Skip to main content

Privacy Policy

Last updated: July 2026

This Privacy Policy explains how GBR Operations Ltd (“we”, “us”, or “our”) collects, uses, stores, and protects information in connection with the Global Broker Registry website located at registry.compy.ca (the “Platform”). By using the Platform, you agree to the practices described in this policy.

We are committed to protecting your privacy. This Platform is designed to be used without requiring you to create an account or provide personal information. Where we do collect any information, we do so minimally and with transparency.

1. What Information We Collect

a) Information You Voluntarily Provide

When you interact with certain features of our Platform — such as submitting an abuse report, writing a firm review, suggesting a firm, or reporting a data correction — you may optionally provide your email address. This is entirely voluntary. You are not required to provide any personally identifiable information to use the Platform’s core search and lookup features.

When submitting content, we collect only:

  • Your optional email address (if provided)
  • Your optional display name or reviewer name (if provided)
  • The content of your submission (report, review, or suggestion)
  • The timestamp of your submission

b) Automatically Collected Data

When you visit the Platform, our servers and third-party services may automatically collect certain technical information including:

  • Your IP address (for security and abuse prevention purposes)
  • Browser type and version
  • Operating system
  • Referring URL and pages visited on our Platform
  • Date and time of your visit
  • Search queries entered on the Platform (in anonymised form)

This data is collected in aggregate form for analytical purposes and to improve Platform performance. It is not linked to any individual user.

c) Admin Authentication

Administrators who access the admin panel of this Platform provide a secure access code. Session data is stored temporarily in the browser’s session storage and is automatically cleared when the session ends or expires. We do not store admin credentials in our database.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To process your submissions: Email addresses provided with abuse reports or suggestions may be used to follow up with you about your submission, such as requesting additional information or notifying you of the outcome.
  • To moderate user-generated content: Reviews and reports are reviewed by our admin team before publication. We may edit or reject content that violates our submission guidelines.
  • To improve the Platform: Aggregated and anonymised usage data helps us understand how the Platform is used and where improvements can be made.
  • For security and fraud prevention: IP addresses and submission timestamps may be used to detect and prevent spam, bot activity, or malicious submissions.
  • To comply with legal obligations: We may retain or disclose information where required by applicable law, court order, or regulatory authority.

We do not use your information for marketing, advertising, or profiling purposes. We do not send unsolicited emails.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

  • Service providers: We use Supabase (a hosted database infrastructure provider) to store submission data. Data is processed in accordance with Supabase’s privacy and security standards. We may also use third-party analytics providers that process data in anonymised and aggregated form only.
  • Legal requirements: We may disclose information if required to do so by law, regulation, or in response to a valid request from a regulatory or law enforcement authority.
  • Protection of rights: We may disclose information where we believe it is necessary to protect the rights, property, or safety of GBR Operations Ltd, Platform users, or the public.

User-submitted reviews may be displayed publicly on firm profile pages in their submitted form, subject to moderation approval. Your optional email address and any other contact information is never published publicly.

4. Cookies and Tracking

The Platform uses a minimal set of cookies and local storage mechanisms:

  • Session storage (admin only): A session token is stored in the browser’s session storage to maintain admin login state. This is cleared automatically when the browser tab is closed or the session expires (30-minute timeout).
  • Essential functional cookies: We may set minimal cookies required for basic platform operation and security (e.g., CSRF protection). These are not used for tracking.

We do not use advertising cookies, third-party tracking cookies, cross-site tracking pixels, or any cookie-based behavioural profiling technology.

You can control cookies through your browser settings. Disabling cookies will not affect your ability to use the Platform’s core public features.

5. Data Retention

We retain submitted data for as long as it is relevant and necessary for the purposes outlined in this policy:

  • Approved reviews and reports: Retained indefinitely as part of the public platform record, unless removed by admin action or upon your request.
  • Pending or rejected submissions: May be retained for a period to support audit and anti-abuse monitoring, then deleted.
  • Email addresses: Retained only as long as associated with an active submission in our system. Not retained for marketing purposes.
  • Server and access logs: Retained for a maximum of 90 days for security purposes, then automatically purged.

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: The right to request a copy of the personal data we hold about you.
  • Right to rectification: The right to request that we correct inaccurate or incomplete data.
  • Right to erasure: The right to request deletion of your personal data, subject to legal retention obligations.
  • Right to restrict processing: The right to request that we limit how we use your data in certain circumstances.
  • Right to object: The right to object to our processing of your data for certain purposes.
  • Right to data portability: The right to receive your data in a structured, commonly used format.

To exercise any of these rights, please contact us at privacy@globalbrokerregistry.com. We will respond to requests within 30 days. Note that some rights may be limited by applicable law or where data has been anonymised and can no longer be linked to an individual.

7. Data Security

We take reasonable technical and organisational measures to protect the personal information we hold from unauthorised access, disclosure, alteration, or destruction. These include:

  • Encrypted data storage via Supabase with at-rest and in-transit encryption
  • Access controls limiting admin access to authorised personnel only
  • Session-based authentication with automatic timeout
  • Honeypot and rate-limiting mechanisms on public submission forms

While we take security seriously, no method of transmission or storage over the internet is 100% secure. We cannot guarantee absolute security of data transmitted to our Platform.

8. Children’s Privacy

This Platform is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us and we will promptly delete it.

9. International Data Transfers

Our infrastructure providers (including Supabase) may process data in data centres located outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws. By using the Platform, you consent to the processing of your data as described in this policy, including any such international transfers.

10. Third-Party Links and Services

Our Platform includes links to official regulatory registers and other third-party websites. This Privacy Policy applies only to our Platform. We are not responsible for the privacy practices or content of any third-party sites. We encourage you to review the privacy policy of any external site you visit.

Firm logos displayed on this Platform may be loaded via Google’s favicon service (google.com/s2/favicons). This service is subject to Google’s own privacy policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will update the “Last updated” date at the top of this page whenever changes are made. We encourage you to review this policy periodically. Your continued use of the Platform after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests relating to this Privacy Policy or the handling of your personal data, please contact us at:

privacy@globalbrokerregistry.com

Operated by: GBR Operations Ltd

Global Broker Registry is an independent information service operated by GBR Operations Ltd. We are not a financial regulator and are not affiliated with any regulatory body referenced on this site.