Last updated: March 27, 2026

Privacy Policy

Paradox Alpha ("Company", "we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Paradox Alpha platform ("Platform").

1. Information We Collect

1.1 Information You Provide

  • Account information: Email address, password (hashed, never stored in plaintext).
  • Exchange API keys: Encrypted at rest using AES-256. We never store plaintext keys. Keys are used solely to execute trades on your behalf.
  • Profile information: Display name, bio, avatar preferences (if you create a public strategy profile).
  • Telegram username: If you connect Telegram for notifications.
  • Communication data: Messages you send to our support channels.

1.2 Information Collected Automatically

  • Usage data: Pages visited, features used, bot configurations, trading activity on the Platform.
  • Device data: Browser type, operating system, device identifiers.
  • Log data: IP addresses, access times, error logs.
  • Performance data: Bot performance metrics, equity curves, and trading statistics.

1.3 Information from Third Parties

  • Exchange data: Account balances, positions, and order history retrieved via your API keys from connected exchanges (e.g., Binance).
  • Market data: Public market prices, funding rates, and open interest from exchanges.

2. How We Use Your Information

  • To provide and operate the Platform, including executing automated trading strategies.
  • To compute portfolio analytics, performance metrics, and risk assessments.
  • To send notifications via email, Telegram, or in-app alerts about your bots and account.
  • To improve the Platform, develop new features, and fix bugs.
  • To detect and prevent fraud, abuse, and security incidents.
  • To comply with legal obligations.
  • To communicate service updates and material changes to our Terms or policies.

3. Information Sharing

We do not sell your personal information. We may share information in these limited circumstances:

  • With exchanges: API keys are transmitted to connected exchanges to execute trades. No other personal data is shared with exchanges.
  • Public profiles: If you create a public strategy profile, your display name, performance metrics, and strategy descriptions are visible to other users.
  • Copy trading: If you enable copy-trading, subscribers can see your strategy's performance. They cannot see your personal data, API keys, or account balances.
  • Legal requirements: We may disclose information to comply with applicable laws, regulations, legal processes, or governmental requests.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

  • Exchange API keys are encrypted at rest using AES-256 encryption.
  • Passwords are hashed using industry-standard algorithms (bcrypt).
  • All data is transmitted over TLS/HTTPS.
  • Two-factor authentication (TOTP) and PIN protection are available.
  • Access to production systems is restricted and audited.
  • Daily performance records include tamper-proof hash chains for audit integrity.

While we implement industry-standard security measures, no system is perfectly secure. You are responsible for maintaining the security of your account credentials and API keys.

5. Data Retention

  • Account data: Retained as long as your account is active, plus 30 days after deletion.
  • Trading data: Bot performance records and audit trails are retained for at least 2 years for compliance purposes.
  • Exchange API keys: Deleted immediately upon disconnection or account deletion.
  • Log data: Retained for up to 90 days for debugging and security purposes.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of your personal data.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your account and associated data.
  • Portability: Request your data in a portable format.
  • Objection: Object to certain processing of your data.
  • Withdrawal of consent: Withdraw consent where processing is based on consent.

To exercise these rights, contact us at privacy@paradoxalpha.com.

7. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or trackers. Local storage is used to save user preferences (e.g., notification settings, UI state).

8. International Data Transfers

Your data may be processed in countries other than your country of residence. We take appropriate safeguards to protect your data during international transfers, including encryption in transit and at rest.

9. Children's Privacy

The Platform is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 14 days before taking effect.

11. Contact

For questions about this Privacy Policy, contact us at privacy@paradoxalpha.com.

Terms of ServicePrivacy PolicyRisk Disclosure