Privacy Policy

Last updated: 2026-05-04

What we collect

• Email address — for login and notifications
• Encrypted Bitfinex API Key & Secret — Fernet symmetric encryption at rest, decrypted only briefly during a worker tick
• Bitfinex account email — pulled automatically via API for affiliate-list matching
• Strategy snapshots — signals, decisions, balances; never the plaintext API key
• When you sign in with Google: Google account email + user ID

What we don't collect

• No real name, address, phone number, or government ID
• No Bitfinex password or 2FA codes
• No browser tracking (no Google Analytics or similar)

How we use it

• Email: login auth, password reset, essential service notifications
• API key: to call Bitfinex on your behalf to execute the lending strategy; we never custody your funds
• Snapshots: powering your dashboard and improving the strategy

Where data lives

User data is stored in Railway-hosted PostgreSQL (DB in us-west2; the worker runs in asia-southeast1 to bypass Bitfinex's US IP block).

Your rights

• Access: log in to view all data on the dashboard
• Deletion: "Settings → Danger Zone" permanently deletes your account (CASCADE removes all related records)
• Stop service: revoke the API key in Bitfinex anytime

Third parties

• Bitfinex — receives the API actions you authorize
• Google OAuth (if you use it) — sends us your email for identification
• NOWPayments (annual subscription) — processes USDT crypto payments; we never see card or bank info

Disclaimer

This service runs an automated Bitfinex funding lending strategy on your behalf. It does not guarantee any returns. Backtests and others' results don't predict future performance. Market rate volatility, exchange anomalies, API rate limits — any of these can affect actual outcomes. By using this service you accept that you understand the risks and bear the consequences.

Contact

Email us with questions about privacy or the service: [email protected]

← Back to home