Privacy Policy

We may collect account data such as your email address, username, password hash, referral code usage, support messages, and notification preferences.

We may collect integration and platform data such as connected exchange labels, encrypted API credentials, exchange validation status, bot settings, backtest configurations, trading records, subscription and balance information, and contact-form submissions.

We may automatically collect technical and usage data such as IP address, browser type, device information, operating system, timestamps, referrers, error diagnostics, page interactions, and similar log data generated when you use the Services.

We also use cookies and similar technologies, including local storage and secure cookies, to remember your language, theme, authentication state, consent choices, and, if you allow it, analytics information. See our Cookie Policy for details.

When you choose to sign in or link Google, we receive data such as your Google account identifier, email address, and profile name from Google.

When you link Telegram, we receive your Telegram chat identifier, username, and related messaging metadata needed to deliver notifications. We may also receive transaction and status data from payment providers, exchanges, email providers, and webhook events connected to the Services.

We use personal data to provide and maintain the Services, authenticate users, run account features, process billing, deliver transactional messages, operate trading and backtesting tools, and respond to support requests. Where applicable, this is necessary to perform our contract with you.

We also use data for security, fraud prevention, abuse detection, troubleshooting, service improvement, reporting, and internal administration. Where applicable, this is based on our legitimate interests in operating a reliable platform.

We rely on consent where required for optional analytics technologies, optional marketing communications, and certain optional integrations or preferences. We may also process data where necessary to comply with legal obligations, lawful requests, tax and accounting duties, or dispute handling.

We may share data with service providers that help us operate the Platform, including hosting and infrastructure providers, email providers, payment processors, analytics providers, customer-support tools, and messaging providers.

We may also share data with exchanges and integration partners when you direct us to connect those services, with professional advisers, with law enforcement or regulators when required, and in connection with a merger, investment, restructuring, or sale of all or part of our business.

We do not sell your personal data for money. We do not disclose exchange API secrets in plain text to other users or public audiences.

Our providers and infrastructure may operate in multiple countries. As a result, your personal data may be processed outside the country where you live, including in countries that may not provide the same level of legal protection.

When we transfer data internationally, we take reasonable steps to protect it, such as using contractual safeguards, limiting access, and selecting providers that support appropriate security controls.

We keep account, trading, support, and billing records for as long as needed to provide the Services and for a reasonable period afterward to handle security, fraud prevention, backup integrity, disputes, audits, and legal or accounting obligations.

Some records are intentionally short-lived. For example, refresh tokens are designed to expire after seven days, password reset tokens after about 30 minutes, and Telegram link tokens after about 15 minutes. Browser-side identifiers such as consent choices, theme, and locale remain until they expire, you change the setting, or you clear your browser data. The short-lived access token is kept in browser memory during your session, and the longer-lived refresh token is stored in an HttpOnly cookie.

We use technical and organisational measures designed to protect personal data, including encryption in transit, password hashing, encryption of stored exchange API secrets at rest, access controls, and operational monitoring.

No security measure is perfect, and no system can guarantee absolute security. You are also responsible for choosing strong passwords, protecting your devices, and using exchange API keys with the minimum permissions necessary for your intended use. Security reports can be sent to security [at] steadyedge.net.

The Platform may execute automated strategies, analytics, and backtests based on rules and parameters that you configure. These features are designed to follow your instructions and market inputs; they are not used by us to make legal or similarly significant decisions about you as an individual.

We may use aggregated or de-identified usage statistics to understand product performance, improve reliability, and plan features. Where required, we obtain consent before collecting optional analytics data tied to your device or browser. If our Google Analytics property is linked to Google Ads and you grant marketing consent, Google may also use advertising cookies or identifiers and related consent signals from the site for advertising measurement, optimisation, audience building, and conversion reporting in accordance with your consent and Google account settings.

Depending on where you live, you may have rights to request access to your personal data, correction, deletion, restriction, objection, portability, or withdrawal of consent. You may also have the right to complain to a data-protection regulator.

You can update some information inside your account, unlink Google or Telegram, reject optional cookies, sign out, or contact privacy [at] steadyedge.net to request assistance. Where we rely on consent, withdrawing consent does not affect processing already carried out before withdrawal. For Google-linked advertising features, Google also offers controls such as Ads Settings and My Activity to review or delete relevant data.

The Services are not intended for children, and we do not knowingly provide the Platform to anyone under 18.

We may update this Privacy Policy from time to time. When we do, we will post the revised version and update the "Last updated" date. If the changes are material, we may also provide additional notice.

For privacy-related requests or concerns, contact privacy [at] steadyedge.net.