Privacy Policy

Last updated: April 2026

1. Information We Collect

Account Information

  • Email address and display name
  • Password (stored as bcrypt hash — never in plaintext)
  • Google account data (if you use Google login)

Trading Data

  • Exchange API keys (encrypted AES-256, never exposed)
  • Trade history, positions, and performance data
  • Risk settings and preferences

Telegram Data

  • Session data (encrypted AES-256 with separate key)
  • Channel subscriptions and signal history

Usage Data

  • Page views and feature usage patterns
  • Device type, browser, and IP address
  • Error logs for platform improvement

2. How We Use Your Data

  • Provide and operate the Copy.XTradeOS platform
  • Execute trades on your behalf via connected exchanges
  • Send trade notifications and account alerts
  • Platform analytics and performance monitoring
  • Customer support and dispute resolution
  • Fraud prevention and security monitoring

3. Data Protection

We apply multiple layers of encryption to protect your sensitive data.

  • API keys: AES-256-GCM encryption, decrypted only at execution time
  • Telegram sessions: AES-256-GCM with a separate encryption key
  • Passwords: bcrypt with salt rounds = 12
  • Transport: All data transmitted over HTTPS/TLS 1.3
  • Database: Encrypted at rest, access-controlled

4. Data Sharing

We do NOT sell your personal data. We share data only with:

  • Exchange APIs (Binance, Bybit, MT4/MT5) — to execute trades on your behalf
  • Payment processors — to process subscription payments
  • HTCB ecosystem — only if you explicitly opt in for points and rewards

We may disclose data to law enforcement when required by applicable law.

5. Data Retention

  • Account data: Retained while your account is active
  • Trade history: Retained for 2 years after last activity
  • Deleted accounts: Data removed within 30 days of deletion request
  • Logs: System logs retained for 90 days

6. Your Rights

  • Access: Export your data via Settings → Export
  • Deletion: Delete your account via Settings → Delete Account
  • Opt out: Unsubscribe from marketing emails at any time
  • Disconnect: Remove Telegram session at any time via Settings
  • Correction: Update your profile information in Settings

7. Cookies

We use only essential cookies:

  • Session authentication tokens (stored in localStorage)
  • User preferences (language, theme)

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

8. Children

Our services are not intended for users under 18 years of age. We do not knowingly collect data from children.

9. International Transfers

Data is processed on servers in Singapore. By using our service, you consent to data transfer to Singapore. We ensure appropriate safeguards for international transfers.

10. Security Incidents

In the event of a data breach that affects your account, we will notify you within 72 hours via email.

11. Changes to This Policy

We may update this policy. We will notify you of significant changes via email. The updated policy will be posted with a new "Last updated" date.

12. Contact

For privacy questions or data requests, contact us at privacy@xtradeos.com.