Privacy Policy

Last updated: June 6, 2026

1. What We Collect

Rasad collects the data needed to provide the terminal and protect the service. Public pages can be viewed without an account. Account and signup flows collect:

Account data: email address, password hash, country, role, company, and related signup details you submit.
Session data: secure session cookies, user agent, IP address, and login timestamps for authentication and abuse prevention.
Product data: saved terminal preferences, watchlists, workspaces, alerts, and usage preferences when those features are enabled.
Server logs: IP addresses appear in standard server logs for rate limiting, security, and troubleshooting.

2. What We Do Not Collect

No advertising cookies or third-party ad trackers.
No tracking pixels.
No financial data, trading history, or portfolio information.
No payment card data stored by Rasad; hosted checkout providers handle payment details.

3. Third-Party Services

We use the following third-party services:

Cloudflare: DNS, TLS termination, CDN, DDoS protection, and lightweight web analytics. Cloudflare Privacy Policy
Google Cloud: Compute hosting for the application and feed infrastructure. Google Cloud Privacy Notice
Cloudflare R2 / Litestream: disaster-recovery backups when backup credentials are configured by operators.

4. Data Retention

Server logs are retained for operational troubleshooting and abuse prevention. Account and signup records are retained while your account is active or as required for legal, tax, and service records. Browser local storage persists until you clear your browser data.

5. Your Rights

You may request access, correction, export, or deletion of account data, subject to legal and operational retention requirements. Contact us at the address below.

6. Contact

For privacy inquiries, use the privacy request form.

7. Privacy Contact

We have not appointed a formal Data Protection Officer. Privacy matters should be submitted through the privacy request form above, which routes to the operator queue.

8. Lawful Requests

We aim to operate in line with applicable Pakistani law, including the Prevention of Electronic Crimes Act 2016 (PECA). We may disclose data where required to do so by valid, lawful requests from competent authorities, such as the FIA or PTA.

9. Consent

By accessing Rasad or creating an account, you consent to the collection and processing of data as described in this Policy. You may withdraw consent where applicable by signing out and using the privacy request form to request deletion of your account and associated data.

10. Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of users, we will notify affected users without undue delay and, where feasible, within 72 hours of becoming aware. Notifications will be sent via the email address associated with your account and/or published on rasadterminal.com. We will also notify applicable regulators where required.

11. Minors

Rasad is a business-to-business commodity terminal intended for adult professional users. We do not knowingly collect data from individuals under 18. If you believe a minor has provided us data, use the privacy request form and we will delete it promptly.

12. Cross-border Data Transfer

Your data may be stored or processed outside Pakistan (primarily Google Cloud asia-southeast1, Singapore). Where data is transferred across borders, we take reasonable steps to ensure it is protected in line with this Policy and applicable data-protection law. By using the service you acknowledge and consent to such cross-border transfer.