bitcoiners.ae · app

Privacy Policy

Last updated: 2026-05-12

1. Data we collect

  • Account data: email address (required), optional display name, password hash if you set one.
  • Subscription data: tier, payment status, billing history. Card details are stored by Stripe, not us. Lightning payments leave no PII other than the invoice ID.
  • Exchange API credentials: stored encrypted at rest using Fernet (AES-128 in CBC mode + HMAC) with a key that is unique per deployment. We do NOT have plaintext access to your credentials except in the daemon's memory when constructing exchange clients.
  • Trade data: records of orders the software executed on your own exchange account, including timestamp, exchange, pair, amount. Used for the dashboard and tax CSV export.
  • Operational logs: IP address and user-agent at login, error traces (PII-scrubbed where automated), latency metrics. Retained for 30 days.

2. What we do with it

  • Operate the Service you signed up for.
  • Send transactional emails (sign-in links, payment receipts, alerts you opted into).
  • Debug issues you report.
  • Comply with UAE legal obligations (e.g. AML where applicable).

We do not sell or rent your data. We do not use your trade data to train models. We do not display ads.

3. Third-party processors

  • Stripe — card processing. Their privacy policy applies to data they collect (mainly card numbers, billing address).
  • BTCPay — self-hosted by us; no third-party processor for Lightning payments.
  • Resend — transactional email delivery.
  • Cloudflare — DNS, edge proxy, Access auth. They see metadata (IPs, request paths) but not the contents of your console interactions (TLS terminates at our origin).

4. Your rights

Under UAE PDPL and other applicable laws you can:

  • Access the data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data in a portable format.
  • Withdraw consent (which terminates your subscription).

To exercise these rights, email support@bitcoiners.ae.

5. Retention

Account data: kept while your account is active. Deleted within 30 days of account deletion request, except billing records we are required to retain for tax purposes (~7 years under UAE corporate tax rules).

Trade history: kept while your account is active. Exportable as CSV. Deleted with your account.

6. Security

We use industry-standard practices including TLS 1.3 in transit, encrypted secret storage at rest, principle-of-least-privilege access for the small operations team. No system is breach-proof — you can reduce blast radius by using trade-only API scopes and IP-whitelisting where your exchange supports it.

7. Contact

Email support@bitcoiners.ae for any privacy question.