Privacy Policy

1. Controller and Contact

Controller: Bot4Trade GmbH (hereafter "Bot4Trade", "we", "us" or "our"). Our registered office is in Austria.

Contact for data protection / privacy: privacy@bot4trade.com

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact the address above.

2. Scope and Overview

This Privacy Policy explains what personal data we collect, how and why we use it, with whom we share it, how long we keep it, your rights under applicable law (including the EU General Data Protection Regulation — GDPR), and how to contact us or the relevant supervisory authority.

The Policy applies to personal data collected when you visit or use our website, subscribe to or use our services, register an account, contact support, or otherwise interact with Bot4Trade.

3. Data We Collect

We collect only the personal data necessary to provide and improve our Service. This may include:

  • Account data: name, email address, username and other registration details you provide when creating an account.
  • Authentication & access data: password hashes, account settings and preferences, and records of successful and failed login attempts.
  • Usage & technical data: IP address, device and browser information, operating system, timestamps, pages viewed and actions taken within the Service, and other log data used for security and diagnostics.
  • API activity logs: records of API calls made by the bot (for example, symbols traded, order types, quantities, timestamps). We never collect your exchange API secrets or private keys.
  • Payment & billing metadata: payment transaction identifiers, invoices and billing emails. Full payment card numbers are not stored by us — payments are processed by third-party payment providers (e.g. PayPal, Stripe or crypto payment processors).
  • Support communications: messages and attachments you send to our support team (email content, screenshots, logs you provide).
  • Comments: if you leave comments on our site we collect the data you enter in the comment form, your IP address, and browser user agent string to help detect spam. An anonymized string (hash) of your email may be provided to the Gravatar service to check for an associated avatar.
  • Media metadata: if you upload images, those files may contain embedded metadata (e.g., EXIF GPS). You should remove sensitive metadata before uploading if you do not want it publicly available.

4. How We Use Your Data (Purposes)

We use personal data for these primary purposes:

  • To provide, operate and maintain the Service (account management, executing configured trading strategies, interfacing with exchanges via APIs).
  • To process payments and billing.
  • To provide customer and technical support and respond to inquiries.
  • To detect, prevent and mitigate fraud, abuse and security incidents, and to protect the Service and our users.
  • To analyze usage and performance in order to improve and personalize the Service (this may include aggregated or pseudonymized analytics for product and algorithm improvement).
  • To comply with legal and regulatory obligations and to enforce our Terms of Use.

5. Legal Bases for Processing

Under the GDPR, our lawful bases for processing personal data include:

  • Contractual necessity (Art. 6(1)(b)): processing necessary to perform our contract with you (e.g., account management, executing trades you authorize, billing).
  • Legitimate interests (Art. 6(1)(f)): for security, fraud prevention, improving the Service, and maintaining the stability and functionality of our systems, balanced against your rights and freedoms.
  • Consent (Art. 6(1)(a)): where required (for example for non-essential cookies or marketing communications) we ask for consent and you may withdraw it at any time.
  • Legal obligations (Art. 6(1)(c)): where processing is required to comply with a legal duty (e.g., accounting, tax, anti-money laundering obligations).

6. Cookies, Tracking and Similar Technologies

We use cookies and similar technologies to operate the Service, maintain sessions, and (where permitted) for analytics and feature improvements. Below are examples of cookie types used on our site:

  • Essential / functional cookies: required for login/session management and basic site functionality. These cookies cannot be disabled without affecting core functionality.
  • Authentication cookies: used to keep you logged in. Login cookies typically expire after two days; if you select "Remember Me" the authentication may persist for two weeks.
  • Screen options / preferences: stored for up to one year.
  • Comment cookies: if you choose to save name, email and website for comments, those cookies last for one year.
  • Analytics / performance cookies: we may use services such as Google Analytics or similar providers to collect aggregated usage statistics. These cookies and trackers are used only with appropriate legal basis or your consent where required.

You can manage cookie preferences through your browser settings and, where available, our cookie consent banner. Disabling some cookies may reduce functionality.

7. Comments and Public Content

If you post comments to our public blog or community pages your comment and associated metadata may remain visible to other users until removed. We retain comments and metadata by default indefinitely (or until you request deletion) to allow recognition and moderation of follow-up comments.

An anonymized hash of your email may be sent to Gravatar to check for an avatar. Gravatar privacy policy (opens in new tab)

8. Media Uploads

When you upload images to our website, avoid including embedded location data (EXIF GPS). Anyone who can download the images can extract such metadata.

9. Embedded Content from Other Sites

Articles and pages may include embedded content (e.g., videos, images, social embeds). Embedded content behaves as if you visited the external site directly — those external sites may set cookies, collect data, and track your interaction with the embedded content. We are not responsible for third-party websites' privacy practices.

10. Who We Share Your Data With

We do not sell or rent your personal data. We may disclose personal data to:

  • Service providers & processors: third parties who process data on our behalf under contract and confidentiality obligations (examples: cloud hosting providers, email delivery services, payment processors such as PayPal or Stripe, analytics providers, and customer support platforms).
  • Exchanges: when you configure API connections, your trades are executed via the exchange under your account — we may store API call logs but we do not hold your funds or exchange secrets.
  • Security & fraud prevention partners: to detect and prevent abuse. Visitor comments may be checked through automated spam detection services.
  • Legal & regulatory authorities: when required by law or to respond to lawful requests (e.g., subpoenas, regulatory investigations) or to prevent fraud or illegal activity.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the business transaction (we will require the acquirer to honor this Privacy Policy).

We only share the minimum data necessary for each purpose and require our processors to implement appropriate safeguards and not to use the data for other purposes.

11. International Data Transfers

Some of our processors and service providers may transfer data outside the European Economic Area (EEA). Where data is transferred outside the EEA we will ensure appropriate safeguards are in place, for example:

  • Standard Contractual Clauses (SCCs) adopted by the European Commission,
  • an adequacy decision by the European Commission for a country, or
  • other lawful transfer mechanisms permitted under data protection law.

Contact privacy@bot4trade.com if you would like details of the safeguards used for a particular transfer.

12. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law. Typical retention periods include:

  • Account data: retained while your account is active and for a reasonable period after account deletion to handle disputes, fraud prevention and legal obligations.
  • API & activity logs: retained for operational, security and troubleshooting purposes (typical retention: 180 days).
  • Support communications: retained as long as needed to resolve the issue and for a reasonable period thereafter (e.g., 1–3 years), unless legal obligations require longer retention.
  • Comments: retained indefinitely by default until removed or deleted by the commenter.
  • Billing & accounting records: retained in accordance with applicable tax and commercial laws (in many jurisdictions this is 7 years).
  • Backups: backups containing personal data may be retained for a limited period (commonly up to 1 year) for disaster recovery.

13. Security

We implement technical and organizational measures to protect personal data against unauthorized access, loss, alteration or disclosure. Measures include: encryption in transit and at rest, access controls, pseudonymization for analytics where possible, regular security testing and vulnerability management, secure backups and strict internal access policies.

However, no system can be 100% secure — please also take precautions such as using a strong password and enabling two-factor authentication on your exchange accounts.

14. Your Rights

Under the GDPR you have a number of rights in relation to your personal data, subject to applicable limitations:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"): request deletion of your personal data where we have no lawful reason to retain it.
  • Right to restrict processing: request that we stop or limit processing while a dispute is resolved.
  • Right to data portability: where applicable, request a machine-readable copy of the data you provided to us.
  • Right to object: object to processing based on legitimate interests, including profiling based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, you may withdraw that consent at any time.
  • Right to lodge a complaint: you may lodge a complaint with a supervisory authority (in Austria: the Data Protection Authority — Datenschutzbehörde — or the authority in your member state).

To exercise any right, contact us at privacy@bot4trade.com. We will verify your identity before responding and will generally respond within one month. Where requests are complex we may extend this period and will inform you.

15. Automated Decision-Making and Profiling

We do not use fully automated decision-making or profiling that produces legal effects concerning you. If any automated processing that has significant effects is introduced in the future, we will notify affected users and provide information on how decisions are made and how you can request human review.

16. Where Your Data Is Sent / Spam Detection

Visitor comments may be checked through automated spam detection services (for example Akismet or similar services). These services may process comment data including your IP address and user agent. We and our service providers may also share limited data with fraud detection and security partners when necessary to protect the Service and our users.

17. Children

Our Service is not directed at children under the age of 16 (or the applicable age of consent in the user's jurisdiction). We do not knowingly collect personal data from children under that age. If you believe we have collected personal data from a child, please contact us at privacy@bot4trade.com and we will take steps to delete it.

18. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. When we make material changes we will post the updated policy on our website with a new "Last updated" date. Continued use of the Service following publication of changes constitutes acceptance of the updated policy.

19. Contact & Supervisory Authority

If you have questions about this Policy or wish to exercise your rights, contact: privacy@bot4trade.com

If you are not satisfied with our response you may lodge a complaint with a supervisory authority. In Austria the supervisory authority is the Data Protection Authority (Datenschutzbehörde).

Our Commitment

Bot4Trade is committed to protecting your privacy and processing personal data transparently and lawfully. Thank you for trusting us with your information.

Document version 2.0 • Last modified: