Effective Date: 3 May 2026
This Privacy Policy (the “Policy”) explains how Educhain Ltd, trading as ZkUmbra (referred to herein as “ZkUmbra”, “we”, “us”, or “our”), a company incorporated in England and Wales with its registered office at 128 City Road, London, EC1V 2NX, collects, uses, stores, shares, and protects your personal data when you access or use the ZkUmbra proprietary trading platform (the “Platform”), our website, mobile applications, APIs, and any related services (collectively, the “Services”).
We are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications Regulations 2003 (PECR), and all other applicable data protection legislation in force in the United Kingdom.
ZkUmbra is a trader evaluation and educational platform. We are not a brokerage, broker-dealer, investment firm, financial institution, or provider of regulated financial services. All trading activity on the Platform takes place in a fully simulated (demo) environment for skill assessment and educational purposes only. No real capital is traded by users at any time. ZkUmbra is not authorised or regulated by the Financial Conduct Authority (FCA), the Prudential Regulation Authority (PRA), or any other financial services regulator. Any references to “profit”, “payout”, “funding”, or “funded account” throughout this Policy and on the Platform refer exclusively to performance outcomes in a simulated environment and do not represent actual trading profits, investment returns, or income derived from live financial markets. Programme fees are paid solely for access to evaluation infrastructure, educational tools, and operational services, and are not deposits, investments, or margin payments.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the practices described in this Policy. If you do not agree with this Policy, you must not use our Services.
Educhain Ltd is the data controller for the purposes of applicable data protection legislation. For any queries regarding this Policy or data protection matters, please contact us at:
Email: Legal@educhain.fyi
Address: Educhain Ltd, 128 City Road, London, EC1V 2NX
You may also contact the Information Commissioner’s Office (ICO) if you have concerns about how we handle your personal data: https://ico.org.uk/.
We may collect and process the following categories of personal data about you:
Full legal name, date of birth, nationality, and gender
Residential address and correspondence address
Email address, telephone number, and other contact details
Government-issued identification documents (e.g. passport, driving licence, national ID card)
Proof of address documentation (e.g. utility bills, bank statements)
Financial information including bank account details, payment card information, and source of funds declarations
Employment status, occupation, and employer details
Tax identification numbers and tax residency information
Trading experience, investment objectives, and risk appetite assessments
Any other information you voluntarily provide during the course of our relationship
IP address, browser type and version, operating system, and device identifiers
Login timestamps, session duration, and access logs
Trading activity data, including order history, positions, profit and loss records, and strategy metrics
Platform usage patterns, feature interactions, and navigation paths
Cookies, pixel tags, web beacons, and similar tracking technologies (see Section 10)
Geolocation data derived from your IP address or device settings
Referral source and marketing attribution data
Identity verification and Know Your Customer (KYC) data from identity verification providers
Anti-Money Laundering (AML) screening results from compliance databases
Sanctions screening data and Politically Exposed Person (PEP) checks
Credit reference agency reports and financial standing information
Information from publicly accessible sources, government registers, and regulatory databases
We do not intentionally collect special categories of personal data (such as data revealing racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or data concerning sexual orientation). If such data is inadvertently provided to us, we will process it only where strictly necessary and with appropriate safeguards in accordance with Article 9 of the UK GDPR.
We process your personal data on the following lawful bases under Article 6(1) of the UK GDPR:
Contract (Art. 6(1)(b))
Processing necessary for the performance of our contract with you or to take pre-contractual steps at your request.
Account creation, processing trades, managing your funded account, disbursing profits.
Legal Obligation (Art. 6(1)(c))
Processing necessary for compliance with a legal obligation to which we are subject.
AML/KYC checks, tax reporting, regulatory filings, responding to lawful requests from authorities.
Legitimate Interests (Art. 6(1)(f))
Processing necessary for our legitimate interests, provided these are not overridden by your rights and freedoms.
Fraud prevention, platform security, analytics, service improvement, risk management, direct marketing to existing customers.
Consent (Art. 6(1)(a))
Where you have given clear, affirmative consent for a specific processing purpose.
Marketing communications, non-essential cookies, participation in surveys or promotions.
We use your personal data for the following purposes:
To create, verify, administer, and manage your ZkUmbra account and funded trading accounts
To conduct identity verification, KYC, AML, and sanctions screening in compliance with applicable regulations
To evaluate your trading challenges, assessments, and funding eligibility
To process transactions, disbursements, profit splits, and refunds
To monitor trading activity for compliance with our rules, risk parameters, and the terms of your funded account agreement
To detect, investigate, and prevent fraud, market manipulation, money laundering, and other unlawful activity
To ensure the security, integrity, and availability of our Platform and Services
To communicate with you regarding your account, transactions, and service updates
To send marketing communications where you have consented or where we rely on legitimate interests (with the right to opt out at any time)
To comply with legal and regulatory obligations, including reporting to HMRC, the FCA, and other relevant authorities
To conduct internal analytics, research, and service improvement
To establish, exercise, or defend legal claims
We may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described in this Policy:
Group companies and affiliated entities within the Educhain Ltd corporate group
Payment processors, banking partners, and financial intermediaries facilitating transactions
Identity verification, KYC, and AML service providers (including electronic verification platforms)
Cloud hosting providers, IT infrastructure and security service providers
Professional advisors including legal counsel, accountants, auditors, and insurance providers
Regulatory bodies, law enforcement agencies, tax authorities (including HMRC), and courts, where required by law or regulatory obligation
Analytics providers, customer relationship management tools, and marketing platforms (where consent has been obtained or legitimate interests apply)
Third-party liquidity providers and trading infrastructure partners
We require all third-party service providers to enter into data processing agreements in accordance with Article 28 of the UK GDPR, ensuring they process your personal data only on our instructions and implement appropriate technical and organisational security measures.
We will never sell your personal data to third parties.
Your personal data may be transferred to, stored, and processed in countries outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with Chapter V of the UK GDPR, including:
Transfers to countries benefiting from a UK adequacy decision under Section 17A of the DPA 2018
Standard Contractual Clauses (SCCs) approved by the ICO as the International Data Transfer Agreement (IDTA) or the Addendum to the EU SCCs
Binding Corporate Rules approved by the relevant supervisory authority
Any other lawful transfer mechanism recognised under UK data protection law
You may request a copy of the relevant safeguards by contacting us at Legal@educhain.fyi.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention periods are as follows:
Account and identity verification data: for the duration of your account and a minimum of 5 years following account closure (in compliance with the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017)
Transaction and trading records: a minimum of 5 years from the date of the transaction
KYC/AML documentation: a minimum of 5 years after the end of the business relationship
Communications and correspondence: 3 years unless required longer for legal or regulatory purposes
Marketing preferences and consent records: for the duration of your consent or until withdrawal, plus 12 months
Technical logs and access records: 12 months from the date of creation
Upon expiry of the relevant retention period, personal data will be securely deleted or irreversibly anonymised. Where data is required for the establishment, exercise, or defence of legal claims, it may be retained for the applicable limitation period under the Limitation Act 1980.
Under the UK GDPR and DPA 2018, you have the following rights in relation to your personal data:
Right of Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of that data (commonly known as a Subject Access Request or SAR).
Right to Rectification (Article 16): You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
Right to Erasure (Article 17): You have the right to request the deletion of your personal data where there is no compelling reason for its continued processing, subject to legal and regulatory retention requirements.
Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object (Article 21): You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us at Legal@educhain.fyi. We will respond to your request within one month, unless the request is complex or numerous, in which case we may extend this period by up to two further months in accordance with Article 12(3) of the UK GDPR.
If you are dissatisfied with our handling of your request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/ or by telephone at 0303 123 1113.
Our Platform and website use cookies and similar tracking technologies to enhance your experience, analyse usage patterns, and deliver targeted content. We categorise cookies as follows:
Strictly Necessary Cookies: Essential for the operation of our Platform, including authentication, security, and session management. These cookies cannot be disabled.
Analytical/Performance Cookies: Used to understand how visitors interact with our Platform, helping us improve functionality and user experience.
Functionality Cookies: Enable enhanced features and personalisation, such as remembering your preferences and settings.
Marketing/Targeting Cookies: Used to deliver advertisements relevant to your interests and to measure the effectiveness of marketing campaigns.
Non-essential cookies will only be placed on your device with your prior consent, which you can manage through our cookie consent banner or your browser settings. You may withdraw your consent or modify your cookie preferences at any time.
For further information, please refer to our separate Cookie Policy available on our website.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage, in accordance with Article 32 of the UK GDPR. These measures include, but are not limited to:
Encryption of personal data in transit (TLS 1.2+) and at rest (AES-256)
Multi-factor authentication and role-based access controls
Regular penetration testing, vulnerability assessments, and security audits
Intrusion detection and prevention systems, firewalls, and network segmentation
Staff training on data protection and information security policies
Incident response procedures, including breach notification processes compliant with Articles 33 and 34 of the UK GDPR
Business continuity and disaster recovery planning
While we take all reasonable precautions to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will notify you and the ICO of any personal data breach in accordance with our legal obligations.
Our Services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18 without valid parental or guardian consent, we will take steps to delete that data as soon as reasonably practicable. If you believe that a child has provided us with personal data, please contact us at Legal@educhain.fyi.
Our Platform may contain links to third-party websites, applications, or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through our Platform.
We reserve the right to update or modify this Privacy Policy at any time. Any material changes will be communicated to you via email or through a prominent notice on our Platform prior to the changes taking effect. The “Effective Date” at the top of this Policy indicates when it was last revised. Your continued use of our Services after any changes constitutes your acceptance of the revised Policy.
If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact our Data Protection Officer at:
Email: Legal@educhain.fyi
Postal Address: Data Protection Officer, Educhain Ltd, 128 City Road, London, EC1V 2NX
This Privacy Policy shall be governed by and construed in accordance with the laws of England and Wales. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of England and Wales.
© 2026 Educhain Ltd trading as ZkUmbra. All rights reserved.