Your privacy.
Our responsibility.

Tesla Invest Ltd ("Tesla Invest", "we", "us", "our") is a global online trading and investment services company. We operate under the following registered entities:

• Tesla Invest (UK) Ltd — Registered in England & Wales. Authorised and regulated by the Financial Conduct Authority (FCA). FCA Register No. 123456.
• Tesla Invest (EU) Ltd — Registered in Cyprus. Authorised and regulated by the Cyprus Securities and Exchange Commission (CySEC). Licence No. 456/22.
• Tesla Invest (AU) Ltd — Registered in Australia. Holds an Australian Financial Services Licence (AFSL) issued by ASIC. AFSL No. 789012.
• Tesla Invest (ZA) Ltd — Registered in South Africa. Authorised as a Financial Services Provider by the FSCA. FSP No. 50987.

For the purposes of GDPR and UK GDPR, the data controller is Tesla Invest (UK) Ltd, 1 Canada Square, Canary Wharf, London, E14 5AB. Our Data Protection Officer can be reached at dpo@teslainvest.com.

We collect personal data that you provide directly, data generated through your use of our services, and data obtained from third parties. The categories we collect include:

We do not intentionally collect special category data (such as health, religion, or biometric data) unless legally required for specific regulatory obligations.

We use the personal data we collect for the following purposes:

• Account management — Opening, maintaining, and administering your trading account, including identity verification and KYC compliance.
• Service delivery — Processing your trades, managing deposits and withdrawals, and operating all platform features.
• Regulatory compliance — Meeting our obligations under applicable financial regulations including AML, KYC, MiFID II, EMIR, and applicable tax reporting laws.
• Risk management — Assessing trading suitability, detecting fraud, preventing money laundering, and identifying market abuse.
• Customer support — Responding to enquiries, resolving complaints, and improving support quality through call recording and case history.
• Marketing communications — Sending product updates, market analysis, and promotional offers where you have consented or we have a legitimate interest.
• Platform improvement — Analysing usage patterns to optimise performance, fix bugs, and develop new features.
• Legal proceedings — Defending or pursuing legal claims, complying with court orders, or cooperating with regulatory investigations.

Under GDPR and UK GDPR, we are required to have a lawful basis for processing your personal data. We rely on the following bases:

• Contractual necessity (Art. 6(1)(b)) — Processing required to perform our contract with you, including account operation, order execution, and withdrawal processing.
• Legal obligation (Art. 6(1)(c)) — Processing required to comply with financial regulation, tax law, AML obligations, and regulatory reporting requirements.
• Legitimate interests (Art. 6(1)(f)) — Processing for fraud prevention, security, platform analytics, and certain marketing communications where our interests do not override your rights.
• Consent (Art. 6(1)(a)) — Where you have explicitly opted in, such as for certain marketing emails or cookies. You may withdraw consent at any time.
• Vital interests (Art. 6(1)(d)) — In rare circumstances where processing is necessary to protect life.

We do not sell your personal data. We may share it with the following categories of third parties under appropriate data processing agreements:

• Regulatory bodies — FCA, CySEC, ASIC, FSCA, HMRC, and other competent authorities where required by law.
• Liquidity providers & prime brokers — To execute and settle your trades. Only trade-related data is shared.
• Payment processors — To facilitate deposits and withdrawals. These include card processors, bank transfer services, and e-wallet providers.
• Identity verification providers — Third-party KYC services used to verify your identity and screen against sanctions lists.
• Cloud & infrastructure providers — Hosting, database, and security service providers operating under strict data processing agreements.
• Analytics providers — Aggregated, pseudonymised usage data to help us improve the platform.
• Professional advisors — Lawyers, auditors, and accountants under confidentiality obligations.
• Law enforcement — Where required by law, court order, or to protect our legal rights.

We use cookies and similar tracking technologies on our website and platform. Cookies are small text files placed on your device to help us provide a better experience.

You can manage your cookie preferences at any time via the cookie settings banner or your browser settings. Note that disabling certain cookies may affect platform functionality.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Our standard retention periods are:

• KYC / Identity documents — 5 years after account closure, as required by AML regulations.
• Transaction records — 7 years after each transaction, as required under MiFID II and applicable tax law.
• Support communications — 3 years from the date of last contact.
• Marketing data — Until you withdraw consent or opt out, plus a 30-day suppression period.
• Call recordings — 5 years from the date of the recording.
• Technical logs — 12 months, unless needed for security investigations.

When retention periods expire, data is securely deleted or anonymised so that it can no longer be linked to any individual.

Under GDPR and UK GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at dpo@teslainvest.com. We will respond within 30 days.

Tesla Invest operates globally and may transfer your personal data to countries outside the United Kingdom and European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place:

• Adequacy decisions — Transfers to countries that the UK or European Commission has determined provide an adequate level of data protection.
• Standard Contractual Clauses (SCCs) — Approved contractual provisions that impose GDPR-equivalent obligations on the recipient.
• Binding Corporate Rules (BCRs) — For transfers within our corporate group, where applicable.
• Certification schemes — Such as the UK–US Data Bridge or other approved transfer mechanisms.

You may request a copy of the specific safeguard documentation applicable to a transfer by contacting our DPO at dpo@teslainvest.com.

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, loss, or destruction. Our security measures include:

• Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS 1.3.
• Encryption at rest — Sensitive data stored in our databases is encrypted using AES-256.
• Access controls — Role-based access controls limit staff access to only the data necessary for their role.
• Multi-factor authentication — Required for all platform access and internal administrative systems.
• Penetration testing — Regular third-party security assessments and vulnerability scanning.
• Incident response — A documented data breach response plan. In the event of a breach affecting your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

Our services are not directed at or intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not use our services or provide any personal information.

If we become aware that we have inadvertently collected personal data from a child under 18, we will take immediate steps to delete that data and close the associated account. If you believe we may have collected data from a minor, please contact us immediately at compliance@teslainvest.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page and in the page header.
• Send an email notification to all registered clients at least 14 days before the changes take effect.
• Display a prominent notice in the platform dashboard for significant changes.
• For changes that materially affect your rights, request fresh consent where required by law.

Your continued use of our services after the effective date of any changes constitutes your acceptance of the updated policy. Previous versions of this policy are available on request from dpo@teslainvest.com.

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact:

• Data Protection Officer — dpo@teslainvest.com
• Compliance Team — compliance@teslainvest.com
• Postal address — Tesla Invest (UK) Ltd, 1 Canada Square, Canary Wharf, London, E14 5AB, United Kingdom

We aim to respond to all legitimate requests within 30 days. Occasionally it may take longer if your request is complex or you have made multiple requests — in which case we will notify you and keep you updated.