Privacy Policy
Last updated 9 Jun 2026 · Terms · Trading Risk
What we collect
- Account identity from your sign-in provider (Google / Microsoft): email, display name.
- Usage and product data (features used, AI metering, consent records).
- Your exchange API keys — stored encrypted at rest, used only for trade-only execution; we never display the secret (only the last 4 characters) and never log it.
- A salted, non-reversible hash of your IP for the consent log (we do not store raw IPs for consent).
What we do NOT do
- No custody of funds and no withdrawal access — ever.
- We do not sell your personal data.
- We do not read your exchange secret back to the browser.
Why & legal basis
We process data to perform our contract with you (provide the Service), for our legitimate interests (security, abuse prevention, product/AI metering), and to meet a legal obligation (keeping risk-consent and compliance records). Where applicable, your consent is the basis — e.g. the risk acknowledgement you accept at connect.
Deletion, retention & your rights
You may disconnect your exchange keys at any time and request export or deletion of your account and personal data. On a deletion request we erase your account profile and your encrypted exchange keys. The append-only compliance log (risk-consent records, declared country, a salted IP hash — never secrets) is kept in this minimised form for a limited period, typically up to 5 years, where we are required to retain it for legal, audit, and anti-fraud purposes, and is deleted afterwards. You also have the rights to access, rectify, restrict, and object, and to lodge a complaint with your data-protection authority. Contact us to exercise any of these.
Third parties
OAuth providers (Google/Microsoft), the exchange you connect (e.g. Gate.io), and LLM providers for AI features (metered). We share only what's needed to provide the feature.