Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Username and email address
• Password (encrypted and hashed)
• Account role (user, admin, developer, etc.)
• Registration date and account status

1.2 Trading Information

To provide our services, we collect:

• Exchange API keys (stored encrypted)
• Bot configuration settings
• Trading history and performance data
• Portfolio balances and positions
• Strategy parameters and preferences

1.3 Usage Information

• IP addresses and device information
• Browser type and operating system
• Pages visited and features used
• Session duration and activity logs
• Error reports and diagnostics

1.4 Payment Information

• Billing address and payment method
• Subscription plan and billing history
• Note: Credit card details are processed by our payment provider (Stripe) and are not stored on our servers

1.5 Communications

• Support tickets and email correspondence
• Feedback and survey responses
• Newsletter subscriptions (if opted in)

2. How We Use Your Information

We use your information to:

• Provide Services: Execute trades, manage bots, generate reports
• Account Management: Authenticate users, manage subscriptions, process payments
• Improve Platform: Analyze usage patterns, fix bugs, develop new features
• Security: Detect fraud, prevent abuse, protect against threats
• Communication: Send important updates, security alerts, and support responses
• Legal Compliance: Meet regulatory requirements and respond to legal requests
• Marketing: Send promotional emails (only if you opt in - you can unsubscribe anytime)

3. Data Storage and Security

• Encryption: All data in transit is encrypted using TLS/SSL. Sensitive data at rest (API keys, passwords) is encrypted.
• Password Security: Passwords are hashed using bcrypt with salt
• API Keys: Exchange API keys are stored encrypted with restricted access
• Database Security: PostgreSQL database with access controls and backups
• Infrastructure: Hosted on secure cloud infrastructure (Fly.io) with monitoring
• Access Control: Employee access is limited on a need-to-know basis
• Monitoring: 24/7 security monitoring and intrusion detection

Important: While we implement industry-standard security measures, no system is 100% secure. You are responsible for keeping your account credentials confidential.

4. What We DO NOT Do

5. Data Sharing and Third Parties

We may share your information with:

5.1 Service Providers

• Payment Processor: Stripe (for payment processing)
• Email Service: Resend (for transactional emails)
• Hosting Provider: Fly.io (infrastructure)
• Analytics: Privacy-focused analytics tools

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 Cryptocurrency Exchanges

We interact with exchanges using your API keys solely to execute trades on your behalf. We do not share your personal information with exchanges beyond what's required for API authentication.

6. Data Retention

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: After account deletion, we retain data for 90 days for recovery purposes, then permanently delete
• Trading History: Trade logs are retained for 7 years for tax and compliance purposes
• Legal Hold: Data subject to legal proceedings is retained until the matter is resolved
• Backups: Backup copies are deleted according to our backup retention schedule (30 days)

7. Your Privacy Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Export: Download your trading history and configuration data
• Opt-Out: Unsubscribe from marketing emails
• Portability: Transfer your data to another service
• Restrict Processing: Limit how we use your data
• Object: Object to certain data processing activities

To exercise these rights, contact us at privacy@enigmapi.com

8. Cookies and Tracking

We use cookies and similar technologies for:

• Authentication: Keep you logged in (JWT tokens in localStorage)
• Preferences: Remember your settings and configurations
• Analytics: Understand how users interact with our platform
• Security: Detect suspicious activity and prevent fraud

You can control cookies through your browser settings. Note that disabling cookies may limit functionality.

9. Children's Privacy

EnigmAPI is not intended for users under 18 years of age. We do not knowingly collect information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

10. International Data Transfers

EnigmAPI is hosted in Singapore. If you access our services from outside Singapore, your data may be transferred internationally. By using our services, you consent to this transfer.

We comply with applicable data protection laws including GDPR (Europe) and CCPA (California).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email.

Your continued use of EnigmAPI after changes constitutes acceptance of the updated Privacy Policy.

12. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

13. Regulatory Compliance

EnigmAPI complies with:

• GDPR (General Data Protection Regulation - EU)
• CCPA (California Consumer Privacy Act)
• PDPA (Personal Data Protection Act - Singapore)
• Other applicable data protection laws