BossTrade
Terms Sign In

Privacy Policy

Last updated: May 2026

1. Information We Collect

When you create an account, we collect your email address and authentication credentials (managed by Supabase Auth). When you connect an exchange, we store your encrypted API keys. We do not store passwords — authentication is handled by our identity provider.

2. How We Use Your Information

  • Execute trades on your behalf through your connected exchange account
  • Provide the trading dashboard, analysis, and notifications
  • Process billing and referral commissions
  • Improve our services and fix technical issues

3. API Key Security

Exchange API keys are encrypted using AES-256-GCM with per-user authenticated additional data before storage. Keys are decrypted only in server memory during trade execution and are never sent to the browser or logged. We require trade-only permissions with withdrawals disabled.

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Supabase — database and authentication infrastructure
  • Stripe — payment processing (only if you subscribe)
  • Kraken — trade execution via your API keys
  • Google Gemini — AI analysis (market data only, no personal info)

5. Data Retention

Account data is retained while your account is active. You may request deletion of your account and associated data by contacting support. Trade history and execution logs are retained for audit and compliance purposes.

6. Cookies

We use session cookies for authentication (sb_token, sb_refresh). We do not use tracking or advertising cookies.

7. Your Rights

You may access, update, or delete your personal data at any time. You may revoke exchange API keys from your Settings page. Contact us at support@bosstrade.app for data requests.

8. Changes

We may update this policy from time to time. Material changes will be communicated via the dashboard or email.

Home Terms Pricing