Privacy Policy

Last updated: May 30, 2026
Heads up

These documents are provided as a good-faith starting point. They have not been reviewed by a licensed attorney. If you are building on LoopTrading commercially, or have specific legal questions, please consult a qualified lawyer in your jurisdiction before relying on this text.

1. Summary

We collect the minimum information needed to operate LoopTrading: account email, encrypted exchange API keys, the bots and trade history those keys produce, and basic operational telemetry. We never sell your personal data. We do not share your data with third parties except as required to deliver the Service (e.g., sending an email through Resend) or as required by law.

2. Information We Collect

2.1 Account information

  • Email address (required for sign-in and notifications)
  • Name (optional, used for greeting)
  • Hashed password (when signing in with email/password)
  • OAuth profile data from Google (when signing in via Google SSO) — limited to email, name, and profile image

2.2 Exchange integration data

  • API key identifiers (the public "key" portion, stored in plaintext)
  • API secrets — encrypted with AES-256 at rest using a key stored separately from the database. We never log or display plaintext secretsafter they're saved.
  • Account balances, trade history, and fill data fetched from the exchange to power the dashboard and bot decisions.

2.3 Bot and trading data

  • Bot configurations (symbol, offsets, snowball %, etc.)
  • Every order placed on your behalf and its outcome (fill price, fees, P&L)
  • Price candles per active bot (one per minute) for chart and analytics rendering

2.4 Operational telemetry

  • Server logs (request paths, response codes, error stack traces) for ~30 days
  • Aggregated usage counters (Redis commands, emails sent) for cost projections in our admin panel — no per-user behavioral tracking
  • Crash and exception data via Sentry (when enabled), redacted of personal data where feasible

2.5 Payment data

Subscription payments are processed by Stripe. We do not store credit card numbers, CVV codes, or billing addresses. We store only the Stripe customer/subscription identifiers needed to manage your subscription state.

3. How We Use Your Information

  • Operate the Service — run your bots, render your dashboard, send trade and summary notifications you opt into.
  • Customer support — respond when you contact us.
  • Improve the Service — diagnose bugs, monitor health, plan capacity.
  • Comply with the law — respond to lawful requests; detect and prevent fraud or abuse.

We do not use your data for advertising, do not run third-party trackers, and do not share your trading activity with anyone.

4. Third-Party Service Providers

We rely on a small number of providers to deliver the Service. Each receives only the data they need:

  • Vercel — web hosting
  • Neon (Postgres) — primary database
  • Upstash (Redis) — caching and rate limiting
  • Resend — transactional email delivery
  • Stripe — subscription billing
  • Sentry — error tracking (optional, can be disabled by us)
  • Cryptocurrency exchanges (Binance.US, Coinbase, Kraken) — only requests YOU explicitly authorize by connecting an API key

5. Data Retention

  • Active accounts — data retained for the life of the account.
  • Closed accounts — most personal data deleted within 30 days of deletion request. We may retain aggregated and anonymized data, plus records required by law (e.g., tax records).
  • Server logs — ~30 days.
  • Encrypted API secrets — deleted immediately when you remove the key from your account.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data (subject to legal retention requirements)
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent (where consent is the basis for processing)

To exercise any of these rights, contact [email protected]. We typically respond within 30 days.

7. Security

  • All traffic is TLS-encrypted in transit.
  • API secrets are AES-256 encrypted at rest with a key stored separately from the database.
  • Passwords are hashed with bcrypt (industry standard).
  • Access to production systems is limited to authorized personnel and protected by 2FA.
  • We monitor for unauthorized access and will notify affected users without undue delay in the event of a confirmed breach.

No system is perfectly secure. You can reduce your own risk by enabling 2FA on your exchange account, never enabling withdrawal permissions on connected API keys, and using a unique password for LoopTrading.

8. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

9. International Users

LoopTrading is operated from the United States. By using the Service, you consent to the transfer of your information to the U.S., which may have different data protection laws than your home jurisdiction.

10. Changes to this Policy

Material changes will be announced via email and/or in-app notification. The "Last updated" date at the top of this page always reflects the most recent revision.

11. Contact

Privacy questions: [email protected]

Terms of ServicePrivacy PolicyRisk DisclosureLoopTrading © 2026