Terminal Guide Privacy
Legal

Privacy Policy

How we collect, use, and protect your personal information.

Last updated: March 21, 2026
Table of Contents
  1. 1. Information We Collect
  2. 2. How We Use Your Data
  3. 3. Data Storage & Security
  4. 4. Third-Party Services
  5. 5. Data Retention
  6. 6. Your Rights
  7. 7. Cookies
  8. 8. Children's Privacy
  9. 9. Changes to Privacy Policy
  10. 10. Contact
1
Information We Collect

We collect the following categories of information to provide and improve the Service:

Category Data Collected Purpose
Account Data Email address, display name, password hash Authentication, account management
Usage Data Page views, feature usage, IP address, browser type Service improvement, analytics
Trading Data Portfolio state, trade history, API key metadata (NOT the secret key) Trade execution, performance tracking
Payment Data Subscription plan, Stripe customer/subscription ID (card details handled by Stripe) Billing, subscription management
Communication Data Telegram chat ID (if linked) Notifications, alerts

Important: We never store your API secret key in plaintext. API keys are encrypted at rest. We never have access to your exchange password or withdrawal credentials. Stripe handles all credit card details directly; we never see or store your full card number.

2
How We Use Your Data

We use the information we collect for the following purposes:

  • Provide the trading service: Execute trades, monitor portfolios, and generate AI analysis on your behalf;
  • Improve AI performance: Analyze aggregated (anonymized) trading outcomes to refine our AI agents and strategies;
  • Send notifications: Deliver trade alerts, portfolio updates, and system notifications via Telegram and/or email;
  • Process payments: Manage subscriptions, calculate profit share, and process billing through Stripe;
  • Ensure security: Detect and prevent unauthorized access, abuse, or fraudulent activity;
  • Comply with legal obligations: Respond to lawful requests from authorities where required.

We do not sell, rent, or share your personal data with third parties for marketing purposes. Data shared with third-party services is limited to what is necessary for the operation of the Service.

3
Data Storage & Security

We implement the following security measures to protect your data:

  • Database: SQLite database stored on a private, dedicated server with restricted access;
  • Password security: Passwords are hashed using industry-standard algorithms (Werkzeug/bcrypt) and are never stored in plaintext;
  • API key encryption: Exchange API keys are encrypted at rest using symmetric encryption;
  • Session management: Sessions use secure, randomly-generated tokens with a 30-day time-to-live (TTL);
  • Network security: All connections are encrypted via HTTPS through Cloudflare tunnel;
  • Access control: Administrative access is restricted to authorized personnel only.

While we implement reasonable security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach.

4
Third-Party Services

We use the following third-party services to operate the platform:

Service Provider Data Shared
AI Analysis Anthropic (Claude) Market data and trading indicators only. No personal user data is sent to the AI model.
Exchange Bybit Trade orders via your API keys. Your account is accessed directly through Bybit's API.
Payments Stripe Email, subscription plan. Stripe handles all card details; we never see your full card number.
Notifications Telegram Chat ID, notification messages. Only if you choose to link your Telegram account.
CDN / Tunnel Cloudflare Traffic routing. Cloudflare may process IP addresses and request metadata.

Each third-party service operates under its own privacy policy. We encourage you to review the privacy practices of these services.

5
Data Retention

We retain your data according to the following policies:

  • Active accounts: Data is retained for the duration of your account's active status;
  • Account closure: Upon account closure, personal data will be deleted within 90 days, unless retention is required by law;
  • Trading history: Anonymized, aggregated trading data may be retained indefinitely for the purpose of improving AI performance;
  • Backups: Data may persist in encrypted backups for up to 30 days after deletion from the primary database.
6
Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you;
  • Correction: Request correction of inaccurate or incomplete data;
  • Deletion: Request deletion of your personal data (subject to legal retention requirements);
  • Export: Request an export of your portfolio data and trade history in a machine-readable format;
  • Objection: Object to data processing for specific purposes;
  • Restriction: Request restriction of processing under certain circumstances.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

7
Cookies

Kairos uses minimal cookies strictly necessary for the operation of the Service:

Cookie Type Duration Purpose
kairos_session Essential 30 days Session authentication

We do not use analytics cookies, advertising cookies, or third-party tracking cookies. Theme preference and language selection are stored in your browser's localStorage (not cookies) and are not transmitted to our servers.

8
Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] so we can take appropriate action.

9
Changes to Privacy Policy

We may update this Privacy Policy from time to time. For material changes, we will provide at least 30 days' advance notice via email or through a prominent notice on the platform.

The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

10
Contact

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

We aim to respond to all privacy-related inquiries within 30 days.

Terms of Service Privacy Policy Risk Disclaimer