PRIVACY POLICY

This Privacy Policy (hereinafter - "Policy") governs the processing and protection of personal data collected by LLC "TRADE KEEPER" (hereinafter - "Company", "we", "our") when using the websites https://tradekeeper.io, https://app.tradekeeper.io and any other digital resources of the Company (collectively - "Site").

We respect the right of users (hereinafter - "User") to privacy and comply with the requirements of Ukrainian legislation, in particular the Law of Ukraine "On Personal Data Protection", as well as the EU General Data Protection Regulation (GDPR), if applicable.

We may process the following User data:

• Name, email address;
• IP address, geolocation (city/country), device type and browser;
• Data about actions on the site (analytical information, cookies);
• Cryptocurrency exchange API keys (read-only), trading history, balances;
• Time of last activity.

We do not collect or store payment details — payments are made through third-party payment providers that comply with PCI DSS requirements.

User personal data is processed for the following purposes:

• providing analytical functionality of the platform;
• maintaining the account;
• managing subscriptions;
• communicating with the User (informational letters, technical notifications);
• statistical analysis and service improvement;
• fulfilling legal obligations.

The User may provide cryptocurrency exchange API keys to use the platform functionality. We insist on using exclusively API keys with "read-only" rights, which allow only viewing trading information without the ability to trade, transfer funds, or make changes to the exchange account.

The Company has no technical ability to verify the access level provided by the user when creating an API key. In this regard, the responsibility for providing access with limited rights (read-only) lies entirely with the User. The Company does not carry out any financial or trading operations and does not intend to gain access to Users' assets. If it is discovered that the API key has extended permissions, we reserve the right to refuse to use the service with such a key or request additional confirmation.

The User independently chooses the access level when creating an API key and is responsible for its security.

The provided keys are used exclusively for the purpose of analytical display of trading history on the platform. The Company does not transfer API keys to third parties and does not provide access to them.

The Company stores all API keys in encrypted form using the modern cryptographic standard AES-256 to ensure a high level of data security.

We do not transfer Users' personal data to any third parties in any way.

Users' personal data is not sold, rented, exchanged or disclosed to other entities under any circumstances.

Data may be transferred only at the request of competent authorities in accordance with Ukrainian legislation.

The Site uses cookies to ensure proper functioning of the service and improve user experience. Cookies are small text files stored on the User's device that allow the Site to remember technical parameters, maintain sessions and perform authentication.

During authentication through the NextAuth.js service, technically necessary cookies are set, which are used exclusively for User authentication and session maintenance:

• __Host-authjs.csrf-token — used for protection against Cross-Site Request Forgery (CSRF) attacks;
• __Secure-authjs.callback-url — stores the redirect address after authentication;
• __Secure-authjs.session-token — session token used for User authentication.

The platform uses cookies for user authentication through NextAuth.js and for bot monitoring through Cloudflare. In particular, the __cf_bm cookie is set, which is used to detect bots and protect against automated requests. This cookie does not contain personal data and is not used to identify the User. Users can disable cookies in their browser settings.

We use only technically necessary cookies required for the correct operation of the platform and personal account.

In the future, the Site may add the use of Google Analytics or other analytics tools. In such case, this Policy will be updated with the relevant services, types of data collected, and opt-out options.

The User can manage cookies through their browser settings. However, it should be noted that disabling technical cookies may limit access to certain platform features.

Users' personal data is stored for the period necessary to achieve the purposes defined by this Policy, or for the periods provided by current legislation.

Storage and processing of personal data is carried out on servers in Frankfurt (Germany), serviced by providers DigitalOcean, Cloudflare and Amazon Web Services (AWS).

The Company takes all reasonable technical and organizational measures to ensure the security of personal data, including:

• use of secure servers with limited access, located in certified data centers;
• encryption of confidential data, including API keys, using modern cryptographic standards;
• restricting access to personal data only to authorized Company employees within the scope of their official duties;
• monitoring and protecting the information infrastructure from unauthorized access, loss or data leakage.

The Company constantly improves information security measures in accordance with current technological standards.

The User has the right to:

• receive information about the processing of their personal data;
• request access, clarification, updating or deletion of their personal data;
• demand restriction of processing or object to such processing;
• withdraw consent to the processing of personal data at any time (to the extent such consent was given);
• contact the authorized body for personal data protection in case of violation of their rights.

Users have the right to access their personal data, correct or delete it, as well as the right to transfer data to another controller.

These rights are guaranteed in accordance with the requirements of current Ukrainian legislation, as well as the General Data Protection Regulation of the European Union (GDPR) - if its provisions apply to a specific User.

User requests regarding the exercise of their rights are considered by the Company in the manner and timeframe prescribed by law.

If the request concerns the deletion of the User's account or other related data (including API keys or technical information), it must be sent as a written request to the Company's email address: [email protected]. Such requests are processed manually taking into account the technical features of the platform.

The Company reserves the right to change or update this Policy at any time. The current version of the Policy is published on the Site with the date of the last update. Continued use of the Site means the User's consent to the updated version of the Policy.