Privacy policy
We collect the minimum data needed to run the service. We don't sell it. We don't track you across the web. Plain English explanation below.
1. What we collect
Account data: email address (for login and course delivery), Telegram user ID (if you sign in via Telegram), encrypted Binance API key + secret (only if you enable Hedonist Pro auto-execution), trading preferences (risk %, leverage cap, algorithm toggles).
Usage data: server logs of API requests (IP, user-agent, endpoint, timestamp), retained for 30 days for debugging and abuse prevention.
Payment data: for crypto payments (USDT-BSC), the transaction hash and sender address. We do not collect billing names, card numbers, or KYC documents.
Course subscribers: if you sign up for a free email course, we store your email and which course you're on. Nothing else.
2. What we don't collect
- Your real name (unless you choose to provide it)
- Phone number
- Government ID / KYC documents
- Browser fingerprints, third-party tracking cookies, or analytics that identify individual users
- Any custodial control over your trading capital
3. How we protect Binance API keys
API keys you provide for auto-execution are encrypted at rest using AES-256 with a key managed in our environment. They are decrypted in memory only when needed for an API call to Binance and are never logged in plaintext. We require read + trade permissions only — we never request or accept withdrawal permission. You can revoke the key on Binance at any time, which immediately disables our access.
4. Email handling
Transactional and course emails are sent via Resend (third-party SMTP provider). We share only your email address and the message content with them. Resend's privacy policy applies for that flow. We do not share email lists with any other third party.
5. Cookies and local storage
We use a single auth token in browser localStorage for keeping you logged in. We do not use third-party advertising, analytics, or tracking cookies. The site does load Google Fonts (CSS only); Google may receive your IP via that request, governed by their own policy.
6. Data retention
Account and trading-history data is retained while your account is active and for 12 months after deletion (for tax / dispute / regulatory record-keeping). Server logs: 30 days. Email-course state: until you unsubscribe, then deleted within 30 days.
You can request full account deletion via @hedonist_intel_bot or email; we will action it within 7 days subject to the regulatory retention requirements above.
7. Your rights
If you are an EU/UK resident, you have rights under GDPR / UK GDPR including:
- Right of access — ask us what we hold about you
- Right of rectification — fix incorrect data
- Right of erasure — delete your data (subject to retention requirements above)
- Right to data portability — export your data
- Right to lodge a complaint with your national data protection authority
Exercise any of these by contacting us via Telegram or email.
8. Data location and transfers
Application data is stored in MongoDB instances hosted in the EU. Email delivery (Resend) involves transfer to data centers in the United States under standard contractual clauses. Binance API calls reach Binance's infrastructure in their respective regions.
9. Security incident handling
If we discover a security incident affecting personal data, we will notify affected subscribers within 72 hours of confirmation, describe the scope, and take corrective action. We have published post-mortems openly when production bugs have affected subscribers (see our blog) and will do the same for any privacy or security incident.
10. Changes to this policy
We will post material changes here with an updated date. Substantial changes affecting active users will also be sent via email.
11. Contact
Privacy questions: @hedonist_intel_bot on Telegram, or via email. Data protection contact: same channel.