Privacy Policy
We value your privacy. This policy explains in detail how we collect, use, store, and protect your personal data, as well as the rights you have as a data subject.
Last Updated: 2026-01-30
1. Scope of Data Collection
We collect the following types of data: Account Data: Email address and password (stored in hashed form) provided during registration. API Key Data: Your Bitfinex API keys, stored using AES-256 encryption. We only require keys with "Read" and "Lending" permissions. Usage Data: Your service usage records, including bot configurations, strategy selections, lending operation logs, and earnings data. Technical Data: Automatically collected technical information such as IP addresses, browser types, device information, and access timestamps. Payment Data: Subscription plans and payment records. We do not directly process or store your cryptocurrency wallet information.
2. Purposes of Data Use
We use your data for the following purposes: Service Delivery: Executing lending operations, managing bots, generating earnings reports. Service Improvement: Analyzing usage patterns to optimize strategy algorithms and user experience. Account Management: Verifying identity, processing subscriptions, sending service-related notifications. Security: Detecting and preventing fraudulent activities, unauthorized access, and security threats. Legal Compliance: Complying with applicable laws, regulations, and government requirements. We do not use your data for advertising or marketing purposes unless you have explicitly consented to receive marketing communications.
3. Data Security Measures
We implement multiple layers of security measures to protect your data: Encryption: API keys are stored using AES-256 encryption; passwords are processed with bcrypt hashing algorithms. All data transmission uses TLS 1.3 encryption. Access Control: We follow the principle of least privilege, granting system access only to authorized personnel. All administrative operations are fully audit-logged. Infrastructure Security: Servers are deployed in SOC 2-certified cloud environments, equipped with firewalls, intrusion detection systems, and regular security scans. Data Backups: Regular encrypted backups are performed, with backup data stored in geographically dispersed secure facilities. Despite our best efforts to protect your data, no method of internet transmission or electronic storage is 100% secure.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data. We may only disclose your data in the following limited circumstances: Legal Requirements: Upon receipt of lawful court orders, subpoenas, or legally mandated government requests. Security Protection: To prevent fraud, protect user safety, or defend the Platform's legitimate interests. Service Providers: Sharing necessary technical data with third-party providers who help us operate (e.g., cloud hosting services), bound by strict data protection agreements. Corporate Transactions: In cases of mergers, acquisitions, or asset transfers, user data may be transferred as part of the transaction; we will notify users in advance. We do not share your account information with Bitfinex or any exchange. API keys are used solely to execute lending operations within your account.
5. Cookies and Tracking Technologies
The Platform uses the following types of cookies and similar technologies: Essential Cookies: Used to maintain login status, ensure account security, and enable basic functionality. These cookies are necessary for the service to function properly and cannot be disabled. Functional Cookies: Used to remember your language preferences and interface settings to provide a personalized experience. Analytics Cookies: Used to collect anonymous usage statistics to help us understand how users interact with the Platform and make improvements. You can manage or delete cookies through your browser settings. Please note that disabling certain cookies may affect the normal use of the service.
6. Data Retention Period
We retain your data for a reasonably necessary period: Account Data: Retained during the active account period; purged within 30 days of account deletion. API Keys: Retained during the active account period; permanently destroyed immediately upon user removal or account deletion. Transaction Records: Retained for 3 years to comply with legal requirements and dispute resolution needs. Technical Logs: Retained for 90 days for security monitoring and troubleshooting. Payment Records: Retained as required by applicable tax and accounting regulations. You may request early deletion of your data at any time, but some data may need to be retained due to legal requirements.
7. User Rights
Under applicable data protection laws, you have the following rights: Right of Access: You may request a copy of the personal data we hold about you. Right of Rectification: You may request correction of inaccurate or incomplete personal data. Right of Erasure: You may request deletion of your personal data (subject to legal retention obligations). Right of Portability: You may obtain your data in a structured, commonly used, machine-readable format. Right to Object: You may object to our processing of your data based on legitimate interests. Right to Restrict Processing: In certain circumstances, you may request restriction of processing of your data. To exercise any of the above rights, please contact us at privacy@finvy.ai. We will respond within 30 days of receiving your request.
8. Cross-Border Data Transfers
The Platform's servers are located in secure cloud environments. Your data may be transferred to and stored on servers outside your country or region. When conducting cross-border transfers, we ensure appropriate safeguards are in place, including the use of standard contractual clauses or other legally recognized data transfer mechanisms, to ensure your data remains adequately protected after transfer.
9. Protection of Minors
This service is not intended for individuals under the age of 18 or below the legal age of majority in their jurisdiction. We do not knowingly collect personal data from minors. If we discover that we have collected data from a minor, we will immediately take steps to delete the relevant data. If you become aware that a minor has used our service, please contact us immediately.
10. Security Incident Notification
In the event of a data breach affecting the security of your personal data, we will: Report to relevant regulatory authorities within 72 hours of discovery (as required by applicable law). Promptly notify affected users via email, informing them of the nature of the incident, potential impact, and remedial measures taken. Document detailed information about the incident and implement measures to prevent similar incidents from recurring.
11. Third-Party Links
The Platform may contain links to third-party websites or services (e.g., Bitfinex exchange). We are not responsible for the privacy practices of third parties. We recommend reviewing the privacy policies of third-party websites when visiting them. Our links to third parties do not constitute endorsement or approval of their privacy practices.
12. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law requirements. Material changes will be communicated at least 14 days before taking effect via email or platform announcements. Continued use of the service constitutes acceptance of the updated Privacy Policy. We recommend that you review this policy regularly to stay informed about our latest privacy protection measures. This Privacy Policy was last updated on January 30, 2026.
For privacy-related questions, please contact our data protection team: privacy@finvy.ai