Legal

Privacy Policy

Last updated: May 25, 2026

DRAFT. This is a structural skeleton. The final version (with full GDPR / CCPA compliance) will be published before the launch of paid subscriptions.

1. What data we collect

  • Account: email, name (if provided), password hash, OAuth IDs (Google/Telegram).
  • Exchange API keys: encrypted with AES-256-GCM, accessible only to our engine for order execution. Never displayed in plain text after the initial save.
  • Trading data: order history, PnL, bot settings — used for reports and UI.
  • Technical: IP address, user-agent, session timestamps — for security purposes.
  • Billing: handled via Stripe (card / IBAN is not stored on our side, only the Stripe customer ID).

2. How we do NOT use your data

  • We do not sell it to third parties.
  • We do not use it for ad targeting.
  • We do not share it with exchanges or other users.

3. Sub-processors

We rely on the following services:

  • Stripe — payment processing (PCI-DSS Level 1).
  • Resend — sending email notifications.
  • Cloudflare — DDoS protection, CDN.
  • OpenAI — AI bot-builder and assistant (prompt + general features only, no personal data).
  • Sentry — error tracking (stack traces only, no user input).
  • Postgres hosting — primary database, encrypted at rest.

4. Retention periods

  • Account — while active + 30 days after deletion (in case of recovery).
  • Security logs — 1 year.
  • Order history — while the account is active (compliance requirement).
  • API keys — deleted immediately when the exchange connection is removed.

5. Your rights (GDPR / CCPA)

  • Request a copy of all data we hold about you.
  • Correct inaccurate data through your settings.
  • Delete your account and all associated data.
  • Export your trading history.
  • Opt out of marketing emails (transactional emails remain).

Requests — to privacy@talixtrade.com. We respond within 30 days.

6. Cookies

We use strictly-necessary cookies for authentication (NextAuth session) and language preference. There are no marketing or analytics cookies without consent.

7. Security

  • All passwords are hashed with bcrypt (cost 10+).
  • Exchange API keys are encrypted with AES-256-GCM and a unique IV.
  • 2FA (TOTP) is recommended — can be set up in Settings.
  • All connections use HTTPS / TLS 1.3.
  • Database isolation: personal data, billing and logs are kept separate.

8. Contact

Any privacy-related questions — privacy@talixtrade.com.