Your data, first-party only.

A plain-English summary of how we handle your data. The full, binding privacy policy lives in the app.

What we collect

• Account details — email, and whatever you add to your profile.
• Exchange API keys — encrypted at rest with AES-256, scoped to trade-only (never withdrawal).
• Trading data needed to run the product — your configs, trades, journal entries.
• Anonymous product-usage analytics, first-party and self-hosted.

How we protect it

• API keys and secrets are Fernet-encrypted, versioned and rotated. A stolen database row reveals nothing without the encryption key.
• Decryption is memory-safe; secrets are scrubbed from logs and crash reports.
• We never request withdrawal scope, so we physically cannot move your funds.

What we do not do

• We do not sell your data. Ever.
• No third-party ad trackers, pixels or session-replay — see cookies.
• No sharing of your trading activity with anyone, except where legally compelled.

Your rights

You can export your data and request deletion of your account at any time. Some records (e.g. the immutable trade audit log) are retained as required for integrity and compliance.

// full policy in-app · [email protected]