Last updated: 2026-05-28

Privacy Policy

This Privacy Policy explains what data Arbitrader collects, how we use it, and the choices you have. It applies to arbitrader.us and app.arbitrader.us.

1. Data We Collect

Account data: email, full name, password hash (never plaintext), and a unique user ID. Stored in Supabase (PostgreSQL, encrypted at rest).

Billing data: Stripe customer ID and subscription ID. We do not store credit-card numbers; Stripe handles payment information directly.

Usage data: bots created, strategies run, backtest configurations, trade journal entries, and webhook logs. Used to provide the Service and improve product features.

Broker credentials: API keys you connect (OANDA, Hyperliquid, NinjaTrader, Alpaca, Coinbase) are encrypted at rest and used only to execute the orders you authorize. We never trade your account without your explicit configuration.

Anonymous telemetry: page views, latency, and error logs to operate and debug the Service. No cross-site tracking.

2. How We Use It

• To run the Service (auth, backtests, broker calls, billing)
• To send transactional emails (email verification, password reset, billing receipts)
• To improve and secure the Service
• To comply with legal obligations

3. What We Do Not Do

• We do not sell your data.
• We do not share your strategies, trades, or balances with other users without your explicit consent (e.g., when you publish a strategy to the Marketplace).
• We do not run trades against your account that you did not configure.

4. Sub-Processors

We use the following service providers, each with their own privacy practices: Supabase (auth + database), Vercel (hosting), Stripe (payments). Each processes data only as needed to provide their service.

5. Your Rights

You may request access, correction, or deletion of your data by emailing support@arbitrader.us. You may export your data at any time via the in-app settings.

If you are in the EU/UK, you have rights under GDPR/UK GDPR including the right to lodge a complaint with your data protection authority.

6. Retention

We retain account data for as long as your account is active. After account deletion we retain backups for up to 30 days, then purge permanently. Billing records are retained per applicable tax law (typically 7 years).

7. Security

We encrypt data in transit (TLS) and at rest (database-level). API keys to broker accounts are encrypted with a separate envelope key. We follow industry standards but no system is 100% secure; you are responsible for keeping your account credentials safe.

8. Children

Arbitrader is not directed at people under 18 and we do not knowingly collect data from minors.

9. Changes

We may update this policy. Material changes will be notified by email or in-app.

10. Contact

Privacy questions: support@arbitrader.us