IBHQ
Log inGet started
01 · Privacy

Privacy Policy

Last updated · April 1, 2026
We don't sell your data, your leads, or your lead's data. Everything you put into IBHQ stays on your tenant. If we ever do anything funny, this document will say so before we do it.

What we collect

We collect the minimum data needed to run the product.

  • Account data. Email, display name, USDT wallet address (for billing).
  • Tenant data. The leads, messages, campaigns, bots, and settings you create. This is yours.
  • Telemetry. Basic page views, feature usage, and error traces — so we can fix what's broken.
  • Billing. On-chain transaction hashes linking your payments to your account.

What we don't do

  • We don't sell your data. Ever.
  • We don't share your leads with other IBHQ tenants.
  • We don't train public AI models on your content.
  • We don't read your Telegram messages except to deliver them through the product.

Where it lives

Primary database in EU (Frankfurt). Backups in US-East, encrypted at rest. Audit logs kept 12 months, then purged.

Your rights

Export, correct, or delete your data anytime — Settings → Data. GDPR subject access requests handled within 30 days. Contact privacy@ibhq.io.

02 · Terms

Terms of Service

Last updated · April 1, 2026
Use IBHQ to run your IB business. Don't use it to spam, defraud, or break the law. Pay your USDT invoice on time. We keep the lights on; you keep the operation clean.

1. The service

IBHQ Labs Ltd. ("IBHQ", "we") provides a software platform for Introducing Brokers. You ("operator", "customer") use it through a tenant account that you create.

2. Your responsibilities

  • You are responsible for the legality of the leads you import and the messages you send.
  • You are responsible for complying with Telegram's terms. IBHQ's pacing engine helps — it does not guarantee.
  • You are responsible for the broker association disclosures you make to your leads.
  • You keep your USDT wallet, seed phrases, and tenant credentials safe. We can't recover them for you.

3. Payments

Billing is in USDT only (ERC-20, TRC-20, or BEP-20). Invoices issued monthly or yearly in advance. Late payment past 7 days: read-only tenant; past 30 days: suspended; past 90 days: deleted.

4. Warranty disclaimer

IBHQ is provided "as is". Trading involves risk. Nothing in the product is financial advice.

5. Limitation of liability

Our total liability is capped at fees paid in the preceding 12 months. Not responsible for Telegram account bans, broker decisions, or subscriber outcomes.

6. Termination

Either side, any time, 30 days' notice. We'll export your data on request for 30 days after. After that, everything is deleted.

03 · Cookies

Cookie Policy

Last updated · April 1, 2026
Two cookies: one to keep you logged in, one to remember your theme preference. No ad tracking.

Essential cookies

  • ibhq_session — authentication, 30 days.
  • ibhq.theme — remembers light/dark/auto, forever (localStorage).

Analytics

We use self-hosted Plausible Analytics. No cross-site tracking, no third-party cookies, no personal identifiers.

Third parties

None that set cookies in your browser.

04 · DPA

Data Processing Addendum

Last updated · April 1, 2026
If you're on Operator or Fleet and process EU personal data through IBHQ, this DPA is the contract between us for how we handle that data. Mail legal@ibhq.io for a signed copy.

Subprocessors

  • AWS (Frankfurt) — primary infrastructure.
  • Cloudflare — edge, WAF.
  • Postmark — transactional email.
  • OpenAI / Anthropic — AI rewrite & reply-suggestion features (zero-retention agreements in place).

Security measures

  • TLS 1.3 in transit. AES-256 at rest.
  • SOC 2 Type II (audit annually).
  • Encrypted backups, separate region.
  • Principle of least privilege. No plaintext message content accessible to staff.

Breach notification

We notify affected tenants within 72 hours of confirmed breach. Full postmortem published publicly within 30 days.

05 · Security

Security

Accounts

  • Passwordless auth (email magic link) or SSO (Operator & Fleet).
  • Two-factor authentication via TOTP or hardware key.
  • Session binding to device; new device = new login.

Data

  • Row-level multi-tenancy. A tenant cannot read another tenant's data.
  • Telegram session files encrypted with per-tenant keys.
  • Database snapshots taken every 4 hours, retained 14 days.

Disclosure

Security bugs: security@ibhq.io. Reports acknowledged within 24 hours, paid bounty up to 5,000 USDT.

06 · Acceptable use

Acceptable Use

IBHQ is a tool for running a legitimate IB business. If you use it to defraud, spam outside your audience, or evade sanctions, we will close your tenant without refund.

Not allowed

  • Impersonating a broker, an exchange, or IBHQ itself.
  • Promoting unregistered securities or pump-and-dump schemes.
  • Importing lead lists obtained through data breaches or purchased from brokers.
  • Cold-messaging minors.
  • Operating in OFAC-sanctioned jurisdictions.

We reserve the right to…

  • Throttle sender velocity per account if Telegram flags begin to spike.
  • Suspend campaigns that produce a complaint rate above 2%.
  • Close tenants that violate this policy, with pro-rated refund for unused period.