Legal

Privacy Policy

Last updated: 12 June 2026

1. Who we are

MetaToolsLab ("we", "us") operates the cloud MT5 trade-copying service at https://metatoolslab.io. For any privacy question or request, contact us at support@metatoolslab.io or via the contact page.

2. What we collect

  • Account data — name, email address, and a hashed password (we can never read your password).
  • Trading account metadata — your MT5 login number, broker name, and broker server name. We never collect, transmit, or store your broker password. The EAs authenticate with a separate key generated by us.
  • Trade signal data — symbol, direction, volume, prices, SL/TP, ticket numbers, and execution results for trades you copy through the service.
  • Billing data — handled by Stripe. We store your Stripe customer ID and subscription status; your card number never touches our servers.
  • Messages — contact-form messages and newsletter signups you choose to send us.
  • Technical logs — IP addresses and request logs kept for security and abuse prevention.

3. Why we use it

  • To operate the service (contract): routing trade signals, showing your trade history, managing your subscription.
  • To send service emails (contract/legitimate interest): welcome, verification, trial reminders, billing and security notices.
  • To respond to support requests (legitimate interest).
  • To send the newsletter — only if you opted in; unsubscribe any time (consent).
  • To prevent fraud and abuse (legitimate interest/legal obligation).

4. Who we share it with

We do not sell your data. We share it only with processors needed to run the service: Stripe (payments), our email delivery provider (transactional email), and our hosting/infrastructure providers. Each processes data under their own data-processing agreements.

5. Retention

  • Trade history is retained for up to 365 days, and visible to you according to your plan's history window.
  • Account data is kept while your account exists.
  • Billing records are retained as required by tax law.
  • When you delete your account, your accounts, EA keys, trade history, and personal data are permanently deleted.

6. Your rights

Depending on your location (including under UK/EU GDPR) you have the right to access, correct, export, restrict, or erase your personal data, and to object to processing. You can delete your account — and all data with it — directly from Account Settings, or email us and we'll handle any request within 30 days. You may also lodge a complaint with your supervisory authority (in the UK, the ICO).

7. Cookies

We use essential cookies only: a session cookie to keep you logged in and a CSRF cookie to protect forms. We run no advertising or third-party analytics cookies, which is why you don't see a cookie banner.

8. Security

All traffic — including every EA request — is encrypted with HTTPS/TLS. Passwords are stored hashed (PBKDF2). EA keys are unique per trading account and can be regenerated at any time, instantly invalidating the old key.

9. Changes

We'll post any changes to this policy on this page and update the date above. Material changes will be announced by email.

See also our Terms & Conditions.