Last updated: March 2026

Privacy Policy

TraderBotz LLC ("TraderBotz," "we," "us," or "our") operates a SaaS automated trading platform including a web app, iOS app, and REST API. This Privacy Policy explains how we collect, use, share, and protect your information.

1. Information We Collect

We collect information you provide directly, information generated through use of our services, and information from third-party sign-in providers.

Account Information

  • Username and email address
  • Password (stored as bcrypt hashes; we never store plaintext passwords)

Exchange Credentials

  • API keys and secrets for Crypto.com, Coinbase, Robinhood, and Polymarket
  • Encrypted at rest using Fernet (AES-128-CBC + HMAC-SHA256)
  • Stored encrypted; we decrypt only when needed to execute trades on your behalf

Two-Factor Authentication

  • TOTP 2FA secrets, encrypted at rest

Usage Data

  • Bot configurations (strategy, parameters, instruments)
  • Trade history and execution records
  • Portfolio snapshots
  • Basket allocations and rebalance events

OAuth Data

  • Apple Sign In and Google Sign In identity tokens
  • Verified server-side; we receive only the identifiers and profile data provided by the provider

Billing

  • Payments processed by Stripe (web) and Apple In-App Purchase (iOS)
  • TraderBotz does not store credit card numbers; billing data is held by Stripe and Apple

Community Content

  • User-generated content on community.traderbotz.com (posts, comments, profile information)

2. How We Use Your Information

We use your information to operate, secure, and improve our platform.

  • Authenticate you and manage your account
  • Execute trades and manage bots on your behalf using your exchange API credentials
  • Store and display your bot configurations, trade history, and portfolio data
  • Provide AI-powered analysis (market data is sent to AI providers; personal data is not)
  • Process subscriptions and payments via Stripe and Apple
  • Send transactional emails (password reset, 2FA setup, billing confirmations)
  • Enforce rate limits, detect abuse, and protect against unauthorized access
  • Comply with legal obligations and respond to lawful requests

3. How We Share Your Information

We share data only as necessary to operate the service and as described below.

Exchanges

Crypto.com, Coinbase, Robinhood, and Polymarket receive API calls from our engine to execute trades, check balances, and fetch market data. These calls use your API credentials; the exchanges process requests according to their own privacy policies.

AI Providers

AWS Bedrock and OpenAI receive market data (e.g., instrument names, prices, candlestick data) for analysis and signal validation. We do not send personal data to AI providers.

Payment Processors

Stripe processes web payments; Apple processes In-App Purchases. Each receives only the data required for payment processing. TraderBotz does not store credit card numbers.

Legal and Safety

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of TraderBotz, our users, or others.

4. Data Security

We implement industry-standard measures to protect your data.

  • Encryption at rest: Exchange API keys and TOTP secrets are encrypted with Fernet (AES-128-CBC + HMAC-SHA256)
  • Encryption in transit: All traffic uses TLS; Caddy enforces HSTS
  • Password hashing: Passwords hashed with bcrypt
  • Rate limiting: API endpoints are rate-limited to prevent abuse
  • Account lockout: Failed login attempts trigger lockout
  • Non-custodial: We never store or have access to your funds; trading occurs through your own exchange accounts

5. Cookies and Local Storage

We use cookies and local storage for authentication and session management.

  • Session cookies: Legacy ct_session cookie for web authentication
  • JWT tokens: Access and refresh tokens stored in browser memory or localStorage for API authentication
  • Access tokens: Expire in 1 hour
  • Refresh tokens: Expire in 7 days

You can clear cookies and local storage at any time; you will need to log in again.

6. Data Retention

We retain data as long as your account is active and as needed for legal, tax, or audit purposes.

  • Account data: Retained while your account is active
  • Trade history: Retained for tax and audit purposes
  • Deleted accounts: We may retain certain data as required by law or for legitimate business purposes

7. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate information via your account settings or by contacting us
  • Deletion: Request deletion of your account and associated data
  • Portability: Request an export of your data
  • Opt-out: Unsubscribe from marketing emails; transactional emails (e.g., password reset) cannot be opted out

To exercise these rights, contact us at support@traderbotz.com. We will respond within a reasonable timeframe.

8. Children's Privacy

TraderBotz is not directed at anyone under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us and we will delete it promptly.

9. International Users

Our services are operated from the United States. If you access TraderBotz from outside the U.S., your data may be transferred to and processed in the United States. By using our services, you consent to such transfer and processing.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Material changes may be communicated via email or a notice in the app. Continued use of TraderBotz after changes constitutes acceptance of the updated policy.

11. Contact Us

For questions about this Privacy Policy or our data practices, contact us:

TraderBotz LLC

support@traderbotz.com