Privacy Policy

We collect the following categories of information when you use our Service:

Account Information

• Full name and email address (provided at registration)
• Hashed password (we never store passwords in plain text)
• Account role and status

Payment Information

• Transaction IDs, payment method type (card, crypto), and amounts
• We do not store full card numbers — these are handled exclusively by our payment processors (Stripe, Coinbase Commerce, CoinPayments, Razorpay)

Trading Configuration (Cloud Hosting users only)

• MT5 broker server name, account login number, and password
• These credentials are encrypted at rest using AES-256 and are used solely to operate the EA on your behalf

Usage and Technical Data

• IP address, browser type, and device information
• Log data (API requests, error events) for debugging and security purposes

Referral Data

• Referral codes, referred user IDs, and commission amounts (if you participate in our referral programme)
• USDT withdrawal address (provided when you request a payout)

We use the information we collect to:

• Create and manage your account and subscription
• Process payments and send payment confirmation emails
• Operate cloud trading instances on your behalf
• Deliver and validate EA license keys
• Send transactional emails (verification, password reset, subscription alerts)
• Calculate and distribute referral commissions
• Detect and prevent fraud, abuse, and unauthorised access
• Comply with legal obligations

We do not use your data for advertising or sell it to third parties.

We process your personal data on the following legal bases:

• Contract performance: Processing necessary to deliver the Service you subscribed to.
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement.
• Legal obligation: Retaining transaction records as required by applicable law.
• Consent: Where you have explicitly opted in (e.g., marketing communications, if any).

We share your data only with the following categories of third parties, strictly to operate the Service:

• Payment processors (Stripe, Coinbase Commerce, CoinPayments, Razorpay) — for billing and payment verification.
• Email service provider (ZeptoMail) — for transactional email delivery.
• EA infrastructure provider — manages license validation and cloud instance operation. Your MT5 credentials are transmitted in encrypted form.
• Cloud hosting providers — infrastructure that hosts our application and database.

All third-party providers are contractually obligated to process your data only as instructed and to maintain appropriate security standards.

For Cloud Hosting users, your MT5 broker credentials are:

• Encrypted using AES-256 before storage in our database.
• Transmitted over TLS-encrypted connections only.
• Used exclusively to connect the EA to your broker on your behalf.
• Deleted from our systems when you delete your cloud instance.

We strongly recommend using a dedicated MT5 account for automated trading and not reusing your personal or main trading account credentials.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data: Retained for the duration of your account and up to 3 years after deletion for legal/audit purposes.
• Transaction records: Retained for up to 7 years to comply with financial regulations.
• MT5 credentials: Deleted immediately upon cloud instance deletion.
• Log data: Retained for up to 90 days for security and debugging.

We use session storage and browser localStorage to maintain your authenticated session (via JWT tokens). We do not use third-party advertising cookies or tracking pixels.

Our web hosting infrastructure may set functional cookies for load balancing or security purposes. These are strictly necessary for the Service to operate.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your account and associated data (subject to legal retention obligations).
• Restriction: Request that we limit how we use your data.
• Portability: Receive your data in a machine-readable format.
• Objection: Object to processing based on legitimate interests.

To exercise any of these rights, contact us via our contact page. We will respond within 30 days.

We implement industry-standard security measures including:

• AES-256 encryption for sensitive data at rest
• TLS encryption for all data in transit
• Bcrypt password hashing (12 rounds)
• JWT-based authentication with 7-day expiry
• Rate limiting on authentication and license verification endpoints

Despite these measures, no system is completely secure. We cannot guarantee absolute security of your data.

The Service is not directed at persons under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with their information, please contact us so we can delete it.

Your data may be processed and stored in servers located outside your home country. By using the Service, you consent to the transfer of your data to countries that may have different data protection laws than your own. We take appropriate safeguards to ensure your data is protected in accordance with this policy.

We may update this Privacy Policy from time to time. When we do, we will update the effective date and notify registered users by email for material changes. Your continued use of the Service after the updated policy takes effect constitutes your acceptance.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out via our contact page.