Last updated: May 1, 2026
1. Who we are
This Privacy Policy explains how Brynex Tech Limited (“we”, “us” or “our”), a company registered in England and Wales under company number 15918986 with its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, trading as OneFunded, collects, uses, shares and protects your personal data when you visit onefunded.com (the “Website”) and use our services (the “Services”).
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we are the data controller of the personal data described in this Policy.
We are registered with the Information Commissioner’s Office (ICO) under registration reference ZB909178.
If you have any questions about this Policy or about how we handle your personal data, contact us at:
- Email: [email protected]
- Postal address: Brynex Tech Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
2. Scope of this Policy
This Policy applies to personal data we process about visitors to the Website, registered users, and prospective customers. It does not apply to third-party websites, platforms or services that we link to or rely on (for example, third-party trading-simulation platforms and payment providers), which operate under their own privacy policies. See section 11 (Third-party links and platforms).
3. The personal data we collect
We may collect and process the following categories of personal data:
- Identity and account data — your name, username, date of birth or confirmation that you are 18 or over, and account login credentials.
- Contact data — email address, telephone number, and postal or billing address.
- Transaction and financial data — records of the challenges or services you purchase, fees paid, and partial payment details (such as the card type and last four digits). Full card details are processed directly by our payment providers and are not stored by us.
- Identity-verification data — where we need to verify your identity or your eligibility (for example, to action a data-subject request, to prevent multiple accounts, or to screen against prohibited jurisdictions and sanctions lists), this may include a copy of a passport or driving licence and proof of address.
- Usage and technical data — your IP address, approximate location, login and access details, browser and device type, operating system, and information about how you interact with the Website, including pages visited and time spent.
- Performance and activity data — data generated through your use of the simulated challenges, such as activity logs and metrics used to evaluate challenge performance and to detect prohibited activity.
- Marketing and communications data — your preferences for receiving marketing from us and your communication preferences.
- Cookies and similar technologies — see section 7 and our separate Cookie Policy.
We do not intentionally collect special category data (such as data about health, race, or religion). Please do not send us such data unless we specifically request it.
4. How we collect your personal data
We collect personal data:
- Directly from you — when you register an account, purchase a challenge or service, contact us, complete forms, or otherwise interact with us.
- Automatically — through cookies and similar technologies as you use the Website (see section 7).
- From third parties — for example, our payment providers (confirmation of payment), analytics providers, and fraud- or sanctions-screening providers.
5. Why we use your personal data and our lawful bases
Under the UK GDPR we must have a lawful basis for each processing activity. The table below sets out our purposes and the corresponding lawful basis (Article 6 UK GDPR).
| Purpose | Lawful basis |
| To register and administer your account, and to provide, operate and maintain the Services and challenges | Performance of a contract with you (and pre-contractual steps) |
| To process your purchases and payments | Performance of a contract; compliance with a legal obligation (record-keeping) |
| To evaluate challenge performance and determine outcomes | Performance of a contract |
| To verify your identity, age and eligibility, and to screen against prohibited jurisdictions and applicable sanctions | Compliance with a legal obligation; our legitimate interests in operating lawfully and preventing misuse |
| To detect, prevent and investigate prohibited activity, fraud, multiple accounts and abuse of the Services | Our legitimate interests in protecting the integrity and security of the Services; compliance with a legal obligation |
| To communicate with you about your account, purchases and service updates | Performance of a contract; our legitimate interests in administering our relationship with you |
| To send you marketing communications | Your consent, or our legitimate interests where permitted by law, in each case subject to your right to opt out at any time |
| To improve, personalise and develop the Website and Services, and to analyse usage trends | Our legitimate interests in understanding and improving our Services; your consent for non-essential cookies |
| To maintain records, exercise or defend legal claims, and comply with our legal and regulatory obligations | Compliance with a legal obligation; our legitimate interests |
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may ask us for more information about that assessment.
Where we rely on consent (for example, for certain marketing or non-essential cookies), you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
Providing your identity, contact and payment data is necessary to enter into and perform our contract with you. If you do not provide it, we may be unable to provide the Services.
6. Marketing communications
We will only send you electronic marketing where we are permitted to do so under the UK GDPR and the Privacy and Electronic Communications Regulations (PECR). You can opt out of marketing at any time by using the unsubscribe link in any marketing email or by contacting us at [email protected]. Opting out of marketing does not stop us sending you necessary service or account messages.
7. Cookies and tracking technologies
We use cookies and similar technologies to operate the Website, remember your preferences, and analyse usage. Non-essential cookies are only set with your consent, which you can manage through our cookie banner or browser settings. For full details, please see our Cookie Policy.
8. Who we share your personal data with
We do not sell your personal data. We may share it with:
- Service providers (processors) acting on our instructions — for example, hosting and IT providers, payment processors, customer-support tools, analytics providers, and third-party trading-simulation platform providers. These providers are bound by contract to protect your data and use it only as instructed.
- Professional advisers such as lawyers, accountants and auditors, where necessary.
- Authorities and regulators where we are required to disclose data by law, regulation, court order or a valid legal request, or to establish, exercise or defend legal claims.
- Acquirers or successors in the event of a merger, acquisition, reorganisation or sale of assets, in which case your data may be transferred subject to this Policy.
9. International transfers
Some of our service providers may be located outside the United Kingdom. Where we transfer your personal data outside the UK, we ensure an appropriate safeguard is in place, such as a UK “adequacy” determination for the destination country, the International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism. You may contact us for more information about the safeguards we use.
10. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration or disclosure. You are responsible for keeping your account credentials confidential. While we take security seriously, no method of transmission over the internet or method of storage is completely secure, and we cannot guarantee absolute security.
11. Third-party links and platforms
The Website and Services may link to or rely on third-party websites and platforms, including third-party trading-simulation platforms. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party website or platform you use.
12. How long we keep your personal data
We keep your personal data only for as long as necessary for the purposes set out in this Policy, after which we will delete or anonymise it.
You may close your account at any time. We will generally retain your account, transaction and related records for up to seven (7) years after your account is closed, in order to meet our record-keeping, accounting, tax, anti-fraud and legal obligations and to establish, exercise or defend legal claims. Some categories of data may be kept for shorter periods where a shorter period is appropriate, and some may be kept longer where a specific legal requirement or your express consent requires it.
When the applicable retention period ends, we will securely delete or anonymise your personal data unless a legal requirement, or your express consent, justifies keeping it for longer.
13. Your rights
Under the UK GDPR you have the following rights in relation to your personal data:
- Access — to request a copy of the personal data we hold about you.
- Rectification — to have inaccurate or incomplete data corrected.
- Erasure — to ask us to delete your data in certain circumstances (this will normally result in your account being closed; we may need to retain some data to meet legal obligations).
- Restriction — to ask us to restrict processing in certain circumstances.
- Objection — to object to processing based on our legitimate interests, and to object to direct marketing at any time.
- Data portability — to receive certain data in a structured, commonly used, machine-readable format and to have it transmitted to another controller where technically feasible.
- Withdrawal of consent — to withdraw consent at any time where we rely on it.
- Rights relating to automated decision-making — see section 14.
To exercise any of these rights, contact us at [email protected]. To protect your data, we may ask you to verify your identity (for example, by providing a copy of a passport or driving licence and proof of address) and to give enough information to locate your records, such as your account number, username or registration details.
We will respond within one month. There is normally no fee, though we may charge a reasonable fee or refuse a request that is manifestly unfounded or excessive.
14. Automated decision-making and profiling
We may use automated processing of activity and performance data — for example, to evaluate challenge results against defined criteria and to detect prohibited activity. Final outcomes that significantly affect you are subject to human review and discretion rather than being based solely on automated processing. Where any decision producing legal or similarly significant effects would be based solely on automated processing, you have the right to request human intervention, to express your point of view and to contest the decision. [Confirm this description matches how your evaluation process actually operates and adjust if necessary.]
15. Children
The Services are intended only for individuals aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe we hold data about a person under 18, contact us and we will take steps to delete it.
16. Changes to this Policy
We may update this Policy from time to time. Any changes will be posted on this page with a revised “Last updated” date. Where changes are significant, we will take reasonable steps to notify you.
17. How to complain
If you have a concern about how we handle your personal data, please contact us first at [email protected] so we can try to resolve it.
You also have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
- Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
18. Contact us
For any questions about this Policy or our data practices, contact us at [email protected] or by post at Brynex Tech Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.
