Privacy Policy
Last updated: 2026-04-24
What we collect
- Email address — required for signup and password reset. Nothing else is mandatory.
- Hashed password — bcrypt, never plaintext.
- Optional phone — only if user explicitly enrolls (currently unused).
- Deposit/withdraw transaction hashes — for BTC, already public on the Bitcoin blockchain. For USD onramp, Stripe or PayPal session IDs.
- Stripe / PayPal session metadata — only when you fund a USD deposit; used to map the payment back to your account.
What we do NOT collect
- Government ID, passport, driver's license, or any KYC document.
- Real name, date of birth, residential address.
- Browser fingerprints, third-party advertising cookies, or profiling analytics.
- Tor exit node IP addresses are not logged or persisted.
Where data lives
- Account data: self-hosted PostgreSQL — not a third-party SaaS.
- Clearnet traffic: passes through Cloudflare (TLS + DDoS protection).
- Tor v3 hidden-service traffic does not pass through Cloudflare.
- Trading orders are matched and settled internally; no on-chain footprint per trade.
Third parties
- Cloudflare — clearnet edge / DDoS protection.
- Stripe / PayPal — fiat onramp processors, only for USD deposits on clearnet. They see your card or PayPal account; the platform sees only what they pass back.
- Binance public API — read-only price feed. The platform queries the public ticker; no account or credentials are exchanged.
- We do not sell, rent, or share data with marketing brokers.
Account deletion
Email live chat on Session (see /support) from your signup address requesting deletion. Account row, balances, and transaction history are wiped. On-chain transactions remain on the public ledger (we cannot erase those).