Privacy Policy
Last updated: 2026-05-23
1. What we collect
- Email address — for account access and notifications
- Password (hashed) — bcrypt, we cannot see the original
- Payment data — transaction hashes on the Tron blockchain (public anyway)
- Bot telemetry — uptime, PnL, trade count, sent by your bot for cabinet display
- IP / user-agent — standard server logs, retained 30 days
2. What we DO NOT collect
- Your real name, phone, or address
- Your exchange API keys (they stay on your device)
- Bank or credit card data (no card payments accepted)
- Analytics fingerprints, tracking cookies, ad pixels
3. How we use data
Strictly for service operation: authentication, subscription verification, payment confirmation, security alerts, expiry warnings. We do not sell or share data with third parties for marketing.
4. Third parties
- Resend — email delivery (your email is sent to them only when we deliver mail)
- TronGrid — verifying your USDT transactions on-chain (only TX hashes shared)
- Hosting provider — server logs (standard practice)
5. Data retention
- Account: until you delete it
- Payments: 7 years (tax compliance)
- Bot telemetry: 30 days rolling
- Server logs: 30 days
6. Your rights (GDPR)
- Access — request a copy of your data
- Deletion — delete your account from cabinet, or email us
- Correction — change email/password from cabinet
- Portability — export trade history as CSV from cabinet
7. Security
Passwords are bcrypt-hashed. JWT tokens use HMAC-SHA256. HTTPS everywhere. 2FA available via Google Authenticator. No security is perfect — report vulnerabilities to security@eyecrypt.com.
8. Cookies
We use only essential cookies: a JWT session token stored in localStorage and a language preference. No tracking, no advertising cookies.
9. Children
Service is not directed at users under 18. We do not knowingly collect data from minors.
10. Changes
Material changes will be emailed to active users. Effective date will be updated at top.
11. Contact
Privacy questions: privacy@eyecrypt.com