Privacy Policy — VersaTrader

1. What we collect

Account data: Email address, password (hashed, never stored in plaintext), 2FA secret (encrypted).

Exchange API keys: Stored encrypted at rest (AES-256). Never stored in plaintext, never logged.

Usage analytics: We use Plausible Analytics — aggregated, cookie-free, no personal identifiers. Plausible is GDPR-compliant and does not sell data.

Order and trade data: Orders placed through VersaTrader are stored in our database to support order management features.

2. What we do not collect

No tracking cookies
No third-party analytics (no Google Analytics, no Facebook Pixel)
No social login data
No device fingerprinting

3. How API keys are stored

Exchange API keys are encrypted using AES-256 before being written to the database. The encryption keys are stored separately from the database. Keys are never written to logs or error reports.

We never request withdrawal permissions. We never initiate withdrawals.

4. Hosting and data location

VersaTrader is hosted on Linode (Akamai) in Singapore. Data is stored in Singapore.

5. Data sharing

We do not sell, rent, or share your personal data with third parties. We do not share data with advertisers.

6. Data retention

Your data is retained while your account is active. When you delete your account, all personal data, API keys, and order history are deleted within 30 days.

7. Your rights

You may request a copy of your data, request deletion, or correct inaccurate information by emailing [email protected].

8. Cookies

VersaTrader uses only functional cookies — specifically, the JWT refresh token stored in an httpOnly cookie for authentication. No advertising or tracking cookies.

9. Contact

Privacy questions: [email protected]