Privacy Policy

When you register for an account, we collect basic identifiers such as your name, email address, and authentication credentials. If you register via OAuth providers (e.g., Google, Microsoft), we collect the profile information authorized by those platforms.

While we do not process fiat currency directly, we collect data related to your subscription history, cryptocurrency invoice IDs, and transaction statuses via our payment processor. We do NOT store your private wallet keys, seed phrases, or credit card numbers.

For internal optimization and support, we may collect aggregated metadata regarding software usage, such as execution latency times, filter activation frequency, and crash reports. This data is entirely anonymized and does not contain specific trade directions or profitability metrics.

We automatically collect diagnostic data including IP addresses, browser types, operating system environments (e.g., Windows Server 2022 identifiers), MAC addresses (strictly for KeyAuth hardware locking to prevent piracy), and Cloudflare Turnstile verification metrics.

From the moment of registration, your data is securely transmitted via TLS 1.3 encryption to our Supabase backend. Payment requests are routed via secure Webhooks to NOWPayments. License generation occurs on our backend and interfaces with KeyAuth to bind your hardware. At no point is sensitive data processed in plain text.

• Contractual Necessity: Processing your Personal and Financial Data is required to fulfill our obligations under the Terms and Conditions (e.g., provisioning access to the RevBot software).
• Legitimate Interests: Technical data is processed to ensure system security, prevent bot-driven spam attacks, enforce hardware-locked licensing, and optimize HFT routing algorithms.
• Consent: Where applicable by law, we rely on your explicit consent for non-essential processing, such as marketing communications.

You have the right to request a copy of the personal data we hold about you. You may request this data in a structured, machine-readable format to transfer it to another service provider.

You have the right to request corrections to any inaccurate or incomplete personal data associated with your account.

You may request the deletion of your personal data. We will honor this request within 30 days, subject to legal retention exceptions (such as maintaining immutable financial transaction records for tax compliance).

You have the right to request that we limit the processing of your personal data under certain circumstances, such as while a dispute regarding data accuracy is being resolved.

We do not sell your personal data. We share necessary data strictly with vetted infrastructure partners to facilitate our services:

• Supabase: Database and Authentication management.
• KeyAuth: License Generation and Hardware ID (HWID) locking.
• NOWPayments: Cryptocurrency transaction processing.
• Cloudflare: CDN, DNS routing, and DDoS mitigation.

Your data may be transferred to and processed in countries outside of your residence (e.g., AWS/Supabase servers located in the EU or US). We ensure appropriate safeguards, such as Standard Contractual Clauses (SCCs), are implemented to protect cross-border data transfers.

We retain your account information for as long as your account is active. Upon account deletion, non-essential data is purged within 30 days. Billing history and transaction records are retained for a minimum of five (5) years to comply with global accounting, anti-money laundering (AML), and tax regulations. Immutable blockchain data remains on the public ledger indefinitely.

All data transmitted between your browser and our servers is encrypted using modern TLS protocols. Passwords are cryptographically hashed. Our database architecture utilizes strict Row Level Security (RLS) policies, ensuring users can only query or modify their own designated data subsets.

In the highly unlikely event of a data breach compromising unencrypted personal data, we will notify affected users and relevant supervisory authorities within 72 hours of discovery.

To exercise your privacy rights or if you have questions regarding this policy, please contact our Data Protection Officer at:

• Email: compliance@revbot.one