Privacy policy
This page explains exactly what data we collect, how we use it, and what your rights are. If anything is unclear, email hello@elch.live and we will rewrite the offending paragraph.
What we collect
When you create an account we collect your email address and a hashed password. We never see or store your password in readable form.
When you connect Binance, you give us a futures-only API key and secret. We store the secret encrypted at rest. We use it only to place futures orders on your behalf — we cannot move funds out of your wallet because we never request withdrawal permission.
When the system trades on your behalf, we log every order placed, every fill, every modification and every fee, alongside the resulting profit and loss. This becomes your trade history inside the dashboard.
Standard server logs (IP address, browser user agent, request timestamps) are kept for 30 days to debug issues and detect abuse.
What we do not collect
We do not collect your Binance password. We could not — Binance never shares it.
We do not collect device identifiers, persistent advertising IDs or social media activity.
We do not run third-party advertising, retargeting or analytics scripts (no Google Analytics, no Meta pixel, no LinkedIn Insight tag).
We do not sell, rent or otherwise share your data with anyone.
Third parties we depend on
Binance — to execute trades on your behalf via the API key you provide.
ntfy.sh — to deliver push notifications. The notification body contains the symbol, side and price level; nothing identifying you personally is sent.
AWS — our trading server runs on Amazon EC2 in the eu-north-1 region (Stockholm).
Email provider — we send transactional email (signup confirmations, password resets) through a standard SMTP provider.
Your rights
You can request a full export of your data by emailing hello@elch.live. We will reply within 7 days with a downloadable archive.
You can delete your account from the dashboard. Doing so removes all your data within 30 days, except trade history retained for tax/legal compliance.
You can correct any data we hold by replying to any email from us.
If you are in the EU/UK, you have GDPR rights including access, rectification, erasure, restriction and portability. We will honour them within the statutory time limit.
Cookies
We use one cookie: a JWT-style session token issued when you log in. It is HTTP-only, secure, and used only to keep you signed in. We do not use any analytics or advertising cookies.
Changes to this policy
If we make a meaningful change to what data we collect or how we use it, we will tell you by email at least 14 days before the change takes effect. You can refuse and close your account before then.
Contact
Privacy questions: hello@elch.live. We aim to respond within 48 hours.