Skip to main content

Privacy Policy

Last Updated: March 17, 2026

Introduction

Welcome to VolatiCloud. This Privacy Policy explains how VolatiCloud ("we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use our cloud-based algorithmic trading platform and related services (collectively, the "Service").

VolatiCloud is a Software-as-a-Service (SaaS) platform that enables users to create algorithmic cryptocurrency trading strategies, run backtests against historical market data, and deploy live trading bots on cloud infrastructure. We are committed to protecting your privacy and handling your data responsibly.

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

info

This Privacy Policy applies to all users of the VolatiCloud platform, including individual account holders, organization administrators, and team members within organizations.

Information We Collect

Account Information

When you create a VolatiCloud account, we collect the following personal information:

  • Identity information: Your name, email address, and username.
  • Authentication credentials: Your account is managed through our identity provider (Keycloak) using the OpenID Connect (OIDC) protocol. Passwords are never stored directly by VolatiCloud; they are managed by the authentication provider.
  • Organization details: If you create or join an organization, we collect the organization name, alias, and your role within the organization.
  • Billing information: If you subscribe to a paid plan or purchase credits, payment information is collected and processed by our payment processor, Stripe. We do not store your full credit card number or payment method details on our servers.

Exchange Credentials

To enable live trading, you may provide cryptocurrency exchange API keys and secrets. These credentials are treated with the highest level of security:

  • All exchange API keys, secrets, and sensitive configuration fields are encrypted at rest using AES-256-GCM field-level encryption before being stored in our database.
  • Credentials are decrypted only at the point of use (e.g., when a trading bot needs to communicate with your exchange) and are never logged or exposed in plaintext.
  • Access to decrypted credentials is governed by granular authorization scopes (view-secrets), ensuring that only authorized operations can retrieve sensitive data.
warning

While we encrypt and protect your exchange API keys, we strongly recommend that you configure your exchange API keys with the minimum required permissions (e.g., trade-only, no withdrawal permissions) and restrict them by IP address where possible. VolatiCloud is not responsible for unauthorized access resulting from overly permissive API key configurations.

Trading and Strategy Data

When you use the Service, we collect and store:

  • Strategy configurations: Trading strategies you create, whether through the UI Builder or Python code mode, including strategy parameters, indicators, and conditions.
  • Backtest results: Historical performance data, trade logs, and analytics generated from backtesting your strategies.
  • Bot configurations: Settings for your live trading bots, including trading pairs, stake amounts, and operational parameters.
  • Bot operational data: Trade execution logs, performance metrics, and bot status information. Bot databases (SQLite) are periodically backed up to secure cloud storage (Amazon S3) to ensure data durability.

Usage and Technical Data

We automatically collect certain technical information when you interact with the Service:

  • Log data: Server logs including IP addresses, request timestamps, API endpoints accessed, and response codes.
  • Device information: Browser type and version, operating system, and screen resolution.
  • Usage patterns: Features used, pages visited, session duration, and interaction patterns within the platform.

We may collect analytics and telemetry data to improve the Service. This data collection is consent-based and governed by our cookie consent mechanism:

  • Performance metrics: Page load times, error rates, and application performance data.
  • Feature usage analytics: Aggregated data about how features are used to inform product development.
  • Crash reports: Technical error information to help us identify and fix bugs.

You may opt out of analytics data collection at any time through our consent banner or your account settings. See the Cookies and Analytics section for details.

How We Use Your Information

We use the information we collect for the following purposes:

Service Operation and Delivery

  • Authenticating your identity and managing your account.
  • Executing your trading strategies and managing bot deployments on our cloud infrastructure.
  • Processing backtests and delivering results.
  • Managing organization memberships, roles, and permissions.
  • Processing payments, managing subscriptions, and tracking credit usage.

Service Improvement

  • Analyzing usage patterns to improve platform features and user experience.
  • Identifying and fixing bugs, errors, and performance issues.
  • Developing new features based on aggregated usage data.

Communication

  • Sending transactional notifications related to your account, bots, and trading activity (e.g., bot status alerts, trade notifications, billing receipts).
  • Providing customer support and responding to your inquiries.
  • Sending service announcements and updates about changes to the platform.

Security and Compliance

  • Detecting, preventing, and responding to security incidents and fraudulent activity.
  • Enforcing our Terms of Service and other policies.
  • Complying with applicable legal obligations.

We process your personal data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you have subscribed to.
  • Legitimate interests: Improving the Service, ensuring security, and preventing fraud.
  • Consent: Analytics and telemetry data collection, marketing communications.
  • Legal obligations: Compliance with applicable laws and regulations.

Data Security

We implement comprehensive technical and organizational measures to protect your data:

Encryption

  • Field-level encryption: Sensitive configuration fields, including exchange API keys and secrets, are encrypted using AES-256-GCM (Galois/Counter Mode) encryption before storage. Each encrypted field includes its own authentication tag, ensuring both confidentiality and integrity.
  • Transport encryption: All data in transit between your browser and our servers is encrypted using TLS 1.2 or higher.
  • Backup encryption: Bot database backups stored in Amazon S3 are encrypted using server-side encryption.

Authentication and Authorization

  • Identity management: User authentication is handled through Keycloak, an enterprise-grade identity and access management system, using the OpenID Connect (OIDC) protocol.
  • Fine-grained authorization: We implement UMA 2.0 (User-Managed Access) resource-level authorization, ensuring that users can only access resources they own or have been explicitly granted permission to view.
  • Organization-scoped access: Multi-tenant isolation ensures that data belonging to one organization is not accessible to members of another organization.

Infrastructure Security

  • Trading bots run in isolated containers on our Kubernetes infrastructure, providing process-level isolation between users.
  • Our cloud infrastructure employs network segmentation, firewalls, and intrusion detection systems.
  • We conduct regular security assessments and apply security patches promptly.

Access Controls

  • Internal access to production systems and user data is restricted to authorized personnel on a need-to-know basis.
  • Administrative actions are logged and auditable.
info

No method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

Data Retention

We retain your data according to the following guidelines:

  • Account data: Retained for the duration of your active account and for a reasonable period thereafter (up to 30 days) to allow for account recovery, unless you request deletion.
  • Trading data and bot logs: Retained for the duration of your active account. Backtest results and bot operational data are available as long as your account remains active.
  • Bot database backups: Stored in S3 for the duration of your account. Backups are deleted when the associated bot is permanently removed or upon account deletion.
  • Billing records: Retained as required by applicable tax and financial regulations (typically 7 years).
  • Server logs: Retained for up to 90 days for security monitoring and debugging purposes.
  • Analytics data: Aggregated and anonymized analytics data may be retained indefinitely. Identifiable analytics data is retained for up to 12 months.

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., billing records).

Third-Party Services

We use the following categories of third-party services to operate the platform:

Payment Processing

  • Stripe: We use Stripe to process payments, manage subscriptions, and handle billing. When you make a payment, your payment information is sent directly to Stripe and is subject to Stripe's Privacy Policy. We receive only limited billing information from Stripe (e.g., last four digits of your card, billing address, transaction history).

Cryptocurrency Exchanges

  • When you connect your exchange account, your trading bot communicates directly with your chosen cryptocurrency exchange using the API credentials you provide. Each exchange has its own privacy policy and terms of service. We recommend reviewing the privacy practices of any exchange you connect to VolatiCloud.

Cloud Infrastructure

  • Cloud hosting providers: We use cloud infrastructure providers to host the Service, including compute, storage (Amazon S3 for bot backups), and networking services. Your data may be stored in data centers operated by these providers.

Identity Provider

  • Keycloak: User authentication is managed through Keycloak. Authentication data (usernames, email addresses, password hashes) is stored within our Keycloak instance, which runs on our managed infrastructure.

Analytics Providers

  • We may use third-party analytics tools to understand how users interact with the Service. These tools collect data only when you have provided consent through our cookie consent mechanism.

We do not sell your personal data to third parties. We share data with third-party services only as described in this Privacy Policy and only to the extent necessary to operate the Service.

Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access and Portability

  • Access your data: You can request a copy of the personal data we hold about you.
  • Export your data: You can export your trading strategies, backtest results, and bot configurations through the platform interface.

Correction and Deletion

  • Correct your data: You can update your account information directly through your account settings.
  • Delete your account: You can request deletion of your account and associated data by contacting us at [email protected]. Upon receiving a verified deletion request, we will delete your data within 30 days, subject to the data retention requirements described above.
  • Analytics opt-out: You can opt out of analytics data collection at any time through the consent banner or by adjusting your browser cookie settings.
  • Marketing opt-out: You can unsubscribe from marketing communications using the unsubscribe link in any marketing email.
  • Notification preferences: You can manage your alert and notification preferences within the platform settings.

Additional Rights

  • Right to object: You may object to the processing of your personal data based on legitimate interests.
  • Right to restrict processing: You may request that we restrict the processing of your personal data in certain circumstances.
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

Cookies and Analytics

Cookies We Use

We use cookies and similar technologies for the following purposes:

CategoryPurposeConsent Required
EssentialAuthentication tokens, session management, CSRF protectionNo (required for Service operation)
FunctionalUser preferences, UI settings, language selectionNo (required for Service functionality)
AnalyticsUsage statistics, performance monitoring, feature adoptionYes

When you first visit the VolatiCloud platform, a consent banner will be displayed, allowing you to:

  • Accept all cookies: Enable all cookie categories, including analytics.
  • Accept essential only: Allow only cookies required for the Service to function.
  • Manage preferences: Choose which optional cookie categories to enable.

You can change your cookie preferences at any time through the consent banner, accessible from the platform footer.

Do Not Track

We respect browser "Do Not Track" (DNT) signals. If your browser sends a DNT signal, we will not collect analytics data from your session.

Children's Privacy

VolatiCloud is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal data from a child under the age of 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at [email protected] so that we can take appropriate action.

International Data Transfers

If you access the Service from outside the region where our servers are located, your data may be transferred across international borders. We ensure that appropriate safeguards are in place for such transfers, including standard contractual clauses or other mechanisms recognized by applicable data protection authorities.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

  • We will update the "Last Updated" date at the top of this Privacy Policy.
  • We will notify you via email or through a prominent notice within the platform at least 14 days before the changes take effect.
  • Continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 days.