Cookie Policy
This Cookie Policy explains how IUX Markets (“we,” “us,” “our” or the “Group”) uses cookies and similar technologies across its public website at www.iux.com, its client portal, and its web and mobile trading platforms (together, the “Services”). It should be read together with the IUX Markets Privacy Policy at www.iux.com, which fully describes how we process personal data.
1. About This Policy and Who We Are
We operate in regulated financial environments. Because the trading platforms, client portal, and onboarding processes handle sensitive financial and identity data, our use of cookies is closely linked to security, fraud prevention, and regulatory obligations as well as to marketing and analytics.
The data controller responsible for personal data collected through the Services is:
- IUX Markets, the entity licensed and regulated by the Financial Services Commission of Mauritius (FSC license no. GB22200605, Investment Dealer (Full Service Dealer, Excluding Underwriting), with registered office at 713 7th Floor, Nexsky Building, Ebene Cybercity, 72201, Mauritius.
Where you contract with another entity within the IUX group, that entity may act as controller for your data; the applicable entity is identified during onboarding and in your client agreement.
Our Services are directed only at residents of jurisdictions in which the Group is authorized to operate. They are not directed at, and we do not offer them to, residents of jurisdictions where we are not licensed or where local law would require an authorization we do not hold. The controller’s contact details are in Section 14.
2. What Are Cookies and Similar Technologies?
Cookies are small text files placed on your device (computer, tablet, or smartphone) when you visit a website. They allow a site to recognize your device, remember your actions and preferences, and operate securely. In this policy, “cookies” also refers to the following related technologies, which we treat the same way for consent purposes:
- Pixels and web beacons: tiny tracking images, often used by advertising and analytics partners to measure activity and conversions.
- Local and session storage: data stored in your browser to support platform functionality.
- Software development kits (SDKs): code embedded in our mobile apps that performs functions similar to cookies.
- Device and browser fingerprinting: techniques that infer a device identity from its characteristics, used mainly for security, anti-fraud, and anti-money-laundering controls.
3. Legal Basis for Using Cookies
We apply a consent-based standard for cookies that follows the general principles of the Mauritius Data Protection Act 2017 — which has no cookie-specific regime, but whose principles apply wherever cookies process personal data — together with the opt-in guidance of the Data Protection Office and international best practice. On that basis:
- Strictly necessary cookies are placed without consent because they are essential to deliver a service you have requested. Where these involve personal data, our basis is either the legitimate interest in operating the Services securely and reliably or the performance of our contract with you.
- All other cookies (performance, functional, targeting, and affiliate) are placed only with your prior, freely given, specific, informed, and unambiguous consent, which you may withdraw at any time.
4. Categories of Cookies We Use
4.1. Strictly necessary (essential) cookies
These are required for the Services to function and cannot be switched off in our systems. Disabling them will prevent access to secure areas such as the client portal and trading platform. They are used to:
- Keep you securely logged in so you do not re-enter your password during funding and trading.
- Maintain the server connection and store session identifiers.
- Identify whether you are using a Real or Demo account.
- Verify identity, check device and browser type, and support fraud and anti-money-laundering controls.
- Detect your location in order to serve the correctly licensed Group entity and to apply the product, leverage, and eligibility restrictions that apply in your jurisdiction. This is a regulatory function: it helps ensure we do not offer products to clients who are not permitted to receive them.
4.2. Performance and analytics cookies
These help us measure and improve the Services — which pages are most used, how the platform performs, and whether inbound referral traffic complies with our marketing and regulatory requirements. They are used only with your consent.
4.3. Functional cookies
These enable enhanced features and personalization, such as remembering your language, region, and interface preferences.
4.4. Targeting and affiliate cookies
These may be set by our advertising and affiliate partners. They are used to:
- Identify the Introducing Broker (IB), affiliate, partner, or advertisement that referred you, so that commission and attribution can be allocated correctly.
- Deliver and measure interest-based advertising across third-party platforms.
- Limit how often you see an advertisement and measure campaign effectiveness.
4.5. Social media and embedded content cookies
Some pages include content or features from third-party platforms (for example, video players, social sharing buttons, or chat widgets). These providers may set their own cookies, which are subject to their own policies.
5. Cookie Inventory
The table below lists representative cookies and technologies used across the Services, by category. The specific cookies in use should be confirmed against a current automated scan of the website and platform before publication, and updated whenever vendors change. Retention periods are maximums; cookies may be deleted earlier.
Action required before publication: verify each entry below against an actual consent-management-platform scan; remove any technology not in use and add any that is.
| Cookie/technology | Provider | Purpose | Type | Retention |
|---|---|---|---|---|
| __Host-session / sid | First party | Maintains an authenticated and encrypted log-in session across the client portal and trading platform. | Strictly necessary | Session |
| csrf_token | First party | Protects forms and funding/withdrawal actions against cross-site request forgery. | Strictly necessary | Session |
| acct_mode | First party | Records whether the user is logged into a Real or Demo account so the correct environment is served. | Strictly necessary | Session |
| geo_entity | First party | Detects the visitor’s country to serve the correctly licensed Group entity and enforce jurisdiction-specific product, leverage, and eligibility restrictions. | Strictly necessary | Up to 12 months |
| device_fp | First-party/fraud vendor | Device and browser fingerprinting are used for identity verification, AML controls, duplicate-account, and fraud prevention. | Strictly necessary | Up to 6 months |
| cookie_consent | First party | Stores the visitor’s cookie consent choices and the date consent was given. | Strictly necessary | 6–12 months |
| _ga / _ga_* | Google Analytics | Measures traffic, page popularity, and platform performance in aggregate. | Performance | Up to 24 months |
| _hjSession* | Hotjar (example) | Heatmaps and session diagnostics to improve the usability of the portal. | Performance | Session – 12 months |
| referrer_audit | First party | Records the inbound URL/source to verify that referral traffic complies with marketing and regulatory requirements. | Performance | Up to 12 months |
| lang_pref | First party | Remembers language and display preferences. | Functional | Up to 12 months |
| ui_state | First party | Remembers chart layout, watchlists, and interface settings. | Functional | Up to 12 months |
| aff_id / ib_ref | First-part affiliate network | Identifies the Introducing Broker, affiliate, or campaign that referred the visitor, for attribution and commission allocation. | Targetingaffiliatee | 30–90 days |
| _fbp | Meta (Facebook) | Delivers and measures interest-based advertising and conversions. | Targeting | Up to 3 months |
| _gcl_au | Google Ads | Conversion tracking and advertising measurement. | Targeting | Up to 3 months |
| ttp | TikTok / other ad partners | Advertising delivery and conversion measurement. | Targeting | Up to 13 months |
| li_sugr | LinkedIn Insight | B2B advertising analytics and conversion tracking. | Targeting | Up to 3 months |
Vendor and product names are illustrative examples of common providers and should be replaced with the Group’s actual vendors.
6. Third-Party Cookies and Partners
In addition to our own (first-party) cookies, approved third parties — such as analytics providers, advertising networks, affiliate platforms, and fraud-prevention services — may set cookies through the Services. These parties act under their own privacy and cookie policies, and we do not control the technologies they deploy. We maintain a current list of such partners and links to their policies within our consent-management tool.
7. International Data Transfers
We operate globally and use service providers in multiple countries. Data collected through cookies may therefore be transferred to, and processed in, countries outside your own, whose data-protection laws may differ from those of your country of residence.
Where we transfer personal data internationally, we put appropriate safeguards in place — such as contractual data-protection commitments with our service providers and, where required by applicable law, your consent — so that your data remains protected. Further details are available in our Privacy Policy.
8. How We Obtain and Manage Your Consent
Where consent is required, we obtain it through a cookie banner presented the first time you visit. We apply the following principles:
- No pre-ticked boxes: non-essential categories are off by default; consent is given only by a clear affirmative action.
- Granular choice: you can accept or reject each category of non-essential cookies separately.
- Equal ease of refusal: rejecting cookies is as easy as accepting them.
- Withdrawal at any time: you can change or withdraw your choices at any time via the “Cookie Settings” link in the website footer; withdrawal does not affect processing already carried out.
- Re-consent: we ask you to confirm your preferences again periodically and whenever our cookie use changes materially.
- Records: We keep records of the consent choices you make and the date they were given.
9. Managing Cookies Through Your Browser
In addition to our consent tool, you can control cookies through your browser settings. If you block strictly necessary cookies, the trading platform and client portal may not work. Guidance for common browsers:
- Google Chrome: https://support.google.com/chrome/answer/95647
- Mozilla Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
- Apple Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/
- Microsoft Edge: https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge
9.1. Do Not Track
Some browsers can send a “Do Not Track” (DNT) signal. Because there is no common industry standard for how DNT should be interpreted, our Services do not currently respond to DNT signals. You can manage non-essential cookies at any time through our “Cookie Settings” tool and your browser controls.
10. Children
Our Services are intended only for adults who are eligible to open a trading account. We do not knowingly direct cookies or marketing at children or knowingly collect their data through cookies.
11. Your Regional Privacy Rights
Depending on where you live, you may have specific rights regarding cookies and the data they collect. This section summarises the regimes most relevant to the jurisdictions in which we operate; for full details and to exercise any right, see our Privacy Policy and Section 14.
11.1. Mauritius (Data Protection Act 2017)
As IUX Markets is established and licensed in Mauritius, non-essential cookies are used with your consent, and you have the rights of access, rectification, erasure, restriction and objection, and the right to lodge a complaint with the Data Protection Office of Mauritius.
11.2. Other jurisdictions
We honor applicable local data-protection requirements in the other regions where we offer the Services. If a data-protection law in your country of residence grants you rights over cookie data, you may exercise them using the contacts in Section 14.
12. Exercising Your Rights
You can exercise your rights, including in relation to data collected through cookies, by contacting us using the details in Section 14, or through the self-service tools in your client portal, where available. We will respond within the timeframe required by applicable law. We may need to verify your identity before acting on a request.
13. Changes to This Policy
We may update this Cookie Policy to reflect changes in technology, our partners, or legal and regulatory requirements. When we make material changes, we will update the “Last updated” date above, increase the version number, and — where the law requires — ask you to renew your consent. Please review this page periodically.
14. Contact Us
If you have questions about this Cookie Policy or wish to exercise your rights, contact our Data Protection Officer or Compliance Team:
- Data Protection Officer / Compliance Team
- Email: [email protected]
- Postal address: 713 7th Floor, Nexsky Building, Ebene Cybercity, 72201, Mauritius
