

Prevent Misuse. Where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Use or this Privacy Policy.

How We Use and Share Your Personal Data

We use the information you provide to offer, manage, or improve our Sites or Services, including but not limited to:

improving content;

adapting or adding in new features and functionality;

providing and improving service and support;

delivering relevant advertising;

assisting with social sharing functionality;

developing new products and services;

selecting content to be communicated to you;

aggregating certain types of information to better understand or provide better engagement with our Users; and

contacting you regarding our products or services; and preventing and detecting security threats, fraud or other malicious activity.

Topstep may share your Personal Data with our affiliates or with third parties, which provide services to us and which agree to keep such Personal Data confidential. You may view our agreements our affiliates and providers here.

We may employ third-party companies and individuals for any of the following:

to facilitate the Sites or Services;

to provide the Sites or Services on our behalf;

to perform related services, including maintenance, database management, web analytics, and improvement of the features or functionality;

to assist us in data analysis; and

to process debit, credit, and other payments and to perform related services.

Topstep may collect and compile general information about you, your preferences and interests and use that information as described in this Section. We may share with or sell such information to third parties for these same purposes but would never do so without your consent. When you sign up for an Account, you will be asked if you consent to us sharing or selling your information. If you do not provide your consent, we will not share with or sell any of your information to third parties.

We retain the right to disclose Personal Data as allowed or required by law. We may also disclose Personal Data under the following circumstances:

to respond to duly authorized information requests of police and governmental authorities;

to comply with any law, regulation, subpoena, or court order;

to investigate and help prevent security threats, fraud or other malicious activity;

to investigate and help prevent a violation of any contractual or other relationship with Topstep or the perpetration of any illegal or harmful activity;

to enforce and protect the rights and properties of Topstep, its affiliates and its business partners; and

to protect the personal safety of our employees, agents, affiliates, business partners, customers or site users.

In the event of a merger, consolidation, or sale or transfer of all or substantially all of the assets of Topstep or the Topstep Parties, Personal Data stored in our database will be transferred to the purchasing or new entity. However, the use of this information by any purchasing or surviving entity would be governed by the terms of this Privacy Policy, as amended from time to time, including any amendment after such transaction.

Your information may be transferred to and maintained on computers and servers located outside of your state, province, country, or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, Topstep transfers Personal Data to the United States and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

You acknowledge that Topstep may collect and aggregate information about you and your particular simulated trades, trading patterns and preferences, and other preferences and interests and use such information in its sole discretion. Topstep may share or sell such information to Topstep’s business partners, affiliates, vendors, distributors, or other collaborators for these same purposes and each of them may use all such information to influence their own trading habits through mirroring simulated trades in actual financial markets or use them in any other manner. You agree that such activities may be performed automatically and in no circumstance shall you be entitled to any payment or compensation. Further, all such actives shall be performed without the necessity of notice.

Location of Processing

Personal Data is processed in the United States of America. Personal Data from EU Users and Brazilian Users is processed in the United States. Topstep shall process such Personal Data in accordance with the requirements of the GDPR and LGPD.

8. California Privacy Rights

This Section supplements the information contained in this Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California. This Section complies with the California Consumer Privacy Act of 2018 (“CCPA”) and any terms defined in the CCPA have the same meaning when used in this Section. This Section does not apply to workforce-related personal information collected from California-based employees, job applicants, contractors or similar individuals.

Our Site or Services collects information that may identify, relate to, describe, reference, or is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer, household or device (“Personal Information”). Personal Information does not include:

Publicly available information from government records;
Deidentified or aggregated consumer information; or
Information excluded from the CCPA’s scope.

In particular, our Sites or Services has collected the following categories of Personal Information from consumers within the last 12 months:

Category	Examples	Collected
Identifiers	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers	YES
Personal Information categories listed in the California Consumer Records State (Cal. Civ. Code § 1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	YES
Protected classification characteristics under California or Federal Law	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	YES
Commercial Information	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	NO
Biometric Information	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	NO
Internet or other similar network activity	Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.	YES
Geolocation Data	Physical location or movements.	NO
Sensory Data	Audio, electronic, visual, olfactory, or similar information.	NO
Professional or employment-related information	Current or past job history or performance evaluations.	NO
Non-public education information	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	NO
Inferences drawn from other personal information	Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	NO

We obtain the categories of Personal Information listed above from the following categories:

Directly from you. For example, forms you complete or products and services your purchase; and

Indirectly from you. For example, from observing your actions on our Site.

The CCPA provides California residents with specific rights regarding their Personal Information. California residents have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:

The categories of Personal Information we collected about you.

The categories of sources for the Personal Information we collected about you.

Our business or commercial purpose for collecting or selling that Personal Information.

The categories of third parties with whom we share that personal information.

If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:

- sales, identifying the Personal Information categories that each category of recipient purchased; and
- disclosures of a business purpose, identifying the Personal Information categories that each category of recipient obtained.

The specific pieces of Personal Information we collected about you (also called a portability request).

California residents also have the right to request that we delete any of your Personal Information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the Personal Information applies. We will delete or deidentify Personal Information not subject to one of these exceptions from our records and will direct our service providers to take similar action.

To exercise your rights to know or delete described above, please submit a request by submitting a request to: c/o Topstep LLC, Attn: Data Protection Officer, 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661 or at support@Topstep.com. Only you, or someone legally authorized to act on your behalf, may request to know or delete related to your Personal Information. You may also make a request to know or delete on behalf of your child. You may only submit a request to know within a 12-month period. Your request to know or delete must provide sufficient information that allows us to reasonably verify you are the persona bout whom we collected Personal Information or an authorized representative. We endeavor to substantively respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing.

We will not discriminate against you for exercising any of your CCPA rights. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your Personal Information’s value.

California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Site that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to support@Topstep.com or write us at: Topstep LLC, Attn: Data Protection Officer, 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661.

9. GDPR and LGPD

European Union General Data Protection Regulation 2016/679

European Union General Data Protection Regulation EU 2016/679 (“GDPR”), approved by the European Parliament on April 14, 2016, and effective May 25, 2018, addresses the protection of natural persons located in the EU with respect to the processing of their Personal Data. GDPR recognizes that Personal Data shall be:

processed lawfully, fairly and in a transparent manner;

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;

accurate and, where necessary, kept up to date;

kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed; and

processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

As a Controller, Topstep shall be responsible for, and shall be able to demonstrate compliance with, the foregoing principles. Therefore, you have the right:

to request the correction or update of any Personal Data that is incorrect or incomplete;

to request the erasure of your Personal Data (the right to be forgotten);

to portability of your Personal Data;

to object to the processing of your Personal Data;

not to be subject to a decision based on automated decision-making, including profiling;

to withdraw consent to the processing of your Personal Data; and

to register a complaint with an EU supervisory authority.

LGPD Supplemental Privacy Notice

This Section addresses legal obligations and rights set forth in the LGPD that apply only to eligible residents of Brazil. These obligations and rights apply to businesses doing business in Brazil and to Brazilian residents and information that relates to Brazilian Users. IT does not apply to information that has been anonymized by the LGPD.

If you are a Brazilian resident, the following provisions apply in addition to the terms of the Privacy Notice:

The LGPD grants you certain rights about your Personal Data. In addition to the rights outlined in this Privacy Policy, you also have the right to:

- request the deletion, blocking or anonymization of your Personal Data, if you believe Topstep is processing your Personal Data information in an unnecessary, exceeding or non-compliant matter;

- request the portability of your Personal Data; and

- request information about the entities with which Topstep has shared your Personal Data with.

Because the Services and Sites are provided to you by Topstep in the United States, Topstep needs to carry out international transfers of your Personal Data from Brazil to the United States and other countries for the proper operation of the Services. Therefore, the international transfers of all Brazilian Users’ Personal Data are based upon contractual necessity, as provided by the LGPD.

Request for the deletion of Personal Data

Under the GDPR and the LGPD, EU Users and Brazilian Users may have the right to request the deletion of their Personal Data that Topstep collects, stores, or processes. In the event Topstep receives such a request, Topstep will erase the Personal Data without undue delay (which will be no longer than 30 days for EU Users and no longer than 15 days for Brazilian Users). All requests will be subject to our information request requirements, including identity verification and authentication procedures, as well as compliance with applicable law. To the extent permitted by the applicable laws, we may decline, however, requests that are unreasonable, incomplete, do not comply with our information request procedures or that are not required to be honored by applicable law.

If you would like to submit a request for erasure (request to be forgotten), please use the form linked here.

10. Keeping Your Personal Data Secure

To prevent unauthorized access or disclosure, to maintain data accuracy, and to ensure the appropriate use of the information, Topstep utilizes generally accepted industry standards to protect your Personal Data submitted to Topstep or relies on the services of third parties to provide the same. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your Personal Data.

11. Children’s Privacy

Topstep Sites or Services are not intended for use by minors under the age of 18 and are not targeted to children. Topstep does not knowingly collect information from children under the age of 16, solicit information from such children, or market products to such children.

12. Sensitive Data

We do not intentionally collect, process, transfer, or store Sensitive Data.

13. Log Data and Cookies

We use cookies and other similar technologies, including log data, on our Sites and Services to distinguish you from other users of our websites and apps (including when you browse third party websites). This helps us to provide you with a good experience when you use our services. We also use cookies and similar technologies to show you more personalized advertising. You may adjust the settings on your browser to refuse cookies but some of our services may not work if you do so.

Our servers also automatically record Log Data which includes information such as your internet service provider, your computer’s internet protocol address, browser type and operating system, referring/exit pages, clickstream data, pages of our Sites and Services that you visit (and the time spent on these pages), information you search for on our Sites or Services, and other statistics. We use this information to monitor and analyze your use of our Sites or Services and to better tailor them to your needs in order to provide you with a better experience.

Please click here to see the Cookies used on our site.

14. Access to and Accuracy of Your Personal Data

Topstep strives to keep your Personal Data accurately recorded. You have the right to access and request the correction, amendment, or deletion of all of your recorded personal information that has been collected by us. If you wish to review your recorded Personal Data, please contact us at:

c/o Topstep LLC, Attn: Data Protection Officer, Email: support@Topstep.com U.S. Mail: 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661.

If you write to us, please include your name, email address, and telephone number and let us know what kind of information you would like to see. You may view and copy your information in person, or if you prefer, we will copy and send you your information. If you see any mistakes, let us know and we will review it. If we agree, we will correct our files. If we disagree, you may file a short statement of dispute with us. Your statement will be included with any data we disclose in the future. We will also send the statement to anyone you ask us to who received your information from us in the past two years.

15. Data Retention

Topstep retains Personal Data for as long as we reasonably require it for legal or business purposes. In determining data retention periods, Topstep takes into consideration local laws, contractual obligations, and the expectations and requirements of our Users. We will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. When we no longer need personal information, we securely delete or destroy it.

16. Acceptance of and Modifications to This Privacy Policy

You must affirm that you have read, understand, and accept the terms of this Privacy Policy. If you do not accept the terms of this Privacy Policy, you must discontinue your use of the Sites and Services.

The terms of the Privacy Policy may change from time to time. If we modify our Privacy Policy, we will notify you and post the revised statement here, with an updated revision date. You must affirm that you have read, understand, and accept the revised terms of this Privacy Policy. If you do not accept the revised terms of this Privacy Policy, you must discontinue your use of the Sites and Services.

17. Contact Us

We value your opinion. If you have comments or questions about our Privacy Policy, please send them to our Data Protection Officer at support@Topstep.com. You can also write to us at:

c/o Topstep LLC, Attn: Data Protection Officer, 224 N. Des Plaines, Suite 350, Chicago, Illinois 60661.