Privacy Policy — CopyTrade

LAST UPDATED: MAY 2026

    Summary: We collect only what we need to operate the service. We do not sell your data. We never have access to your actual funds — only trade execution via API keys you provide.
  

1. Information We Collect

Account Information: When you register, we collect your name and email address. Passwords are stored as one-way cryptographic hashes — we cannot recover your password.

API Credentials: To connect your brokerage accounts, you provide API keys and credentials. These are stored encrypted on our servers and used solely to execute trades on your behalf.

Trade Data: We log trade executions, including symbol, side, quantity, timestamp, and execution status. This data is yours and is used to power your trade history and analytics.

Usage Data: We collect basic server logs including IP addresses, page views, and feature usage to operate and improve the service.

Payment Information: Billing is handled by Stripe. We do not store your credit card information. Stripe's privacy policy applies to payment processing.

2. How We Use Your Information

To operate and provide the Service
To execute trades on your connected brokerage accounts
To send account-related emails (trial expiry, billing notifications)
To provide customer support
To improve and develop the Service
To detect and prevent fraud or abuse

We do not use your data to provide trading signals, investment advice, or share data with third parties for marketing purposes.

3. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement the following security measures:

Passwords hashed with bcrypt (industry standard)
HTTPS encryption for all data in transit
API credentials stored with encryption at rest
Access controls limiting who can access production data

While we take reasonable precautions, no security system is impenetrable. We recommend using API keys with trade-only permissions (no withdrawal access) to limit risk.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties, except:

Brokers: Your credentials are transmitted to your chosen broker (Tradovate, TopstepX) to execute trades
Stripe: Payment information for billing purposes
Infrastructure providers: Hosting providers may have access to server data as part of normal operations
Legal requirements: If required by law or valid legal process

5. Data Retention

We retain your account data for as long as your account is active. After account deletion:

Account data is deleted within 30 days
Trade logs are deleted within 30 days
API credentials are immediately deleted upon account deletion or disconnection
Billing records may be retained for up to 7 years for legal/tax compliance

6. Your Rights

You have the right to:

Access: Request a copy of your personal data
Correction: Update inaccurate information in your account settings
Deletion: Request deletion of your account and associated data
Portability: Export your trade history as CSV at any time
Opt-out: Unsubscribe from non-essential communications

7. Cookies

We use minimal cookies — primarily for authentication session management (keeping you logged in). We do not use advertising or tracking cookies.

8. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors.

9. International Users

If you are located outside the United States, your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10. Data Breach Notification

In the event of a confirmed security incident resulting in unauthorized access to your personal information or stored brokerage credentials, CopyTrade will notify affected users by email within 72 hours of confirming the breach where technically feasible. We will describe the nature of the information affected, steps being taken in response, and guidance on protective actions including revoking API credentials within your broker platform.

You are responsible for maintaining a current email address on your account. Upon any suspected compromise, immediately revoke all API keys connected to CopyTrade directly within your broker platform.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a notice on the platform. Continued use of the Service constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at the email address provided on the platform. We will respond within 30 days.