Privacy Policy
April 21, 2026
1. Data We Collect
We collect the following data when you use Volt:
• Account data: name, email, phone number, country, password hash, invite code used at signup
• Consent record: timestamps and content versions for the Terms of Service, Privacy Policy, and Risk Disclosure at the moment you accepted them
• Exchange data: API key and secret (encrypted at rest with AES-256-GCM), exchange name, testnet flag, connection status
• Trading data: trades, positions, signals, account snapshots, P&L
• Usage data: login timestamps, login count, IP country at login, pages visited, actions taken, sign-up source tag
• Device data: browser timezone (for country auto-detect), language preference
• Communication data: support messages, Telegram chat ID, notification delivery logs
• Billing data (via Stripe): subscription plan, status, period, cancellation flag. Payment card details are handled by Stripe and never touch our servers
2. How We Use Your Data
To provide and operate the trading bot service; to execute trades on your behalf via exchange API; to send notifications (in-app, email, Telegram); to process payments via Stripe (which may offer card or PayPal rails); to comply with legal obligations including GDPR and consent-record retention; to investigate security incidents. We do not sell personal data and we do not run third-party advertising.
3. Cookies & Local Storage
We use only strictly-necessary cookies (NextAuth session token, CSRF token) and functional localStorage (language preference, cookie-consent choice). No advertising cookies, no third-party analytics, no tracking pixels. A cookie consent banner lets you Accept or Reject on first visit; your choice is remembered in localStorage. Full details in our Cookie Policy.
4. Third-Party Services
We share data with the following services only as needed:
• Binance / Bybit / OKX — your encrypted API key is sent to execute trades
• Stripe — credit/debit card + PayPal payments (PCI-DSS Level 1)
• Neon (PostgreSQL) — encrypted database hosting
• Vercel — application hosting
• Resend — outbound transactional email
• Telegram — notifications when you connect your account
• Groq — AI support chat (message contents sent to generate the reply)
5. Data Security
All data is transmitted over HTTPS. Exchange API keys are encrypted at rest with AES-256-GCM (ADR-005). Passwords are hashed with bcrypt (12 rounds). Sign-in uses a one-time 6-digit email code as a second factor on every login. Database connections use SSL. Administrative access is gated by an explicit allowlist (ADMIN_EMAILS env var); every admin action is logged to an audit trail.
6. Data Retention
We retain your data for as long as your account is active. Trading history is kept for your performance tracking. When you delete your account, your active Stripe subscription is canceled immediately, and your personal data is permanently removed from our database within 30 days. Backups rotate on a shorter schedule. Consent records may be retained separately for audit purposes even after deletion, as required by EU regulators.
7. Your GDPR Rights
You have the right to access, correct, export, and delete your data, and to withdraw consent at any time:
• Access & Portability: download a JSON copy of your data via the "Export my data" button on the Account page.
• Correction: edit profile fields directly on the Account page.
• Erasure: click "Delete my account and cancel subscription" on the Account page. Immediate deletion; Stripe subscription canceled as part of the same flow.
• Withdraw consent: same as erasure — you cannot withdraw consent selectively while remaining a user, because every data category listed above is operationally necessary to run the trading bot.
• Complaint: you may also lodge a complaint with your national data-protection authority (e.g. ICO in the UK, CNIL in France).
8. Children
Volt is not intended for users under 18. We do not knowingly collect data from minors. Trading platforms we connect to also require users to be 18+.
9. Changes
We may update this policy. Changes will be posted on this page with an updated "Last updated" date, and the version string stored on your account's consent record will be bumped at the next major change. Continued use constitutes acceptance of the updated version.
10. Contact
Privacy questions: support@volttrade.io.