1. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email address, hashed password, subscription tier | Authentication, account management |
| Usage data | Pages visited, features used, session duration | Service improvement, analytics |
| Exchange API keys | Read-only API key & secret for Binance, Coinbase, Kraken | Portfolio fetching only |
| Device data | IP address, browser type, device identifiers | Security, fraud prevention |
| Portfolio data | Asset holdings, transaction history fetched via API | Portfolio tracking features |
We do not collect payment card details directly — payments are processed by our payment provider.
2. How We Use Your Data
- Provide, operate, and improve the Service
- Authenticate you and manage your account and subscription
- Generate personalised portfolio signal exposure reports
- Send transactional emails (password reset, subscription changes)
- Monitor for security threats and prevent abuse
- Comply with legal obligations
We do not use your data to train ML models, sell advertising, or profile you for third-party purposes.
3. Exchange API Keys
When you connect an exchange account, your API key and secret are encrypted at rest using AES-256 encryption and stored in our database. We only request read-only permissions — we cannot place trades, withdraw funds, or perform any write operations on your exchange account.
API keys are never transmitted to third parties and are only used to fetch your portfolio data on demand.
4. Data Sharing
We do not sell your personal data. We may share data with:
- Service providers — infrastructure, hosting, error monitoring (e.g. Sentry) operating under data processing agreements
- Payment processors — for subscription billing, who have their own privacy policies
- Legal authorities — when required by law or to protect the rights and safety of our users
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where retention is required by law. Signal history data may be retained in anonymised, aggregated form for platform analytics.
6. Security
We implement industry-standard security measures including encrypted data storage, HTTPS-only transmission, and access controls. However, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and personal data
- Object to or restrict certain processing activities
- Data portability — receive your data in a machine-readable format
To exercise these rights, contact us at [email protected].
8. Cookies
We use cookies and local storage for authentication tokens, user preferences, and cached portfolio data. See our Cookie Policy for full details.
9. Children's Privacy
The Service is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or via a notice on the platform. Continued use of the Service after changes constitutes acceptance of the updated policy.
Privacy enquiries
Email: [email protected]
We aim to respond to all privacy-related requests within 30 days.