Privacy Policy

AI Trading Bot LLC ("we," "us," "our," or the "Company"), a Virginia limited liability company, is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, retain, and safeguard your information when you access or use our AI Trading Bot platform, including our website at autotraderbot.ai, desktop client application, web dashboard, and all related services (collectively, the "Services").

This Privacy Policy applies to all users of the Services, including registered account holders, trial users, subscribers, and website visitors. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and our Terms of Service. If you do not agree with our data practices as described herein, you must discontinue use of the Services immediately.

🔒

Your Privacy Matters

We are committed to transparency about our data practices and providing you meaningful control over your personal information. We do not sell your personal data to third parties under any circumstances.

SECTION 1

Information We Collect

We collect information through several methods, including information you provide directly, information generated automatically by our systems, and information collected through your use of the Services. The categories below describe each type in detail.

Registration Information (Required)

When you create an account, we collect the following information, which is necessary to provide the Services:

Email address: Used as your primary identifier for authentication, account recovery, and service communications
Password: Cryptographically hashed using bcrypt with 12 rounds of salting before storage; your plaintext password is never stored or accessible to our personnel

Upon registration, the following identifiers are automatically generated and assigned to your account:

Username: Derived from your email prefix for display purposes
Member number: A unique identifier in MEM-XXXXXX format assigned to your account

Profile Information (Optional)

You may voluntarily provide additional personal information to enhance your profile. All of the following fields are optional and can be updated or removed at any time through your dashboard settings:

Identity: First name, last name
Contact: Phone number
Demographics: Birth date
Address: Address line 1, address line 2, city, state/province, postal code, country
Professional: Occupation, company name, years of work experience
Trading profile: Trading experience level (Beginner, Intermediate, Advanced, or Expert), risk tolerance (Conservative, Moderate, or Aggressive), investment goals (free text), bio (free text)
Preferences: Timezone

Compliance and Legal Data

To meet our regulatory obligations and maintain records of consent, we automatically capture the following at the time of registration and initial platform interaction:

Terms acceptance timestamp: The date and time you accepted our Terms of Service
Risk acknowledgment timestamp: The date and time you acknowledged trading risk disclosures
Terms version accepted: The specific version of the Terms of Service you agreed to (e.g., "1.0")
IP address at registration: The IP address from which you created your account
Risk modal acknowledgment: The timestamp of your acknowledgment of the risk disclosure presented upon your first dashboard visit

MetaTrader 5 (MT5) Account Data

If you connect one or more MetaTrader 5 brokerage accounts to the Services, we collect and store:

MT5 login number: Your MT5 account number for trade execution
MT5 password: Encrypted using AES-256 encryption before storage; used exclusively to authenticate trading sessions on your behalf
MT5 server name: The broker server your account connects to
MT5 path: (Optional) The file path to your MT5 terminal installation
Broker name: The name of your brokerage firm
Account type: Whether your account is DEMO or LIVE
Account name: A user-defined friendly label for the account

⚠

MT5 Credential Protection

Your MT5 passwords are encrypted with AES-256 encryption before being stored in our database. They are used solely to authenticate trade execution sessions on your behalf. We do not have the ability to withdraw funds from your trading accounts, and we never share MT5 credentials with any third party.

Payment Information

Subscription payments are processed exclusively through Stripe. We do not collect, store, or have access to your full credit card number, debit card number, or bank account details. Payment card information is entered directly into Stripe's PCI-DSS-compliant payment forms. We receive from Stripe only:

Transaction confirmation and status
Subscription plan selection and billing cycle
Payment history (amounts, dates, and invoice identifiers)

Automatically Collected Information

When you access and use our Services, we automatically collect certain technical and usage information:

Category	Data Collected	Purpose
Device & Browser	IP address, User-Agent string, browser type	Security monitoring, rate limiting, authentication event logging
Trading Activity	Trade history (symbol, ticket, type, volume, entry/exit prices, profit/loss, pips, commission, swap, entry/exit times, close reason), account balances (balance, equity, margin, free margin, profit, leverage, currency), open positions with real-time P&L	Performance tracking, dashboard display, daily summary reports
Trading Signals	Generated signals with execution status, outcome (WIN/LOSS/BREAKEVEN)	Strategy performance analysis, signal history
Bot Operations	Bot configurations per symbol, start/stop events, strategy parameters, dynamic position management actions (breakeven moves, trailing stop adjustments)	Bot execution, configuration management, operational logging
Desktop Client	Client version number, heartbeat data every 30 seconds (account balance, equity, bot status)	Connection monitoring, real-time dashboard updates, version management
Account Snapshots	Periodic snapshots of account balance, equity, and performance metrics	Historical performance tracking and reporting

Marketing Attribution Data

At the time of registration, we capture the following marketing attribution information one time to understand how users discover our Services:

UTM parameters: Source, medium, campaign, content, and term
Landing page URL: The first page you visited on our platform
Referrer URL: The website or link that directed you to our Services
Promo code: Any promotional code used during registration

This data is captured once during registration and is not updated or tracked during subsequent visits.

Desktop Client Local Storage

The AI Trading Bot desktop application stores certain credentials locally on your computer using the Windows Credential Manager (keyring). This includes your authentication token and risk disclosure acceptance status. This data is stored locally on your device and is not transmitted to our servers beyond the initial authentication.

SECTION 2

How We Use Your Information

We use the information we collect for the following specific purposes:

Purpose	Description
Account Management	Create, maintain, and authenticate your account; manage login sessions and access controls; verify your identity through two-factor authentication
Trade Execution	Connect to your MT5 brokerage accounts; execute trades based on bot configurations; manage open positions; apply dynamic position management (breakeven, trailing stops)
Bot Operations	Configure and operate trading bots; synchronize settings between the desktop client and web dashboard; monitor bot health via heartbeat signals
Subscription & Billing	Process payments through Stripe; manage subscription plans, upgrades, downgrades, and cancellations; administer free trial periods; enforce entitlement limits
Communications	Send transactional emails including registration confirmations, email verification codes, password reset links, two-factor authentication codes, subscription confirmations, daily trading performance summaries, trial expiry reminders, and security alerts
Security & Fraud Prevention	Enforce rate limiting per IP and per endpoint; detect and prevent unauthorized access; implement account lockout after repeated failed authentication attempts; log security events for audit purposes
Platform Improvement	Analyze aggregated usage patterns to identify and fix bugs; improve platform performance, reliability, and user experience; develop new features based on usage data
Marketing Attribution	Analyze registration-time UTM tracking data to understand user acquisition channels and measure marketing effectiveness
Community Features	Deliver announcements and updates to community channels; facilitate community engagement through Telegram
Legal Compliance	Meet regulatory requirements; maintain records of consent; respond to legal requests; resolve disputes; enforce our Terms of Service

SECTION 3

Legal Basis for Processing

We process your personal information under the following legal bases, as applicable under the General Data Protection Regulation (GDPR) and similar data protection laws:

Legal Basis	Applicable Processing Activities
Contractual Necessity	Account creation and management, trade execution, bot operations, subscription and billing, desktop client synchronization. These activities are necessary to perform our contract with you under the Terms of Service.
Consent	Optional profile information, email notification preferences, marketing attribution data collection. You may withdraw consent at any time through your dashboard settings or by contacting us.
Legitimate Interest	Security monitoring and fraud prevention, platform improvement and bug fixes, aggregated usage analytics. We balance our legitimate interests against your rights and freedoms.
Legal Obligation	Compliance data (consent records, terms acceptance), payment record retention for tax and audit requirements, responding to lawful government and regulatory requests.

SECTION 4

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your information only in the limited circumstances described below, and only to the extent necessary to fulfill the stated purpose.

Third-Party Service Providers

We share information with the following categories of trusted service providers who process data on our behalf under strict contractual obligations:

Service Provider	Data Shared	Purpose
Stripe	Email address, subscription plan selection; payment card details are entered directly into Stripe and never touch our servers	Payment processing (PCI-DSS Level 1 compliant)
Amazon SES	Recipient email address, email content	Transactional email delivery (cloud deployment)
Gmail SMTP	Recipient email address, email content	Transactional email delivery (local deployment)
Telegram	None (stateless support bot; no user data transmitted)	Support and FAQ bot
Google reCAPTCHA	Form response token, IP address	Bot prevention on login and registration forms (when enabled)
MetaTrader 5	MT5 login credentials (AES-256 encrypted), trade commands	Trading execution on your connected brokerage accounts
ForexFactory	None (we only retrieve publicly available economic calendar data)	Economic event calendar for news-based trade filtering
Amazon Web Services (AWS)	All application data resides within encrypted AWS infrastructure	Cloud hosting (ECS, RDS, ElastiCache, S3, CloudFront)
Cloudflare	HTTP traffic metadata (IP addresses, request headers)	DDoS protection, SSL termination, content delivery

Legal Requirements

We may disclose your personal information if we believe in good faith that such disclosure is necessary to:

Comply with applicable law, regulation, legal process, or enforceable governmental request
Enforce our Terms of Service, including investigation of potential violations
Detect, prevent, or otherwise address fraud, security, or technical issues
Protect against harm to the rights, property, or safety of AI Trading Bot LLC, our users, or the public, as required or permitted by law

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your information.

Aggregated and De-identified Data

We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you. This data may be used for industry analysis, benchmarking, or platform improvement purposes.

⚠

We Never Sell Your Data

We do not sell, rent, or trade your personal information to any third party for marketing, advertising, or any other commercial purpose. Your MT5 credentials are never shared with anyone and are used exclusively to execute trades on your behalf. We do not have the ability to withdraw funds from your trading accounts.

SECTION 5

Data Security

We implement comprehensive, industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

Encryption

Passwords: Hashed using bcrypt with 12 rounds of salting; plaintext passwords are never stored or logged
MT5 passwords: Encrypted with AES-256 encryption before database storage
Two-factor authentication secrets: Encrypted with AES-256 encryption before database storage
Data in transit: All communications between your browser/client and our servers are encrypted using TLS/SSL protocols
Data at rest: Database storage is encrypted using PostgreSQL with encryption at rest (AWS RDS)
Cache encryption: Redis data is encrypted with TLS in production environments (AWS ElastiCache)

Access Controls and Authentication

Session management: HttpOnly, Secure (in production), and SameSite=Lax cookie attributes to prevent session hijacking and cross-site request forgery
Session regeneration: Session identifiers are regenerated upon login to prevent session fixation attacks
Two-factor authentication (2FA): TOTP-based 2FA available for all accounts with backup recovery codes
Account lockout: Automatic lockout after 10 failed login attempts within a 15-minute window
Rate limiting: Redis-backed rate limiting applied per IP address and per endpoint to prevent abuse
Bot prevention: Optional Google reCAPTCHA v2 on login and registration forms

Security Headers

Content Security Policy (CSP): Restricts sources of executable scripts and resources
HTTP Strict Transport Security (HSTS): Enforces HTTPS connections in production
X-Frame-Options: Prevents clickjacking attacks
X-Content-Type-Options: Prevents MIME type sniffing
Referrer-Policy: Controls referrer information sent with requests
Permissions-Policy: Restricts browser feature access

Infrastructure Security

Private networking: Databases and application servers reside in private VPC subnets with no direct public internet access
Connection pooling: RDS Proxy manages database connections with TLS enforcement
Automated backups: 30-day automated database backup retention with point-in-time recovery
DDoS protection: Cloudflare provides enterprise-grade DDoS mitigation
Monitoring: Continuous security monitoring with automated alerting for anomalous activity

⚠

No Absolute Guarantee

While we implement commercially reasonable and industry-standard security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee the absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials and for enabling two-factor authentication to further protect your account.

SECTION 6

Cookies and Tracking Technologies

We use a minimal set of cookies that are necessary for the operation and security of the Services. We do not use cookies for behavioral advertising or cross-site tracking.

Cookies We Set

Cookie	Type	Duration	Purpose
Session cookie	Strictly Necessary	Browser session	Maintains your authenticated login session. Set with HttpOnly, Secure (production), and SameSite=Lax attributes. Cannot be disabled.
Remember-me cookie	Functional	24 hours	Keeps you logged in across browser sessions when you select the "Remember Me" option at login. Optional.

Third-Party Cookies

Cookie	Type	Provider	Purpose
reCAPTCHA cookie	Strictly Necessary	Google	Set by Google reCAPTCHA when enabled on login and registration forms to distinguish human users from automated bots. Subject to Google's Privacy Policy.

Ad Platform Pixels (Admin-Configurable)

Our platform supports optional, administrator-configurable advertising pixels from the following providers. When enabled, these scripts execute in your browser and are subject to the respective provider's privacy policy. No pixel data is stored on our servers.

Meta (Facebook/Instagram) Pixel: Conversion tracking, subject to Meta's Privacy Policy
Google Analytics / Google Ads Tag: Traffic analysis and conversion tracking, subject to Google's Privacy Policy
TikTok Pixel: Conversion tracking, subject to TikTok's Privacy Policy

🔒

No Advertising Cookies by Default

We do not set any analytics or advertising cookies by default. Third-party advertising pixels are only active if explicitly enabled by the platform administrator. We do not store any third-party advertising cookie data on our servers.

Managing Cookies

Most web browsers allow you to control cookies through their settings. You can configure your browser to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling the session cookie will prevent you from logging in to the Services. For instructions on managing cookies in your browser, consult your browser's help documentation.

SECTION 7

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The following table sets forth our specific retention periods:

Data Type	Retention Period	Auto-Cleanup
User account data	Until account deletion request + 30-day grace period	Manual (upon verified request)
Trade records	Indefinite (retained for the lifetime of your account)	No (deleted upon account deletion)
Trading signals	Indefinite (retained for the lifetime of your account)	No (deleted upon account deletion)
Payment history	Indefinite (minimum 7 years for tax and audit compliance)	No
Account snapshots	Indefinite (retained for the lifetime of your account)	No (deleted upon account deletion)
System logs	180 days	Yes (automated daily cleanup at 3:00 AM EST)
Client bot logs	90 days	Yes (automated daily cleanup at 3:00 AM EST)
Bot operation logs	180 days	Yes (automated daily cleanup at 3:00 AM EST)
Session cookies	Browser session (or 24 hours with Remember Me)	Automatic (browser-managed)
Password reset tokens	1 hour	Automatic (token-based expiry)
Email verification tokens	Until verified	Automatic (upon successful verification)
Two-factor authentication codes	5 minutes	Automatic (TOTP-based expiry)
UTM tracking data	Indefinite (retained for the lifetime of your account)	No (deleted upon account deletion)

When your account is deleted, we perform a cascade deletion of all associated data, including trade records, bot configurations, logs, MT5 account data, subscription records, and profile information. Payment history may be retained beyond account deletion as required for tax and regulatory compliance.

📅

Automated Log Cleanup

Our systems automatically purge expired system logs, client bot logs, and bot operation logs on a daily schedule to minimize data retention beyond what is necessary for platform operations and security monitoring.

SECTION 8

Your Rights

Depending on your jurisdiction, you have the following rights with respect to your personal information. We are committed to facilitating the exercise of these rights in a timely manner.

Right of Access: You have the right to request a copy of the personal information we hold about you. Submit your request via email to support@autotraderbot.ai with the subject line "Data Access Request."
Right to Rectification: You have the right to request correction of inaccurate or incomplete personal information. You can update most profile data directly through your dashboard settings at any time. For data that cannot be modified through the dashboard, contact us.
Right to Erasure (Right to be Forgotten): You have the right to request deletion of your personal information, subject to legal retention requirements. Upon a verified deletion request, we perform a cascade deletion of all associated data, including trades, configurations, logs, MT5 accounts, and subscription records.
Right to Restriction of Processing: You have the right to request that we limit the processing of your personal information in certain circumstances. Contact us to discuss specific restrictions.
Right to Data Portability: You have the right to request your personal data in a structured, commonly used, and machine-readable format. This capability is planned for a future release.
Right to Object: You have the right to object to the processing of your personal information based on our legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing that occurred prior to withdrawal.
Right to Opt Out of Communications: You can disable all non-essential email notifications through your dashboard notification settings. Transactional emails related to account security (password resets, 2FA codes) cannot be disabled while your account is active.

To exercise any of these rights, contact us at support@autotraderbot.ai with "Privacy" in the subject line. We will verify your identity and respond to your request within 30 days. If additional time is required, we will notify you of the extension and the reasons for the delay.

✅

Self-Service Options

You can update your profile information, change notification preferences, and manage MT5 account connections directly through your dashboard settings without contacting support.

SECTION 9

California Consumer Privacy Act (CCPA) Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with additional rights regarding your personal information.

Your CCPA Rights

Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting the information, and the categories of third parties with whom we share the information.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions under the CCPA.
Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, provide you a different level of service, or suggest that you would receive a different price or level of service for exercising your rights.

Sale and Sharing of Personal Information

We do not sell your personal information as defined under the CCPA. We do not share your personal information for cross-context behavioral advertising. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA.

Submitting a CCPA Request

To submit a verifiable consumer request, email us at support@autotraderbot.ai with "CCPA Request" in the subject line. You may make a request up to twice within a 12-month period. We will verify your identity by confirming your account email address and respond within 45 days of receiving your request.

SECTION 10

Third-Party Services

Our Services integrate with and rely upon the following third-party services. Each of these services operates under its own privacy policy, and we encourage you to review them:

Service	Integration	Privacy Policy
MetaTrader 5	Trading platform integration for executing trades on your brokerage accounts	Subject to your broker's privacy policy
Stripe	Payment processing for subscriptions	Stripe Privacy Policy
Telegram	Support and FAQ bot (stateless, no user data stored)	Telegram Privacy Policy
Google reCAPTCHA	Bot prevention on authentication forms	Google Privacy Policy
Amazon Web Services	Cloud hosting infrastructure (ECS, RDS, ElastiCache, SES, S3, CloudFront)	AWS Privacy Notice
Cloudflare	DDoS protection, SSL termination, content delivery	Cloudflare Privacy Policy

We are not responsible for the privacy practices, data collection, or data processing activities of third-party services. When you interact with third-party services through our platform, the applicable third-party privacy policy governs the handling of your information by that service.

SECTION 11

Children's Privacy

Our Services involve financial trading activities and are not intended for, directed at, or designed for use by individuals under the age of 18 years or below the minimum legal trading age in their jurisdiction, whichever is higher. We do not knowingly collect, store, or process personal information from minors.

If we become aware that we have inadvertently collected personal information from a person under the minimum required age, we will take immediate steps to delete such information from our systems and terminate the associated account.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately at support@autotraderbot.ai so we can take appropriate action.

SECTION 12

International Data Transfers

AI Trading Bot LLC is based in Virginia, United States. Your personal information is processed and stored primarily in the United States, in the AWS US-East-1 (Northern Virginia) region.

If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country of residence. By using our Services, you consent to the transfer of your information to the United States.

When we transfer personal information internationally, we implement the following safeguards:

Standard Contractual Clauses (SCCs): Where applicable, we rely on European Commission-approved standard contractual clauses to provide adequate data protection for transfers outside the European Economic Area
Encryption in transit: All data transferred between your device and our servers is encrypted using TLS/SSL protocols
Encryption at rest: All stored data is encrypted in our cloud infrastructure
Access controls: Strict role-based access controls limit who can access your data within our organization
Compliance frameworks: Our cloud infrastructure provider (AWS) maintains compliance with SOC 1/2/3, ISO 27001, and other applicable international security standards

SECTION 13

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices, legal requirements, or operational procedures. When we make changes to this Privacy Policy:

We will update the "Effective" date displayed at the top of this policy
For material changes that significantly affect your rights or how we process your personal information, we will notify you via email to the address associated with your account
We will post the updated Privacy Policy on this page
For significant changes, we may require you to acknowledge or re-accept the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

📝

Stay Informed

We recommend bookmarking this page and reviewing it when you receive notification of changes. Previous versions of this Privacy Policy are available upon request by contacting support@autotraderbot.ai.

SECTION 14

Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy, our data practices, or your personal information, please contact us using the information below:

📧

AI Trading Bot LLC

Virginia, United States

Email: support@autotraderbot.ai

For privacy-specific inquiries, data access requests, or CCPA/GDPR requests, please include "Privacy" in the subject line of your email.

We endeavor to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority.