Privacy Policy
Last updated: April 2026
DeepAlpha (“we”, “us”, “our”) respects your privacy. This policy explains what personal data we collect, how we use and protect it, and your rights regarding that data.
1. Data We Collect
| Data Type | Details |
|---|---|
| Account information | Email address, name, and hashed password (bcrypt, 12 rounds) |
| Exchange API keys | Your Bybit API key and secret, encrypted with AES-256 (Fernet) |
| Trading data | Positions, trades, and PnL generated by the bot on your account |
| Usage data | Login timestamps, IP addresses, pages visited, and basic analytics |
| Payment data | Processed by Gumroad / NOWPayments. We do not store credit card or wallet details |
| Communications | Support messages sent via email or Tawk.to live chat |
2. How We Use Your Data
- Provide the Service: Execute trades on your exchange account via API, display your dashboard, and manage your subscription.
- Communicate: Send transactional emails (welcome, password reset, trial expiry, service updates) via Resend.
- Improve the product: Analyze aggregated, anonymized usage data to improve our AI models and platform experience.
- Security & fraud prevention: Monitor for suspicious activity and protect the integrity of the platform.
- Legal compliance: Comply with applicable laws and respond to lawful requests from authorities.
3. Data Storage & Security
- All data is stored in a PostgreSQL database on a European VPS (Hetzner, Germany).
- API keys are encrypted at rest using AES-256 (Fernet) encryption. The encryption key is stored separately from the database.
- Passwords are hashed with bcrypt (12 salt rounds) and are never stored in plaintext.
- All connections to our platform use HTTPS/TLS encryption in transit.
- Access to production servers is restricted and protected by SSH key authentication.
- We never store your exchange password, withdrawal credentials, or payment card numbers.
4. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Resend | Transactional email delivery | Email address, name |
| NOWPayments | Cryptocurrency payment processing | Payment amount, order ID |
| Gumroad | Subscription and payment processing | Email, payment info (handled by Gumroad) |
| Tawk.to | Live chat support widget | Chat messages, IP address, browser info |
| Bybit API | Trade execution | Encrypted API keys (sent directly to exchange) |
We do not sell, rent, or trade your personal data to any third party. Data is shared with the above services only as necessary to provide the Service.
5. Cookies
We use minimal cookies strictly necessary for the Service to function:
- JWT session token: Stored as an HTTP-only cookie to authenticate your session. Expires when you log out or after the session timeout.
- We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
- Tawk.to may set its own cookies for the live chat widget functionality.
6. Data Retention
- Account data: Retained as long as your account is active.
- Trading data: Retained for performance analytics and reporting while your account is active.
- Upon account deletion: All personal data, API keys, and trading data are permanently deleted within 30 days of your request.
- Anonymized data: Aggregated, anonymized data (which cannot identify you) may be retained indefinitely for model improvement and research.
- Backups: Data in encrypted backups is overwritten within the standard backup rotation cycle (maximum 90 days).
7. Your Rights
Regardless of your location, you have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Deletion: Request permanent deletion of your data (“right to be forgotten”).
- Data portability: Receive your data in a structured, machine-readable format (JSON export).
- Objection: Object to processing of your data for purposes beyond providing the Service.
- Restriction: Request that we limit processing of your data in certain circumstances.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. GDPR Compliance
If you are located in the European Economic Area (EEA), the following additional provisions apply:
- Legal basis for processing: We process your data based on (a) your consent when you create an account, (b) the necessity to perform our contract with you (providing the trading service), and (c) our legitimate interests in improving the Service and preventing fraud.
- Data controller: DeepAlpha is the data controller for your personal data.
- Data location: Your data is stored on servers located in the European Union (Germany).
- International transfers: Some third-party services (Gumroad, Tawk.to) may transfer data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place.
- Supervisory authority: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe your data rights have been violated.
9. Children
DeepAlpha is not intended for use by anyone under 18 years of age. We do not knowingly collect personal data from minors. If we learn that we have collected data from a person under 18, we will delete it promptly.
10. Changes to This Policy
We may update this privacy policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. The “Last updated” date at the top of this page reflects the most recent revision. We encourage you to review this policy periodically.
11. Contact
For any privacy-related questions, data requests, or concerns, please contact us at:
DeepAlpha
Data Controller
Email: [email protected]