1. Information We Collect
Account Information
When you create an AlsaTrade account, we collect your name, email address, and password (stored as a bcrypt hash). If you enable two-factor authentication, we store your encrypted OTP secret.
Exchange API Keys
When you connect an exchange account, we collect your API key and secret. These are encrypted using AES-128-CBC (Fernet) encryption with per-exchange encryption keys before storage. We never store plaintext credentials.
Trading Data
We store records of trades executed through the Platform, including strategy signals, webhook events, bot executions, and order history. This data is used to provide analytics, backtesting, and performance tracking features.
Usage Data
We collect basic usage information such as pages visited, features used, and session duration. This helps us improve the Platform and troubleshoot issues.
2. How We Use Information
We use your information to:
- Execute trades on your behalf through connected exchange accounts
- Provide trading analytics, performance metrics, and backtesting results
- Process webhook signals and automated strategy executions
- Enforce risk management limits you configure (daily loss caps, position limits)
- Send account-related notifications (security alerts, strategy events)
- Provide customer support and respond to inquiries
- Improve Platform features and performance
3. Data Storage & Security
Your data is protected through multiple layers of security:
- Encryption at rest: API keys are encrypted with AES-128-CBC (Fernet) using per-exchange encryption keys
- Encryption in transit: All communications use HTTPS/TLS
- Authentication: JWT tokens with httpOnly cookie refresh tokens and session tracking
- Database: PostgreSQL hosted on AWS with connection pooling and advisory locks
- Credential rejection: The system rejects any attempt to store unencrypted credentials
We retain your data for as long as your account is active. Upon account deletion, your API keys are immediately removed. Trading history and analytics data are purged within 30 days of account deletion.
4. Cookies & Tracking
AlsaTrade uses the following cookies:
- Authentication cookies: httpOnly refresh token cookies for secure session management
- Preference cookies: Theme preference (dark/light mode) stored in localStorage
- Session cookies: Temporary cookies for CSRF protection and session state
We do not use third-party tracking cookies, advertising cookies, or analytics services that track individual users across websites. We do not sell or share cookie data with third parties.
5. Data Sharing
We do not sell your personal data. We share data only in these limited circumstances:
- Exchange APIs: API keys are sent to your connected exchanges to execute trades. This is the core function of the Platform.
- Infrastructure providers: AWS hosts our database and servers. They process data on our behalf under strict data processing agreements.
- Legal requirements: We may disclose information if required by law, regulation, or valid legal process.
We never share your API keys, trading strategies, or performance data with other users or third parties.
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data stored on the Platform
- Correction: Update inaccurate personal information through your account settings
- Deletion: Delete your account and all associated data
- Export: Export your trading history and analytics data in CSV format
- Revoke access: Disconnect exchange API keys at any time through settings
To exercise any of these rights, use the relevant feature in your account settings or contact us through our Contact page.
7. Contact Information
For privacy-related questions or requests, please contact us through our Contact page and select "General Inquiry" as the subject.
We aim to respond to all privacy requests within 30 days.