Privacy Policy
Last updated: 20 April 2026
1. Who we are
FirmScopes ("we", "us", "our") operates the website firmscopes.com. We are committed to protecting your privacy and handling your personal data transparently and lawfully in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this policy or your data, contact us at: contact@firmscopes.com
2. What data we collect
We collect the following categories of personal data:
Account information
When you create an account, we collect your email address and password (encrypted). If you sign in via Google, we receive your name and email from Google. We do not receive or store your Google password.
Trading preferences
During signup or on your profile page, you may voluntarily provide: experience level, trading style, budget range, risk tolerance, preferred instruments, preferred platforms, and preferred challenge stages. This information is used to personalise your experience.
Reviews and submissions
If you submit a review of a prop firm, we collect: your star rating, review title, review text, and email address. Your email is used for verification and is never displayed publicly.
Lead capture forms
If you fill in a "Get matched" form, we collect: email address, experience level, and budget. This data is used to send you personalised firm recommendations.
Technical data
When you visit our site, we automatically collect: IP address (anonymised), browser type, device type, pages visited, and referring URL. This data is used for analytics and site performance monitoring only.
Cookies
We use a minimal number of cookies. See Section 8 (Cookies) below for full details.
3. Why we collect your data (legal basis)
We process your data under the following legal bases:
- ConsentWhen you create an account, submit a review, or fill in a form, you consent to us processing that data for the stated purpose. You can withdraw consent at any time.
- Legitimate interestWe use anonymised analytics data to improve the site. We have a legitimate interest in understanding how users interact with our platform to make it better.
- ContractIf you create an account, processing your data is necessary to provide you with the service (personalised recommendations, saved preferences, review history).
4. How we use your data
We use your data to:
- Provide and maintain your account
- Personalise firm recommendations based on your trading preferences
- Display your reviews on firm pages (email is never shown)
- Send you firm recommendations if you opted in via the lead capture form
- Improve our site and services through anonymised analytics
- Prevent fraud and abuse
We do NOT:
- Sell your personal data to third parties
- Share your email address with prop firms or brokers
- Send you marketing emails without your explicit consent
- Use your data for automated decision-making that affects you
5. Where your data is stored
Your data is stored on Supabase (our database provider), which uses Amazon Web Services (AWS) infrastructure. Data may be stored in the EU (Frankfurt) or US depending on Supabase's infrastructure. Supabase complies with SOC 2 Type II standards and encrypts data at rest and in transit.
Where data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
6. How long we keep your data
- Account dataUntil you delete your account
- Trading preferencesUntil you delete your account or update them
- ReviewsIndefinitely while published; deleted if you request removal
- Lead capture submissions12 months, then deleted
- Analytics/technical data90 days (anonymised)
- CookiesSee Section 8
7. Your rights
Under UK GDPR, you have the following rights:
- AccessRequest a copy of all personal data we hold about you.
- RectificationAsk us to correct inaccurate data. You can also update your profile directly.
- ErasureAsk us to delete your account and all associated data ('right to be forgotten').
- PortabilityRequest your data in a machine-readable format.
- Withdraw consentWithdraw consent for any processing based on consent, at any time.
- ObjectObject to processing based on legitimate interests.
- ComplaintLodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your rights have been violated.
To exercise any of these rights, email us at contact@firmscopes.com. We will respond within 30 days.
8. Cookies
We use the following cookies:
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| firmscopes_popup_dismissed | Remembers if you dismissed the signup popup so it doesn't show again | 30 days | Functional |
| firmscopes_cookie_consent | Records your cookie consent preference | 365 days | Strictly necessary |
| sb-*-auth-token | Authentication session (Supabase). Keeps you logged in | Session / 7 days | Strictly necessary |
We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not share cookie data with any third party.
Outbound click logging
When you click a "Visit firm" or "Scope" button on FirmScopes, the click is routed through our server (at firmscopes.com/go/<firm> ) so we can count outbound clicks per firm. We log:
- The firm slug (e.g. ftmo)
- The page you clicked from (e.g. rankings, firm detail, compare)
- The time of the click
- An anonymised hash of your IP address, salted with the day, so a visitor counts once per day. The raw IP is never stored and the hash rotates daily — it cannot be used to track you across days.
- An anonymised hash of your user-agent string
We use these counts internally for product analytics and share aggregate per-firm totals with prop firms during partnership negotiations (e.g. "FirmScopes sent FTMO 1,847 clicks last month"). We never share per-user data. No cookie is set, no third party is involved, and no advertising network sees this traffic.
We also append utm_source=firmscopes to outbound URLs so the destination firm's own analytics can verify the traffic came from us. This is a standard referral marker; no personal data is included.
9. Third-party services
We use the following third-party services that may process your data:
- Supabase — Database and authentication. Privacy policy
- Vercel — Website hosting. Privacy policy
- Google (OAuth) — Sign-in via Google (only if you choose this option). Privacy policy
10. Children's privacy
FirmScopes is not intended for use by anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. When we make significant changes, we will notify users via email or a prominent notice on the site. The "Last updated" date at the top of this page indicates when the policy was last revised.
12. Contact
For any privacy-related questions, requests, or complaints:
Email: contact@firmscopes.com
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk