VANTA TRADING CHALLENGE PRIVACY POLICY

VANTA TRADING CHALLENGE

PRIVACY POLICY

Effective Date: Febuary 10, 2026

  1. Introduction and Scope. This Privacy Policy (“Policy”) describes how Vanta Trading Challenge, operated by Taoshi VT Services, a Cayman Islands exempted company with limited liability (“Vanta,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information when you access or use our website, platform, and related services (collectively, the “Platform”). This Policy applies to all visitors, users, and participants (“you” or “your”).

By accessing or using the Platform, creating an account, or paying a Challenge Entry Fee, you acknowledge that you have read and understood this Policy. This Policy is not a contract that requires your agreement. Where we rely on your consent as a legal basis for processing (such as for non-essential cookies or direct marketing communications in certain jurisdictions), we obtain that consent separately, and you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

This Policy should be read together with our Terms of Service. Capitalized terms not defined in this Policy have the meanings assigned in the Terms of Service.

  1. Data Controller. For the purposes of the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and other applicable data protection laws, the controller of your personal information is:

Taoshi VT Services

Cayman Islands Exempted Company

[Insert Registered Address]

Email: [privacy@vantatrading.com]

We have not appointed a Data Protection Officer (“DPO”). If a DPO is appointed in the future, their contact details will be published here. We have not appointed an EU or UK representative under Article 27 GDPR / UK GDPR. If such appointment becomes required, we will update this Policy accordingly.

  1. Information We Collect. We collect information in several categories depending on your level of engagement with the Platform. Not all categories apply to all users, and certain data is collected only at specific stages of participation.
    1. Core Account Data (Collected at Signup). When you create an account or register for a Challenge, we collect:
  • Email address
  • Full name or username (full name may be optional during the Challenge stage)
  • Account credentials (passwords are stored in hashed form; we also maintain authentication logs)
  • IP address, device type, browser information, and operating system
  • Usage data, including login timestamps, platform activity, session duration, and interaction logs
  1. Trading and Performance Data. We collect data related to your simulated trading activity, including:
  • Simulated trading activity and order history
  • Profit and loss (PnL), returns, drawdowns, and risk metrics
  • Strategy behavior, execution logs, and trading patterns
  • Evaluation results, scoring, and eligibility status
  1. Payment and Billing Data. When you pay a Challenge Entry Fee or make other transactions, we collect:
  • Billing name and billing address
  • Transaction history and invoice records

Credit and debit card details are processed directly by our third-party payment processor (currently Stripe) and are not stored on our servers. We receive only a tokenized reference, last four digits, and transaction confirmation from the payment processor.

  1. Post-Challenge, Payout, and KYC Data (Conditional). If you pass the Challenge and become eligible for an invitation to the Funded Trader Program, we may collect additional information as part of Know Your Customer (“KYC”) and Anti-Money Laundering (“AML”) compliance procedures. This data is collected only from payout-eligible individuals and only when required. Such data may include:
  • Government-issued identification (e.g., passport, driver’s license)
  • Date of birth
  • Residential address
  • Nationality and/or tax residency
  • Bank account details or cryptocurrency payout wallet address
  • Results of compliance screening (KYC/AML verification checks)

Government-issued identification, date of birth, bank account details, and cryptocurrency wallet addresses are considered sensitive personal information under certain privacy laws (including the CPRA). We use this information only for the purposes described in Section 4 and do not use or disclose it for purposes beyond what is reasonably necessary for KYC/AML compliance and payout administration.

Alternatively, we may appoint a third party service, such as Stripe Connect, to conduct these KYC and AML checks and collect the relevant information. If so, we may not collect this information at all and you will be governed by the terms set out by the applicable service provider.

  1. Communications Data. If you contact us for support or otherwise communicate with us, we may collect:
  • Support tickets and email correspondence
  • Communications through integrated platforms such as Discord or Slack, to the extent initiated by you
  1. Automatically Collected Technical Data. We automatically collect certain technical information when you visit or use the Platform, including:
  • IP address and approximate geolocation
  • Browser type and version, device type, and operating system
  • Referring URLs, pages viewed, and clickstream data
  • Cookies, pixel tags, and similar tracking technologies (see Section 8 below)
  1. How We Use Your Information. We use the information we collect for the following purposes:
    1. Account Administration. To create and manage your account, authenticate your identity, and communicate with you about your account and the Platform.
    2. Challenge Operations. To register you for a Challenge, record and evaluate your simulated trading activity, calculate performance metrics, determine eligibility, and administer the Challenge Rules.
    3. Simulated Trading Operations. To facilitate services and rules to traders eligible for payouts pursuant to their ICA.
    4. Payment Processing. To process Challenge Entry Fees, issue invoices, manage refund requests, and maintain billing and tax records.
    5. KYC/AML Compliance. To verify your identity and conduct required compliance checks if you become payout-eligible, in accordance with Applicable Law.
    6. Platform Improvement and Analytics. To analyze usage patterns, diagnose technical issues, improve Platform functionality, and develop new features.
    7. Security and Fraud Prevention. To detect, investigate, and prevent fraudulent activity, unauthorized access, abuse of the Platform, and violations of the Terms of Service or Challenge Rules.
    8. Legal Compliance. To comply with Applicable Law, respond to legal process, enforce our agreements, and protect our rights and the rights of third parties.
    9. Communications. To send you transactional messages (e.g., account confirmations, Challenge status updates, payment receipts) and respond to your inquiries. Where permitted and, where required by Applicable Law, with your consent, we may also send promotional or informational communications. You may opt out of non-transactional marketing communications at any time.
  2. EU/UK Legal Bases and Required Disclosures. If you are located in the European Economic Area (“EEA”), the United Kingdom, or Switzerland, we process your personal data only where we have a valid legal basis under the GDPR or UK GDPR. The table below summarizes the primary legal bases for our processing activities:
Processing Purpose
Categories of Data
Legal Basis
Account administration; Challenge operations
Core account data; trading and performance data
Performance of a contract (Terms of Service)
Payment processing
Payment and billing data
Performance of a contract; compliance with legal obligations (tax and recordkeeping)
LegaKYC/AML compliancel Basis
Post-challenge / payout / KYC data
Compliance with legal obligations; legitimate interests (integrity of platform)
Security and fraud prevention
Core account data; technical data; trading data
Legitimate interests (platform security, fraud prevention)
Analytics and product improvement
Technical data; usage data
Legitimate interests (service improvement); consent for non-essential cookies where required
Marketing communications
Email address; name
Consent where required by law; otherwise, legitimate interests with opt-out
Legal compliance and dispute resolution
All categories as relevant
Compliance with legal obligations; legitimate interests (exercising or defending legal claims)

Legitimate Interests Statement. Where we rely on legitimate interests as a legal basis, our interests include: ensuring the security and integrity of the Platform and the Challenge; preventing fraud, abuse, and manipulation; analyzing and improving our services; and exercising or defending legal claims. We balance these interests against your rights and freedoms and do not process personal data where our interests are overridden by the impact on you.

  1. How We Share Your Information. We do not sell your personal information. We may share your information in the following circumstances:
    1. Service Providers. We share information with third-party vendors and service providers who perform services on our behalf, such as payment processing (currently Stripe), cloud hosting and infrastructure (currently Google Cloud Platform), analytics, KYC/AML verification, customer support tools, and email delivery services. These providers are contractually obligated to use your information only as necessary to provide their services to us and in accordance with this Policy. We may engage additional or replacement service providers from time to time; this Policy will be updated to reflect any material changes.
    2. Network Participants and On-Chain Data. Because the Challenge operates on Subnet 8, a decentralized network, certain trading activity data (such as trade signals, positions, and performance metrics) may be recorded on the network and may be visible to other network participants in accordance with the network’s protocols. Data recorded on Subnet 8 may be public and may be difficult or impossible to modify, correct, or delete due to the immutable nature of decentralized ledgers. We do not control Subnet 8 or how network participants may use publicly available on-network data. Deletion or correction requests under this Policy apply to off-chain records maintained by Vanta and are subject to the technical and legal limitations described in Section 10.
    3. Legal and Regulatory Requirements. We may disclose your information if required to do so by Applicable Law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
    4. Business Transfers. In connection with any merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business, your information may be transferred as part of that transaction. We will notify you by email and/or prominent notice on the Platform of any change in ownership or material changes to the use of your personal information.
    5. With Your Consent. We may share your information for other purposes with your express consent.
  2. International Data Transfers. Vanta is organized under the laws of the Cayman Islands. Your personal information is primarily stored and processed using Google Cloud Platform infrastructure, which may involve processing in the United States and other jurisdictions where Google Cloud operates data centers. We may also engage additional service providers whose infrastructure is located outside your jurisdiction.

Where your personal information is transferred outside the EEA, the United Kingdom, or Switzerland, we ensure that appropriate safeguards are in place as required by Applicable Law. These safeguards currently include:

  • Google Cloud’s Data Processing and Security Terms, which incorporate the Standard Contractual Clauses (“SCCs”) approved by the European Commission and the UK International Data Transfer Addendum (“UK IDTA”), as applicable
  • Where we engage other service providers, we rely on SCCs, the UK IDTA, transfers to countries recognized as providing an adequate level of data protection, or other lawful transfer mechanisms as appropriate
  • Additional technical and organizational measures as appropriate to supplement contractual safeguards

We may change or supplement our infrastructure and service providers from time to time. Where we do so, we will ensure that equivalent or stronger transfer safeguards remain in place. You may request a copy of the relevant transfer safeguards by contacting us using the details in Section 15.

  1. Cookies and Tracking Technologies. We use cookies, pixel tags, web beacons, and similar tracking technologies to collect information about your interactions with the Platform.
    1. Types of Cookies. We use the following categories of cookies and similar technologies:
  • Strictly Necessary Cookies. These cookies are essential for the Platform to function (e.g., session authentication, security tokens). They cannot be disabled without affecting Platform functionality and do not require your consent.
  • Analytics and Performance Cookies. These cookies help us understand how visitors interact with the Platform, diagnose technical issues, and improve our services.
  • Marketing and Advertising Cookies. If used, these cookies track your activity across sites to deliver relevant advertising.
  1. Consent for Non-Essential Cookies (EU/UK Users). Where required by Applicable Law (including the ePrivacy Directive and UK PECR), we deploy non-essential cookies (analytics and marketing) only with your prior consent, obtained through our cookie consent banner or preferences center. You may update your preferences at any time by visiting [Insert Cookie Settings Link/Page]. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
  2. Do Not Track. We do not currently respond to “Do Not Track” browser signals. Where available, you may manage your tracking preferences through our cookie preferences center.
  1. Data Retention. We retain your personal information for as long as reasonably necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. Retention periods vary by data category and the legal basis for processing:
    1. Account and trading data is retained for the duration of your account and for a reasonable period thereafter (generally no longer than three (3) years for audit, compliance, and dispute resolution purposes, unless a longer period is required by Applicable Law.
    2. Payment and transaction records are retained as required by Applicable Law, payment-network rules, and tax obligations (typically five (5) to seven (7) years).
    3. KYC/AML data is retained for the period required by Applicable Law, which may be five (5) years or more following the end of the business relationship.
    4. Communications data (support tickets, correspondence) is retained for as long as necessary to resolve the matter and for a reasonable period thereafter for quality assurance and dispute resolution.
    5. Usage and technical data is generally retained in aggregated or anonymized form and may be retained indefinitely for analytics purposes. Aggregated or anonymized data that can no longer be linked to an identifiable individual is not considered personal data.

When personal information is no longer required, we will securely delete or anonymize it in accordance with our data retention procedures.

  1. Your Rights. Depending on your jurisdiction, you may have certain rights regarding your personal information. This section describes rights that may be available to you. Not all rights are available in all jurisdictions.
    1. General Rights. Subject to Applicable Law, you may have the right to:
  • Access your personal information and obtain a copy of the data we hold about you.
  • Correct inaccurate or incomplete personal information.
  • Delete your personal information, subject to certain exceptions (e.g., legal retention obligations, ongoing disputes).
  • Portability receive your personal information in a structured, commonly used, machine-readable format.
  • Opt out of non-transactional marketing communications at any time.
  1. Additional Rights for EU/UK Data Subjects. If you are located in the EEA, United Kingdom, or Switzerland, you additionally have the right to:
  • Restrict processing of your personal data in certain circumstances (e.g., while we verify the accuracy of your data following a challenge to its accuracy).
  • Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for the establishment, exercise, or defense of legal claims.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal.
  • Lodge a complaint with your local data protection supervisory authority (e.g., the ICO in the United Kingdom, the CNIL in France, or your relevant national authority in the EEA).

To exercise any of these rights, please contact us using the information in Section 15. We will respond to your request within the time frames required by Applicable Law (generally within thirty (30) days for GDPR/UK GDPR requests). We may need to verify your identity before processing your request.

Blockchain Data Limitation. Please note that data recorded on the Subnet 8 decentralized network may be technically impossible to modify, correct, or delete. Your rights under this Section apply to off-chain records maintained by Vanta. We will inform you if a request cannot be fully fulfilled due to on-chain data limitations.

  1. Automated Decision-Making and Profiling. Your Challenge trading activity is evaluated against published performance criteria (as set out in the Challenge Rules) using automated scoring and analysis systems. These systems calculate metrics such as profit and loss, drawdowns, and risk parameters, which contribute to eligibility determinations (e.g., Pass or Fail).

While initial scoring is automated, significant decisions regarding your Challenge eligibility, including any determination that may result in disqualification for suspected rule violations, are subject to review and meaningful human involvement before a final outcome is applied.

If you believe an automated decision has been made in error, or if you wish to contest an eligibility determination, you may contact us at the details in Section 15 to request a review.

  1. California Privacy Rights (CCPA / CPRA). This section applies to California residents and supplements the rest of this Policy with information required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”).
    1. Categories of Personal Information Collected. In the preceding twelve (12) months, we have collected the following categories of personal information (as defined by the CCPA/CPRA):
  • Identifiers: name, email address, username, IP address, account credentials.
  • Financial information: billing address, transaction history, invoices. (Payment card data is processed by Stripe and not stored by us.)
  • Internet or network activity: browsing history on the Platform, login data, usage data, cookies, clickstream data.
  • Geolocation data: approximate location derived from IP address.
  • Professional or employment-related information: simulated trading performance data, strategy behavior, evaluation results.
  • Sensitive personal information (conditional): government-issued ID, date of birth, bank account details, crypto wallet address, collected only from payout-eligible individuals for KYC/AML compliance.
  1. Categories Disclosed for a Business Purpose. We may disclose the following categories to service providers and third parties for business purposes:
  • Identifiers (to payment processors, cloud providers, analytics providers, KYC vendors)
  • Financial information (to payment processors)
  • Internet or network activity (to analytics and security providers)
  • Sensitive personal information (to KYC/AML verification providers, only for payout-eligible individuals)
  1. Sale and Sharing. We do not sell personal information as defined by the CCPA/CPRA.
  2. Sensitive Personal Information. We may collect sensitive personal information (government ID, date of birth, bank/crypto details) only from payout-eligible individuals and only for the following purposes:
  • Identity verification and KYC/AML compliance as required by Applicable Law
  • Payout administration under a separate Independent Contractor Agreement

We do not use or disclose sensitive personal information for purposes beyond what is reasonably necessary to provide the services or as otherwise permitted by the CCPA/CPRA.

  1. Your California Rights. As a California resident, you have the right to:
  • Know what categories and specific pieces of personal information we have collected about you.
  • Delete your personal information, subject to certain exceptions.
  • Correct inaccurate personal information.
  • Opt out of the sale or sharing of your personal information (if applicable).
  • Limit the use of sensitive personal information to purposes authorized by the CCPA/CPRA.
  • Non-discrimination. We will not discriminate against you for exercising your privacy rights.
  1. How to Submit a Request. To submit a verifiable consumer request, contact us using the information in Section 15. You may also designate an authorized agent to submit a request on your behalf. If you use an authorized agent, we may require written proof of authorization and may verify your identity directly. We will respond to verified requests within forty-five (45) days, with an extension of up to an additional forty-five (45) days where reasonably necessary, as permitted by law.
  2. Appeal. If we deny your request in whole or in part, you may appeal by contacting us at the details in Section 15 with the subject line “Privacy Appeal.” We will respond to your appeal within the time frame required by Applicable Law.
  1. Data Security. We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include encryption of data in transit and at rest, access controls, regular security assessments, and employee training. Our primary cloud infrastructure provider (currently Google Cloud Platform) maintains industry-standard certifications including SOC 2 and ISO 27001.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account.

  1. Children’s Privacy. The Platform is not directed to individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as promptly as practicable. If you believe we have inadvertently collected information from a child under 18, please contact us immediately using the information in Section 15.
  2. Contact Us. If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, or if you wish to exercise any of your rights described in this Policy, please contact us at:

Taoshi VT Services

Cayman Islands Exempted Company

Email: [privacy@vantatrading.com]

Address: [Insert Registered Address]

  1. Changes to This Policy. We may update this Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will update the “Effective Date” at the top of this Policy and, where required by Applicable Law, provide additional notice (such as email notification or a prominent notice on the Platform). We encourage you to review this Policy periodically. Your continued use of the Platform after a revised Policy takes effect indicates your awareness of the updated practices.
  2. Important Clarifications. For the avoidance of doubt, the following clarifications apply to this Policy and the data practices described herein:

No Live Brokerage Accounts. Vanta does not operate brokerage accounts. All trading activity during the Challenge is simulated. We do not hold custody of client funds, real assets, or securities at any time.

No Direct Storage of Payment Card Data. Full credit or debit card numbers are never stored on our servers. All payment card data is collected and processed directly by our PCI-compliant third-party payment processor (currently Stripe).

KYC Data Is Conditional. Government-issued identification, date of birth, nationality, tax residency, and bank or crypto payout details are collected only from individuals who become payout-eligible following successful completion of the Challenge. This data is not collected from general participants.

Optional Data. Certain data fields (such as full name during the Challenge stage) are optional. Where data collection is optional, it will be clearly indicated at the point of collection.

On-Chain Data. Certain data submitted to the Subnet 8 decentralized network may become part of the public ledger. Such data may be immutable and beyond Vanta’s ability to modify or delete. This limitation is inherent to the decentralized architecture of the network and is not a result of Vanta’s data practices.

Cryptocurrency trading dashboard displaying BTC-USD 4-hour candlestick chart, price $118,750 with buy/long order panel showing leverage options and order details.
Market Ticker - Webflow Embed with Massive API
Market Live
Loading market data...
Trade with a next-generation prop firm offering 100% profit splits, account scaling up to $2.5m, and a simple one-step evaluation for forex and crypto.
Platform
HomeHow It WorksMarketsPricingLogin
Trading
EvaluationsFundingPayoutsScalingEvaluation Targets
Company
About UsAffiliatesNews & Press
Connect with us
Join our mailing list
© 2026 Vanta Trading Ltd. All rights reserved.
Privacy PolicyTerms of ServiceRefund Statement
Risk Disclosure
Vanta Trading is a technology provider and does not provide financial services. All trading activities occur in a simulated environment. The information on this site is not directed at residents in any country or jurisdiction where such distribution or use would be contrary to local law or regulation. Trading in financial markets involves a high degree of risk and may not be suitable for all investors. You could lose some or all of your initial investment; do not invest money that you cannot afford to lose. Hypothetical performance results have many inherent limitations, some of which are described in our Terms of Use Policy. No representation is being made that any account will or is likely to achieve profits or losses similar to those shown.
How It Works
Pricing
Markets
About Us
Affiliates
FAQ
© 2026 Vanta Trading