Privacy Policy
Section 1 Introduction and Scope
This Privacy Policy (“Policy”) explains how AlgoTrade (“we,” “us,” “our,” or “the Company”) collects, uses, stores, protects, and shares your information when you interact with our platform, including:
The AlgoTrade web application
The AlgoTrade Telegram bot
Our Gitbook documentation
Any associated features, services, and communication channels.
By using AlgoTrade, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, you must immediately cease using our services.
1.1 Our Commitment to Privacy
We are committed to protecting your privacy and safeguarding your personal and trading-related data. Our guiding principles are:
Transparency: We clearly explain what data we collect and why.
Minimal Data Collection: We only collect what is necessary to operate our services.
Security by Design: Data security is integrated into our technology stack from the start.
User Control: You control your API keys, your strategies, and your trading activity.
1.2 API Key Security
AlgoTrade integrates with Hyperliquid via API keys to enable manual and automated trading. Your API keys are:
Encrypted at rest and in transit using industry-standard encryption protocols.
Never viewable by any AlgoTrade team member or human operator they remain encrypted even in our storage systems.
Used exclusively for secure communication between AlgoTrade and Hyperliquid to execute trades and retrieve account data relevant to your usage.
Non-recoverable by AlgoTrade if you lose your private key, we cannot retrieve it for you.
Important: Because we cannot access your unencrypted keys, it is your responsibility to store and safeguard them securely. We strongly recommend keeping a secure backup in a private location.
1.3 Who This Policy Applies To
This Policy applies to:
All registered and unregistered users of AlgoTrade.
Visitors to our website or Gitbook documentation.
Anyone interacting with our web app, Telegram bot, or other official AlgoTrade services.
It does not apply to third-party services, websites, or platforms linked from AlgoTrade, including Hyperliquid itself. These are governed by their own privacy policies.
Section 2 Information We Collect
To operate AlgoTrade and deliver our services effectively, we collect certain categories of information. We strictly limit this collection to the data necessary for platform functionality, legal compliance, and improving user experience.
We group this data into four main categories:
Account & Identity Information
Trading & Strategy Data
Technical & Usage Data
Communication Data
2.1 Account & Identity Information
Collected when you create an account or connect your wallet.
Wallet Address: Required to identify your account and enable transactions.
Connected Wallet Type: For example, MetaMask, Privy, or other supported wallet providers.
Tier Level: Determined by ALGT token holdings to unlock specific platform features.
API Credentials (Encrypted):
Public Key / API Wallet Address stored in encrypted form.
Private Key / Secret encrypted at rest and never viewable by humans.
Why we collect this: To authenticate you, link your Hyperliquid account, and apply your tier-based benefits.
2.2 Trading & Strategy Data
Collected when you interact with AlgoTrade’s manual or automated trading features.
Deployed Strategies: Names, configurations, linked markets, and status (active, paused, stopped).
Indicator Parameters: RSI periods, MACD settings, Bollinger Band deviations, etc., as configured by you.
Trade Execution Data:
Market
Order Type (Market, Limit)
Position Direction (Long, Short)
Entry/Exit prices and timestamps
Leverage and margin used
P&L (Profit & Loss) data for analysis and reporting
Backtest Results: Metrics, equity curves, and individual trade logs from the AlgoBuilder backtesting system.
Why we collect this: To provide analytics, performance tracking, and strategy management functionality.
2.3 Technical & Usage Data
Collected automatically when you access AlgoTrade via the web app, Telegram bot, or API.
Device Information: Browser type, operating system, device type (desktop, mobile, tablet).
IP Address: Used for security monitoring and fraud prevention.
Session Data: Login timestamps, activity duration, and session identifiers.
Platform Interaction Logs: Button clicks, page views, and feature usage to improve user experience.
Error & Debug Logs: Captured when an error occurs to help troubleshoot issues.
Why we collect this: For security, platform stability, and user experience optimization.
2.4 Communication Data
Collected when you contact us or participate in our community channels.
Support Messages: Requests submitted via email, Telegram, or in-app support.
Community Interactions: Posts or questions in our official Telegram channel.
Surveys & Feedback: Optional responses to feedback requests, beta testing programs, or competitions.
Why we collect this: To respond to inquiries, improve services, and engage with our user base.
2.5 Data We Do NOT Collect
We explicitly do not collect:
Government-issued IDs or personal documents (unless required by legal obligations).
Plain-text API private keys (only encrypted storage).
Banking or credit card details (payments are handled via third parties).
Section 3 How We Use Your Information
We use the information we collect to operate, secure, and improve the AlgoTrade platform. Each use case is tied directly to the categories of data collected in Section 2.
3.1 Service Provision & Account Management
We process your Account & Identity Information to:
Authenticate your account and maintain your active session.
Link your Hyperliquid API wallet and enable interaction between AlgoTrade and the Hyperliquid platform.
Apply your tier-level benefits based on ALGT token holdings.
Manage connected wallet integrations via the web app or Telegram bot.
3.2 Trade Execution & Strategy Management
We process your Trading & Strategy Data to:
Deploy, run, pause, and stop automated strategies you configure in the AlgoBuilder.
Execute manual trades via the web app’s trading interface.
Apply your chosen indicator settings and risk parameters in real time.
Provide backtesting results and analytics.
Maintain accurate records of open and closed positions, orders, and historical trades.
3.3 Platform Optimization & Feature Improvement
We process Technical & Usage Data to:
Monitor system performance, load times, and responsiveness.
Identify and fix technical issues or bugs.
Improve the usability of both the web app and Telegram bot based on user interaction patterns.
Develop and test new features (e.g., new indicators, leaderboard, marketplace integrations).
3.4 Security & Fraud Prevention
We process a combination of Account, Technical, and Usage Data to:
Detect suspicious activity, unauthorized access, or API misuse.
Implement fraud prevention and anti-bot measures.
Protect against account takeovers and phishing attempts.
Maintain encrypted storage of sensitive credentials, ensuring that API private keys remain secure and inaccessible to any human (including AlgoTrade staff).
3.5 Communication & Support
We process Communication Data to:
Respond to customer support inquiries.
Send you service-related notifications (e.g., maintenance updates, feature releases).
Provide important account-related alerts, including security warnings.
Request feedback or survey participation to improve AlgoTrade services.
3.6 Legal & Regulatory Compliance
We process all relevant categories of data to:
Comply with applicable laws, regulations, and lawful requests from government authorities.
Enforce our Terms of Use and resolve disputes.
Maintain accurate transaction and platform usage records for compliance purposes.
3.7 Data Minimization & Purpose Limitation
We will never:
Sell your personal or trading data to third parties.
Use your API credentials for any purpose other than enabling your chosen platform interactions.
Use your trading activity to front-run, copy trade, or otherwise profit from your strategies.
Section 4 Data Storage & Security
We take the protection of your information extremely seriously. AlgoTrade implements industry-leading security measures to safeguard your personal data, trading data, and sensitive credentials.
4.1 Data Storage Locations
Primary Storage: All platform-related data is securely stored in encrypted cloud environments operated by trusted, compliant infrastructure providers.
Geographic Redundancy: Where applicable, data is stored in multiple secure data centers to ensure high availability and resilience against outages.
Jurisdiction: Data storage locations may vary depending on your region, but all are chosen based on strong privacy and data protection standards.
4.2 Encryption Standards
In Transit: All communications between your device, the web app, the Telegram bot, and AlgoTrade’s servers are encrypted using TLS 1.2 or higher to prevent interception.
At Rest: All stored data is encrypted using AES-256 or an equivalent strong encryption algorithm.
API Keys & Sensitive Credentials:
API private keys are encrypted before they are stored.
Encryption keys are managed separately from the encrypted data, ensuring an additional security layer.
No AlgoTrade staff member or human operator can view or retrieve your API private key in plain text not during entry, not in storage, and not during use.
Your API private key is used exclusively to connect your Hyperliquid account to your AlgoTrade account and execute your chosen strategies or manual trades.
4.3 Data Segmentation
To minimize the impact of any potential security breach:
Trading and strategy data are stored separately from personal account data.
API credentials are stored in isolated, encrypted vaults separate from other data categories.
Internal system access is segmented and strictly role-based only authorized automated processes can interact with sensitive data.
4.4 Retention & Deletion
Operational Retention: We retain your account and trading data only as long as necessary to provide our services.
User-Initiated Deletion: You may request deletion of your account and related data at any time via the official support channel.
API Key Removal: You can revoke or replace your stored API credentials instantly via the AlgoTrade bot or web app.
Post-Deletion: Once deleted, your API private key cannot be recovered by AlgoTrade under any circumstances you must securely store your own credentials.
4.5 Security Monitoring
Continuous monitoring for suspicious access patterns or abnormal trading activity.
Automated alerts for failed authentication attempts or repeated incorrect API key entries.
Regular penetration testing and system audits to identify and address vulnerabilities.
4.6 User Responsibilities
While we employ strict security protocols, you are responsible for:
Maintaining the security of your own devices and internet connection.
Safely storing your API private keys and not sharing them with any unauthorized party.
Promptly revoking and replacing your API key if you suspect it has been compromised.
Section 5 Data Sharing & Third-Party Access
AlgoTrade values your privacy and is committed to ensuring that your personal data, trading data, and sensitive account information are never shared, sold, or disclosed without your explicit consent, except where required by law or to provide essential platform services.
5.1 No Sale of Personal or Trading Data
AlgoTrade will never sell, rent, or trade your personal information, API keys, trading activity data, or strategy details to any third party for marketing, advertising, or commercial gain.
Your trading logic, strategies, and marketplace interactions remain your intellectual property unless you choose to publish them in our Marketplace under your account.
5.2 When Data May Be Shared
Your data may only be shared with trusted third parties under the following strictly limited circumstances:
(a) Service Provision
We may share necessary data with third-party service providers solely for:
Hosting and infrastructure services
Secure data storage
Payment and transaction processing
Customer support systems
Communication platforms (for notifications, account alerts, etc.)
All service providers are bound by strict contractual obligations to maintain confidentiality and data protection standards equal to or exceeding those of AlgoTrade.
(b) Compliance with Legal Requirements
We may disclose your data if:
Required to do so by law, regulation, or legal process.
In response to valid requests by public authorities, law enforcement agencies, or regulatory bodies.
Necessary to enforce our Terms of Use or to protect our rights, property, or safety, or that of other users.
(c) Security & Fraud Prevention
If we detect suspicious account activity, attempted fraud, or malicious actions, relevant data may be shared with security vendors, legal authorities, or affected third parties to prevent harm and maintain system integrity.
5.3 Third-Party Integrations
AlgoTrade integrates with external services, such as Hyperliquid, to facilitate trading operations. When connecting your Hyperliquid API:
Only the encrypted API credentials are stored.
No other account information from Hyperliquid is accessed unless required to execute trades or retrieve balance/position data.
AlgoTrade never provides your API keys to Hyperliquid or any third party in an unencrypted format.
5.4 User-Controlled Publishing
If you choose to publish your strategy to the AlgoTrade Marketplace:
Certain data, such as strategy performance metrics, historical results, and description text, may be made public to other AlgoTrade users.
You have full control over whether or not your strategies are published.
Private strategies remain visible only to you and are not shared externally.
5.5 Data Transfer Across Borders
If your data is transferred outside of your home country (e.g., for cloud hosting in another jurisdiction), we ensure such transfers comply with applicable data protection laws, including GDPR and equivalent frameworks.
All international transfers are subject to safeguards such as encryption, contractual clauses, and regional compliance standards.
5.6 Transparency on Requests
If legally permitted, we will notify you before disclosing any personal or trading data to a government agency, law enforcement, or other third party.
Section 6 Cookies, Tracking & Analytics
AlgoTrade uses cookies, local storage, and limited tracking technologies to enhance the user experience, improve platform performance, and ensure the security of our services. This section outlines how we use these technologies, the types of information collected, and your choices for controlling them.
6.1 What Are Cookies and Tracking Technologies?
Cookies are small text files stored on your device by your browser when you visit our web app.
Local storage is similar to cookies but allows for larger amounts of data to be stored on your device for persistent sessions.
Tracking technologies can include pixels, scripts, analytics SDKs, or similar tools used to gather information on platform usage, performance, and interactions.
6.2 Types of Cookies & Tracking Tools We Use
We categorize cookies and tracking technologies used on the AlgoTrade platform into four types:
(a) Essential / Strictly Necessary
Required for the platform to function correctly.
Session cookies to keep you logged in securely.
API connection state storage for your Hyperliquid account.
CSRF tokens for security against malicious requests.
Marketplace browsing and strategy configuration persistence.
Without these, core platform features (trading, strategy management, wallet connection) cannot function.
(b) Performance & Analytics
Used to understand how the platform is used and to improve functionality.
Anonymized metrics such as page views, feature usage, and response times.
Error tracking and crash reporting to identify bugs and stability issues.
We currently do not use invasive third-party analytics such as Google Analytics; any analytics we do use are anonymized and self-hosted to protect your privacy.
(c) Functionality
Enable enhanced user features.
Saving UI preferences such as chart styles, timeframes, and dark/light mode.
Remembering your last-used market and preferred trading settings.
(d) Security
Track and mitigate fraudulent or unauthorized activity.
Device fingerprinting to detect repeated failed logins or suspicious account access.
Anti-bot verification where needed.
6.3 Cookies & Tracking in the Web App
Session persistence (so you remain logged in after refreshing the page).
Storage of encrypted API connection tokens.
Market data caching for faster load times.
Storage of local-only strategy drafts before saving them to your account.
No unencrypted API keys or sensitive account credentials are ever stored in cookies or local storage.
6.4 Tracking in the Telegram Bot
Our Telegram bot does not use cookies but may:
Store temporary session tokens to identify your account during a single interaction flow.
Maintain encrypted API references to facilitate trade execution and data retrieval.
All storage is server-side and tied only to your Telegram ID; no tracking pixels or invasive data collection methods are used in Telegram.
6.5 Third-Party Tracking
We minimize third-party scripts and integrations to reduce exposure to external tracking.
If we integrate third-party analytics or ad services in the future, we will clearly disclose this in our updated Privacy Policy and provide opt-out controls.
6.6 User Control Over Cookies
You can control cookies through your browser settings, including blocking, deleting, or limiting certain types.
If you disable essential cookies, the AlgoTrade platform may become partially or completely unusable.
6.7 Retention
Cookies used for session authentication are automatically expired when you log out or after a defined session timeout.
Local storage data may persist until you manually clear it in your browser settings.
Section 7 Data Security & Encryption Practices
At AlgoTrade, safeguarding your personal information, trading data, and API credentials is a core priority. We have implemented industry-leading security measures to ensure that sensitive information remains private, inaccessible to unauthorized parties, and protected against loss or misuse.
7.1 General Security Philosophy
We operate under a privacy-by-design and security-first principle, ensuring that from the moment a feature is developed, it incorporates encryption, access controls, and data minimization.
We collect and store only the minimum amount of data required to operate our platform effectively.
All sensitive processes including API connectivity to Hyperliquid are handled through encrypted communication channels (TLS/SSL).
7.2 API Keys & Private Keys
We understand the importance of securing your Hyperliquid API credentials, as they provide access to your trading account.
End-to-End Encryption: Your API private key is encrypted immediately upon submission using strong, industry-standard encryption algorithms (AES-256 or equivalent), before being stored.
No Human Access: No AlgoTrade staff member, developer, or administrator can access or view your raw API private key even in our databases. The encryption keys are stored in a secure, segregated key vault service, not accessible through standard administrative tools.
Usage in Encrypted Memory: API keys are only decrypted in volatile memory (RAM) during an active trading session for the purpose of executing trades or retrieving account data, and are never stored in plain text.
One-Way Protection: Once an API key is encrypted and stored, it cannot be retrieved in its original plain text form by AlgoTrade. This means:
If you lose your private key, AlgoTrade cannot recover it for you.
You must store your keys securely and keep backups in a secure personal location.
Separate Storage for Public & Private Keys: Public API data (non-sensitive) is stored separately from your private API key, further reducing exposure in case of breach.
7.3 Data in Transit
All data exchanged between your device and our servers including API credentials, trading commands, and strategy configurations — is transmitted via Transport Layer Security (TLS) 1.3 encryption.
We use HSTS (HTTP Strict Transport Security) to enforce secure connections at all times.
Data integrity checks are applied to ensure that transmissions are not altered during transit.
7.4 Data at Rest
Sensitive data such as API private keys, personal information, and account settings are stored in encrypted databases.
Encryption is handled using AES-256 with regularly rotated encryption keys.
Backups are also encrypted and stored in secure, access-controlled environments.
7.5 Access Controls
Role-Based Access Control (RBAC) ensures that only authorized services and automated processes can handle sensitive operations.
No third-party contractor or team member without explicit security clearance has any form of indirect access to encrypted key storage.
Internal access to logs, user data (non-sensitive), and analytics is monitored, audited, and limited to essential operational needs.
7.6 System & Application Security
All servers hosting the AlgoTrade web app and bot infrastructure are protected by firewalls, intrusion detection systems, and DDoS mitigation.
Regular security audits, penetration tests, and vulnerability scans are performed to identify and address potential risks.
Secure coding practices (OWASP Top 10 compliance) are followed to prevent injection attacks, cross-site scripting (XSS), cross-site request forgery (CSRF), and other common threats.
7.7 Your Responsibility
You are responsible for safeguarding your own API keys and account credentials.
AlgoTrade cannot retrieve lost API keys for you, as we do not have visibility into your unencrypted credentials.
It is your responsibility to:
Store your keys in a secure location.
Never share them with untrusted parties.
Revoke and regenerate keys immediately if you believe they have been compromised.
7.8 Incident Response
In the event of a suspected or confirmed data breach, AlgoTrade will:
Immediately contain and investigate the incident.
Notify affected users as soon as feasible under applicable laws.
Provide guidance on securing accounts and regenerating API credentials.
Section 8 Data Retention & Deletion Policies
AlgoTrade is committed to retaining your personal and account-related information only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, meet legal or regulatory requirements, and maintain platform integrity. We follow strict retention schedules to ensure that we do not hold on to your data longer than needed.
8.1 General Retention Principles
We retain data only for as long as it is necessary to provide you with access to our platform, maintain security, and comply with legal or regulatory obligations.
Retention periods vary depending on the type of data and its purpose.
When the retention period expires, data is securely deleted or anonymized.
8.2 Retention Periods by Data Type
Account Identification Data (username, email, account ID): Retained for the duration of your active account and for a period of up to 5 years after closure to comply with anti-fraud, tax, and record-keeping obligations.
API Credentials:
Stored in encrypted form for as long as they are linked to your account.
Deleted immediately upon your request to unlink, or if your account is closed.
Trading History & Strategy Data:
Retained for up to 3 years for the purpose of analytics, dispute resolution, and compliance with applicable laws.
Can be anonymized for aggregate statistical purposes.
Support Communications (emails, Telegram support logs, etc.): Retained for up to 2 years after the last correspondence to assist with ongoing or future support issues.
Marketing & Newsletter Preferences: Retained until you withdraw your consent or unsubscribe.
System & Security Logs: Retained for 90–180 days for security auditing, intrusion detection, and troubleshooting purposes.
8.3 Special Retention Considerations
We may retain certain data for longer periods if:
Required by law (e.g., tax or financial regulations).
Necessary for ongoing legal claims, disputes, or investigations.
Needed to enforce our Terms of Use or protect against fraudulent activity.
8.4 Data Deletion Requests
You have the right to request deletion of your personal data at any time by contacting us.
Upon verifying your identity, we will:
Delete or anonymize your personal data within 30 days (or a legally mandated timeframe).
Unlink and delete your API credentials from our system immediately.
Please note:
Certain information cannot be deleted immediately if we are required by law to retain it for a specified period (e.g., regulatory compliance).
Data used in aggregate, anonymized analytics is not considered personal data and will not be deleted.
8.5 Post-Deletion Handling
Once deletion is completed:
Your data will be securely wiped from active databases and encrypted backups (within the standard backup rotation cycle).
API credentials will be fully removed from encrypted storage, making reconnection impossible without re-submitting your private key.
Any anonymized statistical data derived from your activity may be retained to improve platform performance and research trends.
8.6 Your Responsibility Before Deletion
Before requesting account deletion:
Download any records, reports, or trading history you may need for personal reference.
Ensure that your open positions, strategies, or API integrations are stopped or disconnected to avoid unintended trades.
Section 9 Data Sharing & Disclosure
At AlgoTrade, we treat your data with the highest level of confidentiality. We do not sell, rent, or trade your personal information to third parties. Any sharing of data is done strictly for operational, security, or legal purposes, and always with safeguards in place to protect your privacy.
9.1 General Principles
Data sharing is minimal and performed only when necessary.
Third parties never receive unrestricted access to user data all access is limited to the specific purpose for which it was shared.
All recipients are required to comply with confidentiality obligations and data protection laws applicable to their jurisdiction.
9.2 Categories of Third-Party Recipients
We may share your information with the following categories of recipients:
A. Service Providers & Platform Partners
Examples: Cloud hosting providers, database security services, API infrastructure providers, analytics tools.
Purpose: To operate, maintain, and secure the AlgoTrade platform and web application.
Safeguards: All providers are bound by contractual obligations to process data only according to our instructions and implement bank-grade encryption and security protocols.
B. Payment & Transaction Processing Partners
Examples: Crypto payment gateways, custodial services (if applicable in the future).
Purpose: To process transactions, deposits, withdrawals, or token purchases.
Safeguards: Financial partners must comply with AML/KYC regulations and are prohibited from using your data for marketing purposes.
C. Security & Anti-Fraud Services
Purpose: Detecting, preventing, and investigating fraudulent or unauthorized activities.
Includes automated security scans, suspicious activity monitoring, and IP address verification tools.
D. Legal & Regulatory Authorities
Purpose: Compliance with legal obligations, responding to lawful requests, enforcing our Terms of Use, or protecting the rights and safety of AlgoTrade, our users, or others.
Examples: Court orders, regulatory agencies, law enforcement.
We will always review requests to ensure they are legally valid and only provide the minimum necessary data.
E. Business Transfers
In the event of a merger, acquisition, restructuring, or sale of assets, user data may be transferred as part of the transaction.
All acquiring parties will be bound to the same privacy commitments outlined in this policy.
9.3 What We Never Do
We never sell user data to advertisers or marketing agencies.
We never provide raw API credentials or private keys to third parties under any circumstances.
We never grant direct database access to any external entity without strict encryption and authentication safeguards.
9.4 Anonymized & Aggregated Data
We may share aggregated, non-personal statistical information (e.g., number of active strategies, average trade win rate across all users) for research, reporting, or marketing purposes.
Such data cannot be used to identify you personally.
9.5 Special Protections for API Credentials
API keys remain encrypted both in storage and in transit.
No human including AlgoTrade staff can view your private API key.
Keys are never transmitted to third parties, except to establish secure encrypted communication with Hyperliquid for trade execution.
Any connection to third-party integrations will require your explicit consent.
9.6 User Control Over Data Sharing
You may withdraw your consent for certain types of data sharing at any time (e.g., for analytics or performance tracking).
Opting out of certain data-sharing arrangements may limit your ability to use some platform features.
Section 10 International Data Transfers
AlgoTrade operates in a global environment, and certain aspects of our infrastructure, service providers, or partners may be located in jurisdictions outside of your country of residence. As such, your personal information may be transferred to and processed in countries that may have different data protection laws than your home country.
We are committed to ensuring that any international transfer of personal data is done securely and in full compliance with applicable privacy laws, including but not limited to the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, and other regional privacy frameworks.
10.1 Locations of Processing
Primary infrastructure: We may host and process data using servers located in multiple regions, including the European Union (EU), United States, and Asia-Pacific.
Third-party service providers: Some may operate from other jurisdictions, depending on operational requirements such as cloud hosting, data storage, analytics, or API services.
10.2 Safeguards for Cross-Border Transfers
Whenever we transfer personal data outside of your country of residence, we apply one or more of the following safeguards:
Adequacy Decisions
Transfers to countries formally recognized by relevant regulatory authorities (e.g., European Commission) as having an adequate level of data protection.
Standard Contractual Clauses (SCCs)
Legally binding contracts approved by regulators that require recipients to protect personal data to the same standards as in your jurisdiction.
Binding Corporate Rules (BCRs)
For any transfers within affiliated entities, ensuring the same level of protection company-wide.
Supplementary Technical Measures
Data encryption in transit and at rest.
Pseudonymization and anonymization of personal data where possible.
Limited retention periods and strict access controls.
10.3 API Credential Protection During Transfers
API keys never leave our encrypted environment except when communicating directly and securely with Hyperliquid for trade execution.
API credentials are never shared cross-border with human intervention, ensuring that even in multi-region environments, no person in another jurisdiction can directly access your keys.
10.4 User Acknowledgement
By using our platform, web application, or API integrations, you acknowledge that your personal data may be transferred to and processed in countries outside your place of residence, including jurisdictions that may have different privacy laws. However, we will always ensure that any such transfers provide equal or greater protections than those in your home country.
10.5 Your Rights Regarding International Transfers
Right to Information You may request details about where your data is stored or processed.
Right to Object You may object to certain international transfers, though doing so may limit access to some platform features.
Right to Copies of Safeguards You may request copies of Standard Contractual Clauses or equivalent safeguards applied to your data.
Section 11. Data Retention Policy
11.1 General Retention Principles
AlgoTrade retains user data only for as long as it is necessary to fulfill the purposes for which it was collected, comply with applicable legal and regulatory requirements, resolve disputes, enforce agreements, and protect the security and integrity of the platform.
Data is securely deleted, anonymized, or otherwise rendered unusable when it is no longer required for these purposes.
11.2 API Key and Sensitive Credential Retention
Encryption & Non-Viewable Storage: Any Hyperliquid API keys linked to AlgoTrade (via the AlgoTrade Bot or WebApp) are encrypted using industry-grade encryption methods and stored in a way that makes them inaccessible in plain text to all AlgoTrade personnel.
No Human Access: At no point can any AlgoTrade staff member or system administrator view your API private key. Keys are processed solely by secure, automated systems for authentication purposes.
User Responsibility: Because we cannot recover lost API keys, users are solely responsible for securely storing their own credentials.
11.3 Retention Periods by Data Type
Account Information (Name, Email, Wallet Address): Retained for the duration of the account’s active status plus five (5) years after closure to meet regulatory requirements.
Trading Data & Performance Metrics: Retained for three (3) years after activity to allow for analytics, dispute resolution, and system improvement.
Communication Logs (Support Chats, Emails, Telegram Correspondence): Retained for two (2) years for quality assurance, training, and dispute resolution.
Security & Access Logs: Retained for one (1) year to monitor system integrity, detect abuse, and investigate potential breaches.
Cookies & Web Tracking Data: Retained based on their function (session cookies are deleted upon browser closure; persistent cookies are retained up to one (1) year unless cleared by the user).
11.4 User Rights for Data Deletion
Users have the right to request the deletion of their personal data at any time, subject to:
Compliance with applicable laws (e.g., anti-money laundering or tax laws that require retention).
The resolution of any ongoing disputes or investigations.
The need to preserve transaction history for audit and compliance purposes.
11.5 Exceptions to Deletion
We may retain minimal identifying and transactional information if required for:
Legal compliance and enforcement of our Terms of Use.
Fraud prevention, abuse detection, or protection of the platform’s integrity.
Resolution of any user-initiated or third-party claims.
Section 12. Data Security Measures
12.1 Commitment to Security
At AlgoTrade, safeguarding your information is a top priority. We maintain a multi-layered security framework designed to protect all personal data, API credentials, and trading-related information from unauthorized access, misuse, loss, or disclosure.
Our security posture is continuously monitored, tested, and updated to address emerging threats, regulatory changes, and industry best practices.
12.2 API Key & Credential Security
Given that API credentials are essential to linking your Hyperliquid account to the AlgoTrade Bot and WebApp, we employ industry-leading encryption and key isolation methods to ensure complete confidentiality:
End-to-End Encryption (E2EE): Your API key is encrypted locally before transmission to our secure servers, ensuring it cannot be intercepted in transit.
Encrypted Storage: API keys are stored using advanced cryptographic algorithms such as AES-256, combined with key vault isolation to prevent unauthorized database access.
Non-Viewable by Humans: At no point is your API private key viewable in plain text by any AlgoTrade staff member, administrator, or contractor.
Limited Use: API keys are only used for authentication between your account and the AlgoTrade systems. They are never shared, sold, or exposed to any external party.
User Responsibility: Since AlgoTrade cannot recover your private key if lost, you are solely responsible for securely backing up your API credentials.
12.3 Infrastructure & Network Security
Secure Hosting Environment: All AlgoTrade infrastructure is hosted in high-security, redundant data centers that comply with ISO 27001 and SOC 2 standards.
Firewall & Intrusion Detection: We deploy Web Application Firewalls (WAF) and Intrusion Detection/Prevention Systems (IDS/IPS) to monitor and block malicious activities.
DDOS Mitigation: AlgoTrade leverages automated mitigation services to protect the WebApp, Bot API endpoints, and market data feeds from distributed denial-of-service attacks.
Access Control & Least Privilege: Internal systems operate on a strict least privilege principle, ensuring staff access only what is essential for their role.
12.4 Data Encryption & Transmission Security
Encryption at Rest: All sensitive data, including account details and strategy configurations, are stored in encrypted databases.
Encryption in Transit: All communications between the AlgoTrade Bot, WebApp, and backend servers are secured with TLS 1.3 or higher.
Session Management: Active sessions are protected with cryptographic tokens that automatically expire after inactivity.
12.5 Bot & WebApp Security
Isolated Execution Environments: Each user’s automated trading strategy runs in a sandboxed environment to prevent cross-strategy data leakage.
Rate Limiting & Abuse Prevention: All API requests are rate-limited to prevent system overload or malicious exploitation.
Continuous Monitoring: Both the Telegram Bot and WebApp are monitored for abnormal patterns, including unexpected withdrawals, unusual API calls, and unauthorized configuration changes.
Regular Code Audits: AlgoTrade’s Bot and WebApp code undergo regular static and dynamic analysis to detect and patch vulnerabilities.
12.6 User-Side Security Recommendations
While AlgoTrade implements robust protective measures, security is a shared responsibility. Users are strongly advised to:
Use hardware wallets or other secure storage solutions for API key generation.
Avoid sharing API credentials with any unverified individual or service.
Regularly rotate API keys for added security.
Enable withdrawal whitelists on Hyperliquid accounts.
Log out of the WebApp when not in use and clear cached data on shared devices.
12.7 Security Incident Response
In the event of a confirmed or suspected data breach:
Users will be notified within 72 hours of detection if their data may have been compromised.
AlgoTrade will provide a full incident report, including:
Nature of the breach.
Data potentially impacted.
Steps taken to contain and remediate the issue.
Recommendations for user action.
Our dedicated incident response team will work to identify vulnerabilities, apply immediate fixes, and enhance controls to prevent recurrence.
12.8 Independent Audits & Penetration Testing
AlgoTrade engages third-party security firms to conduct:
Penetration Testing: Simulated attacks to test system resilience.
Security Audits: Reviews of encryption, access control, and operational policies.
Compliance Assessments: Ensuring all security practices meet or exceed applicable industry and regulatory standards.
Section 13 Third-Party Data Sharing & Integrations
AlgoTrade values transparency regarding how and when your information may be shared with third parties. We do not sell, rent, or lease your personal or trading-related data to any unaffiliated third parties for marketing purposes. However, in order to deliver the full functionality of our platform including our webapp, Telegram bot, and integration with external trading infrastructure we may share limited, necessary data with trusted third parties under strict contractual and technical safeguards.
13.1 Hyperliquid Integration
Purpose: AlgoTrade operates in conjunction with the Hyperliquid exchange infrastructure for executing trades, managing accounts, and retrieving market data.
Data Shared:
API requests containing your encrypted API key (never stored in plain text and never accessible to AlgoTrade staff).
Market and order information strictly necessary to execute your strategy or manual trades.
Account identifiers relevant only within Hyperliquid’s system (no personal identifiers outside of those provided directly by you to Hyperliquid).
Security Measures:
All communication between AlgoTrade’s systems and Hyperliquid’s servers is encrypted using industry-standard protocols (TLS 1.2+).
AlgoTrade cannot, and will never, view your private API key in human-readable form keys are encrypted in transit and at rest with restricted machine-only access.
Hyperliquid operates under its own Privacy Policy and Terms of Service, and any use of their systems is also governed by those terms.
13.2 Webapp & Telegram Bot Hosting Services
We use secure hosting providers and cloud infrastructure to operate both the AlgoTrade web platform and Telegram bot.
These services may process technical metadata such as:
IP addresses (for security monitoring)
Device/browser information (for compatibility purposes)
Basic account identifiers (username, wallet address)
All such providers are contractually obligated to maintain data confidentiality and comply with applicable data protection laws.
13.3 Analytics & Performance Monitoring
We may use privacy-conscious analytics tools to better understand feature usage and improve platform performance.
All analytics data is aggregated and anonymized, meaning no personally identifiable information is collected for statistical reporting.
Examples of aggregated data:
Number of active strategies created per day
Average trade execution times
Error rates in order processing
13.4 Legal & Compliance Disclosures
We may disclose certain account or transaction information only when required by law or in response to valid legal processes such as subpoenas, court orders, or regulatory requests.
In such cases, disclosure will be narrowly tailored to meet legal obligations and will be reviewed by legal counsel.
13.5 Partner Integrations & Marketplace Features
Future releases, such as the AlgoMarketPlace, may require sharing non-sensitive account identifiers with strategy publishers for usage tracking and monetization.
Any such sharing will:
Be clearly disclosed prior to activation of the feature.
Never include sensitive personal or API key data.
Be limited to the functional needs of the feature.
Summary: AlgoTrade’s third-party data sharing is minimal, purpose-specific, and always conducted under strict encryption, legal agreements, and privacy safeguards. You are encouraged to review the privacy policies of any third-party platforms (such as Hyperliquid) that you connect to AlgoTrade, as their data handling practices may differ from ours.
Section 14 International Data Transfers
AlgoTrade operates as a global platform, meaning that your data may be stored, processed, and transmitted across multiple countries. This section explains how international transfers are handled and safeguarded to ensure compliance with applicable privacy laws, including but not limited to the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA), the UK GDPR, and other relevant local regulations.
14.1 Scope of International Transfers
AlgoTrade may store and process your data on servers located in regions outside of your country of residence.
Data may be transferred to:
Primary hosting locations where AlgoTrade infrastructure is deployed.
Backup and disaster recovery locations to ensure service continuity.
Third-party service providers (such as analytics or hosting) operating in other jurisdictions.
These transfers may include both personal data (e.g., account identifiers) and technical/operational data (e.g., trading performance metrics).
14.2 Legal Basis for Transfers (EEA & UK Users)
If you are located in the EEA or the UK, international data transfers will occur only under lawful mechanisms:
Adequacy Decisions: Where the receiving country has been deemed to provide adequate data protection standards by the European Commission or UK authorities.
Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions, AlgoTrade requires its third-party providers to sign SCCs that include binding commitments to maintain data security and privacy.
User Consent: In certain cases, your explicit consent will be obtained prior to transfer (e.g., connecting to non-EEA services such as Hyperliquid).
14.3 Security Measures for Cross-Border Transfers
To ensure your data remains secure regardless of location, AlgoTrade applies consistent, high-standard safeguards, including:
End-to-end encryption during data transmission between regions.
Encryption at rest for all stored data, including API keys and account identifiers.
Access control policies that limit cross-border access to authorized technical systems only.
Regular security audits to verify compliance with contractual and regulatory requirements.
14.4 Third-Party Responsibilities
Any third-party service provider receiving data as part of an international transfer is required to:
Comply with the same or higher security standards AlgoTrade applies to its own systems.
Limit data use strictly to the contracted service purpose.
Notify AlgoTrade immediately in the event of a suspected data breach.
14.5 User Rights Regarding International Transfers
If you are located in a jurisdiction with specific data protection rights (such as the EEA, UK, or certain U.S. states), you have the right to:
Request details of the countries and entities to which your data has been transferred.
Obtain a copy of the relevant contractual safeguards (e.g., SCCs) used to protect your data.
Object to transfers where permitted by law, though this may impact your ability to use the platform.
Summary: AlgoTrade’s international data transfers are conducted under strict legal frameworks and industry-leading security protocols. By using the platform, you acknowledge that your data may be processed in countries other than your own, but always with equivalent protection measures in place.
Section 15 Data Retention Policy
This section outlines how long AlgoTrade retains different categories of user data, the reasons for retention, and the procedures for secure deletion or anonymization once retention periods expire. Our policy ensures we meet operational needs, regulatory obligations, and security requirements while avoiding unnecessary data storage.
15.1 General Principles of Data Retention
Data Minimization: We only retain data for as long as it is necessary for the purpose for which it was collected.
Regulatory Compliance: Certain retention periods are legally mandated (e.g., financial transaction records under anti-money laundering laws).
Operational Needs: Retention supports user support requests, fraud prevention, and service optimization.
User Control: Where applicable, you may request deletion of certain personal data before the retention period ends, subject to legal and operational limitations.
15.2 Retention Periods by Data Type
Data Category
Retention Period
Purpose
Deletion/Anonymization Method
Account Identification Data (username, wallet address)
Retained until account closure + 5 years
Compliance, fraud prevention, account recovery
Secure deletion from live systems; anonymization in logs
Contact Information (email, Telegram handle)
Retained until account closure + 1 year
Support, service notifications
Secure deletion from CRM and communication logs
API Keys / Private Keys
Encrypted storage only for active use; deleted immediately upon unlinking account
Facilitate secure trading connections
Secure wipe from encrypted storage; unrecoverable deletion
Trading Records (orders, positions, P&L)
Minimum 5 years from transaction date
Legal compliance, dispute resolution, analytics
Encrypted archival, then permanent deletion
Portfolio & Strategy Data (AlgoBuilder configs, performance data)
Active strategies: retained for lifetime of strategy; inactive: 2 years after inactivity
Performance history, troubleshooting, marketplace records
Secure deletion or anonymization
Payment / Billing Data
7 years (tax and audit compliance)
Legal and accounting requirements
Secure archival, then deletion
Support Tickets & Communications
3 years after resolution
Service improvement, dispute resolution
Permanent deletion from support systems
Website & WebApp Analytics (cookies, usage logs)
12 months
Service optimization, security monitoring
Anonymization or deletion from analytics tools
15.3 API & Private Key Retention
Encrypted at Rest & In Transit: All API keys are stored using AES-256 encryption and transmitted only over secure channels.
No Human Access: AlgoTrade staff cannot view, retrieve, or decrypt your private keys at any point.
User Responsibility: Since AlgoTrade cannot recover your keys, you must securely store backups for your own use.
Automatic Deletion: If you disconnect an API wallet, its key is deleted immediately from all active systems and cannot be restored.
15.4 Early Deletion Requests
You may request early deletion of your personal data, subject to:
Legal retention requirements (we cannot delete transaction records required by law).
Security requirements (data related to investigations or disputes may be temporarily locked until resolved).
Deletion will be confirmed via secure communication once completed.
15.5 Secure Deletion & Anonymization Methods
Secure Wipe Protocols: Data is overwritten using industry-standard secure deletion methods.
Anonymization: When complete deletion is not technically or legally possible, identifiable elements are permanently removed so the data can no longer be linked to you.
Backups: Deleted data may persist temporarily in encrypted backups until backup cycles complete, after which it is permanently removed.
Summary: AlgoTrade retains only the data it truly needs, for only as long as it is necessary, and removes or anonymizes it securely when no longer required. This ensures compliance, operational efficiency, and respect for user privacy.
Section 16 Your Privacy Rights
AlgoTrade is committed to ensuring that every user regardless of jurisdiction is informed of their privacy rights and has a clear, simple path to exercise them. This section explains your rights under applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant national or regional privacy frameworks.
16.1 Overview of Your Rights
As a user of AlgoTrade (including our webapp, trading bot, and related services), you may have the following rights depending on your location and applicable law:
Right to Access
You have the right to request a copy of the personal data we hold about you.
This includes information on how we process your data, the categories of data we store, and the purposes for which we use it.
Access will be provided in a structured, commonly used, and machine-readable format upon request.
Right to Rectification
If any of your personal data is inaccurate or incomplete, you can request corrections.
For most account data, you can update information directly through the AlgoTrade webapp or Telegram bot.
Right to Erasure ("Right to be Forgotten")
You may request the deletion of your personal data when:
It is no longer necessary for the purposes for which it was collected.
You withdraw your consent (where applicable).
You object to the processing and there is no overriding legitimate interest.
Some data may be retained if required for legal compliance (e.g., transaction records).
Right to Restrict Processing
You may request that we temporarily limit the processing of your personal data if:
You contest the accuracy of the data.
The processing is unlawful, but you prefer restriction over deletion.
We no longer need the data, but you require it for legal claims.
Right to Data Portability
You can request that your personal data be transferred to you or another service provider in a secure, structured, and machine-readable format.
Right to Object to Processing
You may object to the processing of your data for certain purposes, such as direct marketing or profiling, at any time.
Rights Related to Automated Decision-Making & Profiling
If AlgoTrade uses automated decision-making that significantly affects you (e.g., fraud detection, certain strategy automation), you have the right to request human review and to contest the decision.
Right to Withdraw Consent
Where we rely on consent as the legal basis for processing your data (e.g., for marketing communications), you can withdraw your consent at any time without affecting the lawfulness of prior processing.
16.2 Exercising Your Rights
To exercise any of the above rights, you can:
Submit a request via our Privacy Request Form (link available on our website and webapp footer).
Verification Process:
We may require verification of your identity before processing your request to protect against unauthorized access.
This may include confirming details about your account, trading activity, or other information only you would know.
Response Time:
We will respond to all valid requests within 30 days. In complex cases, we may extend this period by an additional 60 days with prior notification.
16.3 Restrictions and Exceptions
While we respect and uphold your privacy rights, there are situations where we may not be able to fulfill certain requests:
Legal Requirements: Financial transaction records must be kept for compliance with AML/KYC laws.
Security Concerns: Data required for ongoing fraud investigations or security audits cannot be deleted until the matter is resolved.
Technical Limitations: Certain anonymized or aggregated datasets may not be linked back to you, making identification and deletion impossible.
16.4 Special Considerations for API and WebApp Users
API Keys: As stated in Section 1 of our Privacy Policy, your API private keys are encrypted, inaccessible to humans, and cannot be recovered by AlgoTrade.
This means that erasure requests cannot restore lost keys you must store them securely yourself.
WebApp Data: Any preferences, layouts, or saved strategies in the webapp will be deleted or anonymized upon request unless they are tied to legal compliance records.
Cross-Platform Consistency: Any rights exercised will apply across all AlgoTrade interfaces the webapp, Telegram bot, and backend systems to ensure uniform privacy handling.
Summary: AlgoTrade empowers users with strong privacy rights and provides transparent, efficient channels to exercise them. While some operational and legal boundaries exist, we are committed to respecting user control over personal data across all aspects of our ecosystem.
Section 17 Changes to This Privacy Policy
AlgoTrade operates in a rapidly evolving technological and regulatory environment. As such, this Privacy Policy is not a static document it will be reviewed, updated, and revised periodically to ensure it remains accurate, relevant, and compliant with applicable laws while reflecting changes in our services, including but not limited to the AlgoTrade webapp, trading bot, and any other connected platforms or features.
17.1 When We Update This Policy
We may modify or amend this Privacy Policy at any time to:
Reflect Service Changes:
Launch of new features (e.g., additional indicators, marketplace functionality, portfolio analytics).
Expansion into new markets, jurisdictions, or asset classes.
Significant UI/UX updates to the webapp or bot interfaces.
Stay Compliant with Law:
Adjust for new privacy or financial regulations, such as changes to GDPR, CCPA, or financial reporting requirements.
Implement directives from regulators or court rulings.
Address Security Enhancements:
Modify practices after adopting new encryption methods, authentication protocols, or API handling safeguards.
Incorporate User Feedback:
Update explanations or add clarity to sections where users have requested more transparency.
17.2 How We Notify You of Changes
We are committed to providing clear, advance notice of material changes to this Privacy Policy. Depending on the nature and impact of the change, we will:
Email Notification: Send an email to registered users summarizing the changes and providing a link to the updated policy.
In-App / WebApp Banner: Display a prominent notice in the webapp dashboard and/or Telegram bot interface upon login.
Website Announcement: Post a dated announcement on the AlgoTrade official website and link to the revised policy.
For material changes those that significantly affect your rights or how your personal data is handled we will notify you at least 14 days before the changes take effect, unless immediate implementation is required by law or for urgent security reasons.
17.3 Effective Date of Policy Changes
All changes will be marked with an "Effective Date" at the top of this document.
For ongoing users, continued use of the AlgoTrade platform (webapp, trading bot, or connected services) after the effective date constitutes acceptance of the updated Privacy Policy.
17.4 Reviewing Previous Versions
For transparency, we will maintain an archive of prior versions of this Privacy Policy for a minimum of two (2) years.
Each archived version will include its original effective date and a summary of key differences from newer versions.
17.5 Your Responsibility
While AlgoTrade will take reasonable steps to inform you of changes, it is your responsibility to periodically review this Privacy Policy to stay informed about how we handle your personal data.
Summary: We understand that trust is built on transparency and consistency. By maintaining a clear process for updating our Privacy Policy including advance notice for significant changes we aim to ensure you always know where you stand when it comes to your privacy on AlgoTrade.
Last updated