TermsPrivacyRefund

Privacy Policy

Effective: 2026-05-15

This Privacy Policy explains what personal information OneTickTrading ("we", "us") collects when you use oneticktrading.com (the "Service"), how we use it, and the choices you have. We aim to collect only what we need to operate the Service for you.

1. Information We Collect

We collect:

  • Account information — your email address (for authentication and transactional notices) and an optional display name and avatar.
  • Strategy and trade data — strategies you create, their parameters, backtest results, paper-trade and live-trade logs, and AI conversations you initiate within the platform.
  • Exchange API keys — credentials you provide to connect your exchange account, stored encrypted at rest. We use them only to read account data and place orders that your strategies generate.
  • Subscription information — your subscription status, billing period, and NOWPayments customer identifier. We never see your wallet's private keys; we receive only the payment confirmations NOWPayments forwards to us via webhook.
  • Usage and device data — IP address, browser type, pages visited, and timestamps, collected through standard server logs and basic product analytics.

2. How We Use Information

  • To create and authenticate your account.
  • To run backtests, paper trades, and live executions you initiate.
  • To provide AI assistance using the prompts and context you share in-product.
  • To process subscriptions via NOWPayments and issue receipts on request.
  • To communicate service updates, billing notices, and security alerts.
  • To detect, prevent, and respond to fraud, abuse, and security incidents.
  • To improve the Service using aggregated, de-identified usage patterns.

3. How We Share Information

We do not sell personal information. The Service is largely self-hosted — most processing happens on infrastructure we own and operate. We share data only with the third-party providers genuinely required to deliver the Service:

  • NOWPayments — crypto payment processing and IPN webhooks for subscription billing.
  • Amazon Web Services — outbound transactional email (Simple Email Service) and a backup historical-data store.
  • Cloudflare — DNS, the public-facing tunnel that fronts our origin, inbound Email Routing, and R2 object storage.
  • Google (Gemini) — AI inference for chart analysis and in-product chat. Prompts you submit are processed by the model.
  • The exchange you connect — only the API calls necessary to fetch account state and execute orders you authorize.

All other application infrastructure — authentication, the database, market-data ingestion, backtest compute, live-trade execution — runs on hardware we own. Customer data does not transit a third-party SaaS for those layers.

We may also disclose information when required by law, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets — in which case we will notify you and provide a meaningful choice where required.

4. Data Retention

We keep account, strategy, and trade data for as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce our agreements. Encrypted exchange API keys are deleted on request or when you remove the connection.

5. Security

We protect data with standard industry safeguards: TLS for data in transit, encryption at rest for credentials, role-segregated database access, and least-privilege deployment practices. No system is perfectly secure; you are responsible for keeping your account password and exchange API keys safe.

6. Your Rights

Depending on where you live, you may have the right to access, correct, export, or delete personal information we hold about you, to object to certain processing, and to lodge a complaint with a supervisory authority. To exercise these rights, contact [email protected]; we will respond within a reasonable time and free of charge.

7. International Transfers

Our service providers operate in multiple jurisdictions, including the United States and the European Union. Where we transfer personal data across borders, we rely on appropriate safeguards such as standard contractual clauses or adequacy decisions.

8. Cookies

We use a small number of essential cookies and local-storage entries to keep you signed in and remember basic preferences. We do not use third-party advertising cookies.

9. Children

The Service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided us personal data, please contact us so we can delete it.

10. Changes

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-product notice with at least 14 days' notice before they take effect.

11. Contact

Questions about this Policy or your data can be sent to [email protected].