Privacy Policy - NetsGain Trading Bot

This Privacy Policy explains how NetsGain ("we", "us", or "our") collects, uses, and protects information when you use our website (netsgain.com and bot.netsgain.com) and services (the "Service"). We operate a non-custodial trading automation tool that connects to your exchange accounts via your API keys.

1. What we collect (summary)

Account/session data: session cookies (user_session, admin_session), plan status, internal user ID. We do not collect email addresses if you don't provide them anywhere on the site.
Exchange credentials: your API keys for supported exchanges (e.g., Bitget/OKX). We store them encrypted at rest and only decrypt in memory to sign requests.
Billing: subscription and payment data is processed by Stripe. We do not store card numbers.
Logs & security: IP address, user-agent, and HTTP request metadata may be logged by our servers, Cloudflare, and Nginx for security and abuse prevention.
Metrics: Prometheus/Grafana collect service-health metrics (no behavioral tracking of individuals).

2. Legal bases (GDPR)

Contract: to provide the Service you request (run bots, maintain sessions, manage subscription access).
Legitimate interests: security (WAF, DDoS protection), fraud prevention, debugging, and service reliability.
Consent: where required, e.g., optional cookies or communications. We do not use marketing trackers.

3. How we use information

Operate and secure the Service, authenticate sessions, and enforce plan access.
Execute trading automation on your behalf using your exchange API keys.
Process subscription payments via Stripe and manage billing status.
Monitor uptime and errors (Prometheus, Grafana) and protect against abuse (Cloudflare).
Comply with applicable laws and respond to lawful requests.

4. Cookies and similar technologies

We use strictly necessary cookies (e.g., user_session, admin_session) for login and access control. We do not use advertising cookies.

5. Sharing & third parties

Stripe (payments & subscriptions). Your card data is handled by Stripe directly.
Cloudflare (CDN/WAF). May process your IP address and security signals.
Exchanges (Bitget/OKX, via your API keys). Orders are placed per your configuration.
Infrastructure/Monitoring (e.g., Prometheus, Grafana). Service telemetry only.
We do not sell personal data.

6. Data security

API keys are stored encrypted at rest (industry-standard symmetric encryption) and decrypted in memory only when needed.
Transport security via HTTPS; WAF and rate-limits via Cloudflare.
Access restricted to authorized personnel and audited.

7. Data retention

API keys: retained while your account/plan is active; deleted upon account deletion or your request.
Billing records: retained as required for accounting/tax and dispute resolution.
Server logs: typically up to 90 days unless needed for investigations.

8. Your rights

Subject to local laws, you may request access, correction, deletion, or restriction of your personal data. Contact us as below. We may verify your identity and are not required to delete data we must keep by law or for legitimate defense of claims.

9. International transfers

We may process data on servers outside your country. We take reasonable steps to protect your data in accordance with this Policy and applicable law.

10. Children

The Service is not directed to individuals under 16. Do not use the Service if you are under the minimum age of digital consent in your jurisdiction.

11. Changes

We may update this Policy. Material changes will be posted on this page with a new "Last updated" date.

12. Contact

Email: [email protected]