Privacy Policy

Last updated: 2026-04-26 · Placeholder — not legal advice. Counsel review required before paid launch in your jurisdiction.

What we collect

• Account: email, bcrypt-hashed password, optional encrypted TOTP secret if you enable 2FA.
• Email-verification + password-reset tokens: stored as SHA-256 hashes only.
• Payment: Stripe customer ID + subscription status. Stripe holds your payment method; we never see it.
• Exchange credentials: your Bitget API key, secret, and passphrase, encrypted at rest with Fernet (symmetric AES-128 + HMAC).
• Discord token (optional): the user token used to ingest Meta Signals; encrypted at rest.
• Strategy config: the JSON your bot uses to filter, size, exit, and risk-cap signals; we keep prior versions as an audit trail.
• Trade data: entries, exits, SLs, TPs, PnL recorded as your bot executes.
• Operational logs: login events, config edits, subscription changes, admin impersonation actions.

What we do with it

• Execute trades per your strategy config on your exchange account.
• Bill your subscription via Stripe.
• Display your own trade history and live positions to you.
• Diagnose support requests (admin impersonation is logged in audit_log).
• Send operational emails — verification, password reset, billing receipts.

What we never do

• Sell your data, profile you for advertising, or share with parties beyond the integrations you enable.
• Trade on your account for our own benefit.
• Disclose your strategy config or trade history.

Third-party processors

• Stripe — payment processing.
• Hetzner — infrastructure hosting (Falkenstein, DE).
• Bitget (and any other exchange you connect) — trade execution.
• Meta Signals / Discord — signal source.
• Resend — transactional email delivery (when configured).

Security posture

• HTTPS-only; HSTS, CSP, X-Frame-Options, Referrer-Policy headers in place.
• Session cookies are HttpOnly + Secure + SameSite=Lax.
• CSRF tokens on every state-changing route.
• Per-IP rate limits + per-account login lockout.
• Per-customer Linux-user isolation: each customer's bot runs as its own system user with state-dir permissions denying other customers' access.
• Daily encrypted backups: Postgres dump + Fernet-encrypted credential key + customer state snapshots; pulled offsite.

Retention

• Active account: until you cancel + 12 months for billing/tax compliance.
• Audit log: 24 months.
• Trade history: yours to export at any time; we keep it associated with your account until deletion.

Your rights

• Export trade history (CSV) any time from History.
• Delete your account from Settings (cancels subscription, removes user-row data + decrypted credentials).
• Request a full data export or erasure beyond the in-app flow at support@gorillaquipster.io.

Contact

support@gorillaquipster.io