Privacy Policy

1. Introduction

Gridtick ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our automated grid trading platform. By using Gridtick, you consent to the practices described in this policy.

2. Information We Collect

Account Information: Email address and name (obtained via Google OAuth authentication). Google profile picture URL. We do not collect or store passwords.

API Credentials: Binance API key and secret key, encrypted with AES-256 encryption at rest. We verify that withdrawal permissions are disabled before accepting any API key.

Trading Data: Trade history (buy/sell orders, prices, quantities, timestamps). Portfolio snapshots (balances, asset holdings). Bot configuration (capital limits, asset allocations). Performance metrics (profit, vault balance, trade counts).

Technical Data: IP address, browser type, device information. Access timestamps and usage patterns. Error logs and diagnostic data.

Payment Data: Billing information is processed by Stripe. We do not store credit card numbers, bank account details, or full payment credentials on our servers.

3. How We Use Your Information

We use your information solely for the following purposes:

• Operating and maintaining the trading bot on your Binance account
• Displaying your trading dashboard and performance metrics
• Generating and processing monthly invoices
• Authenticating your identity and securing your account
• Providing customer support
• Improving the Service and fixing bugs
• Complying with legal obligations

We do NOT use your information for advertising, profiling, or selling to third parties.

4. API Key Security

Your Binance API keys are the most sensitive data we handle. Our security measures include:

• AES-256 encryption at rest — keys are encrypted before storage using industry-standard encryption
• Decryption only in memory — keys are only decrypted when the bot needs to execute trades, never written in plaintext
• No withdrawal access — we reject any API key that has withdrawal permissions enabled
• IP restriction — API keys are restricted to our server IP, preventing use from any other location
• Never logged or displayed — API keys are never written to log files, shown in the UI after initial entry, or included in error reports
• Immediate deletion on cancellation — encrypted keys are permanently deleted within 24 hours of account cancellation

5. Data Storage & Retention

Location: All data is stored on servers located in Singapore.

Retention periods:

• Account data: retained for the duration of your account plus 30 days after deletion
• Trading data: retained for the duration of your account for dashboard and reporting purposes
• API keys: permanently deleted within 24 hours of account cancellation or key revocation
• Invoices and payment records: retained for 7 years for tax and legal compliance
• Server logs: retained for 90 days for security and debugging purposes

6. Data Sharing & Third Parties

We do NOT sell, rent, or trade your personal information to any third party. We share data only with the following service providers, strictly for the purposes described:

• Google — authentication only (email, name, profile picture via OAuth)
• Binance — trade execution via your API key (we send orders on your behalf)
• Stripe — payment processing (billing amount, email for invoicing)

We may disclose information if required by law, court order, or governmental regulation, or to protect our rights, safety, or property.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access — request a copy of all personal data we hold about you
• Correction — request correction of inaccurate personal data
• Deletion — request permanent deletion of your account and all associated data
• Export — request your trading data in a machine-readable format (CSV)
• Objection — object to specific processing of your data
• Revocation — revoke API access at any time by deleting your API key on Binance

To exercise any of these rights, contact us at privacy@gridtick.com. We will respond within 30 days.

8. Cookies & Tracking

We use essential cookies for authentication (session tokens) and user preferences (theme selection). We do not use advertising cookies, tracking pixels, or analytics services that profile users. No third-party tracking scripts are loaded on our pages.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor, we will promptly delete it.

10. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence, including Singapore where our servers are located. By using the Service, you consent to such transfers. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws.

11. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users via email within 72 hours of becoming aware of the breach. We will also notify relevant authorities as required by applicable law. Notification will include the nature of the breach, data affected, steps taken, and recommendations for users.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform at least 14 days before taking effect. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact

For privacy-related inquiries, data requests, or complaints, contact us at:
Email: privacy@gridtick.com
Response time: within 30 calendar days