Privacy Policy

Last updated: June 2026

1. Information We Collect

Account data: username, email address, hashed password (bcrypt)
Trading data: trade history, balance, P&L — stored in an encrypted SQLite database on our server
API keys: stored as AES-256 Fernet ciphertext only — we cannot read your keys
Usage data: server access logs, IP addresses (retained for 30 days)
Payment data: handled entirely by Stripe — we store only invoice IDs and payment status, never card details

2. How We Use Your Information

Execute trades on your behalf via the Kraken Futures API
Send account verification and invoice emails
Send Telegram trade alerts (if you enable them)
Calculate profit-share invoices
Detect and prevent fraud or abuse

3. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

Stripe — for invoice and payment processing
Kraken — your encrypted API keys are decrypted in memory only to sign API requests, which are sent directly to Kraken's servers
Law enforcement, if required by valid legal process

4. Data Security

All data is transmitted over HTTPS (TLS 1.2+)
Passwords are hashed with bcrypt (never stored in plain text)
API keys are encrypted with AES-256 at rest
The server runs fail2ban and UFW firewall

5. Data Retention

We retain your account and trade data for as long as your account is active. You may request deletion of your account and all associated data by contacting us. Trade history may be retained for up to 7 years for legal and tax compliance purposes.

6. Cookies

We use a single session cookie (Flask session) to keep you logged in. We do not use tracking cookies or third-party analytics.

7. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your personal data. To exercise these rights, contact us here.

8. Changes

We will notify you via email of any material changes to this policy.