Legal Center
Legal Document

Privacy Policy

v1.0.0-draftEffective: 2026-06-01Last updated: 2026-06-01

This is a working draft. The final text must be reviewed by legal counsel before commercial launch.

Quick Summary

TalixTrade is trading-bot software, not an exchange — your funds always stay on your own exchange account. We collect your email, technical data, and your encrypted exchange API keys (stored with withdrawal permission disabled) to run the service, and we never sell your data. AI features send prompts to OpenAI, EU/EEA users have full GDPR rights, and our only contact is [email protected].

This Privacy Policy explains what personal data TalixTrade collects, why we collect it, and how we protect it.

TalixTrade is software for building and running cryptocurrency trading bots. It is not an exchange, bank, broker, custodian, or financial advisor. We never hold your funds, never accept deposits, and never withdraw from your exchange account. Your money always stays on your own exchange (Binance, Bybit, or OKX).

The operator (the party responsible for your data, or "data controller") is Anton Shchur, an Individual Entrepreneur (FOP) registered in Ukraine under registry number 2011600000000040678, address Dnipro, Dnipropetrovsk Oblast, Ukraine.

This is a draft prepared for later review by legal counsel. It is not yet legally vetted.

Data We Collect

  • Account data. Your email address, optional display name, and optional Telegram ID.
  • Authentication data. OAuth tokens from the sign-in method you choose (for example Google, Telegram, or wallet sign-in).
  • Exchange data. Your exchange API keys (stored encrypted), and the account balance and trade history we read through those keys to operate your bots. We only ever connect with an API key that has withdrawal permission disabled.
  • Technical data. Your IP address, the country we derive from it, and basic browser and device information.
  • Cookies. See our Cookie Policy for details on the cookies we use.
  • Payment data. Payments are handled by our payment processor, CryptoCloud. We receive a payment confirmation — we do not receive or store your card details or wallet credentials.

How We Use Data

  • To provide the service — running your bots, performing calculations, and showing your results.
  • To manage your account and keep it secure.
  • To meet legal and compliance duties, such as sanctions screening.
  • To improve the platform through aggregated, privacy-respecting analytics.
  • To send you important operational, security, and billing notices — including a reminder before your access period expires.

We rely on the following legal bases under the GDPR:

  • Contract — to deliver the service you signed up for.
  • Legitimate interests — to keep the platform secure and to improve our product.
  • Consent — for optional analytics and any future marketing, which you can withdraw at any time.
  • Legal obligation — to meet sanctions, tax, and record-keeping requirements.

Sub-processors and Data Sharing

We work with trusted third parties ("sub-processors") who process data on our behalf. They may only use it to provide their service to us.

  • Exchanges — Binance, Bybit, OKX. We send only the trading requests your bots initiate.
  • Payments — CryptoCloud.
  • Hosting and infrastructure — Vercel (United States), Hetzner (Germany), Supabase (European Union).
  • Error monitoring — Sentry.
  • AI features — OpenAI processes the prompts behind features such as the AI Builder, AI Risk Manager, AI Optimizer, and AI Assistant. We do not send your exchange API keys to OpenAI.
  • Anti-bot & network security — Cloudflare. We use Cloudflare Turnstile for anti-bot protection on sign-up, and optionally Cloudflare as a CDN/DNS provider.

We may also disclose data to authorities, but only when the law genuinely requires it (for example, a valid court order).

We do not sell your personal data.

Data Retention

  • Account data — kept while your account is active, and for a short period afterward (up to 6 months) to handle disputes and meet our obligations.
  • Trading history and audit logs — kept for the period required by applicable financial-record and anti-money-laundering rules.
  • Marketing data — kept until you opt out.

When data is no longer needed, we delete or anonymize it.

Your GDPR Rights

If you are in the EU or EEA, you have the right to access, correct, delete, restrict, or port your data, to object to certain processing, and to withdraw consent at any time. You also have the right to complain to your local data protection authority.

See GDPR Data Subject Rights for how to exercise these rights, or email us at [email protected].

International Data Transfers

Our infrastructure spans the European Union (Hetzner, Supabase) and the United States (Vercel), and some sub-processors operate globally. When data leaves the EU/EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs).

Security

We take security seriously:

  • Your exchange API keys are encrypted at rest using AES-256-GCM. The encryption key is stored in a server environment variable, kept separate from the database, and your keys are never sent to the browser or frontend.
  • We only connect to your exchange with an API key that has withdrawal permission disabled, so funds can never leave your account through us.
  • If you wish, you can further restrict your API key on the exchange to our server IP address: 49.13.221.175.
  • We use HTTPS for all connections, along with access controls and regular review.

No system is perfectly secure, but we work hard to protect your data.

Children's Privacy

TalixTrade is intended only for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has used the service, please contact us so we can remove the data.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the platform before they take effect.

Privacy Contact

For any privacy question or request, contact our privacy contact at [email protected].

Questions about this document: [email protected]