Privacy Policy

v1.0 Effective since March 21, 2026 · Last updated: March 21, 2026

At CryptoCode, we take our users' privacy very seriously. This Privacy Policy describes in detail what information we collect, how we use it, how we protect it, and what your rights are. By using our service, you accept the practices described in this document.

If you have questions or concerns about this policy, feel free to contact us at

1. Information We Collect

We collect only the information necessary to provide you with a complete and secure service. The types of data we process are:

  • Registration data: username, email address, and password (stored as an irreversible hash with bcrypt). This data is necessary to create and access your account.
  • Usage and activity data: trading strategies created and configured, parameters of each strategy, history of technical snapshots executed, and interactions with the dashboard.
  • Trading data: virtual and testnet orders, virtual portfolio history, backtest results, performance metrics, and risk configurations.
  • Binance API keys: if you choose to connect your Binance account, your API keys are immediately encrypted with AES-256-GCM before being stored. They are never stored in plain text at any time.
  • Minimal technical data: session information necessary for authentication (JWT in httpOnly cookie). We do not collect IP addresses, user-agent, or device fingerprinting data.

What we do NOT collect: external financial data (bank statements, credit history), identity documents, geolocation data, or any type of third-party information.

2. How We Use Your Information

All the information we collect has a specific and justified purpose within the operation of the service:

  • Operate and maintain the service: user authentication, session management, storage of configurations and preferences for each account.
  • Execute trading strategies: process your strategy configurations to generate signals, calculate technical indicators, execute orders on testnet or live mode (if you have a Premium plan with configured keys).
  • Improve analysis algorithms: anonymized signal and result data is used to periodically recalibrate internal signal and market regime classifiers. This data is not attributable to any specific user.
  • Service communications: sending account verification emails, security notifications (e.g., login from a new device), and important service updates. We do not send marketing emails without your explicit consent.
  • Comply with legal obligations: if required by competent authorities under a valid legal process, we may be obligated to provide certain information. In such cases, we will notify you to the extent permitted by law.

3. We Do Not Sell Your Data

This is a clear and irrevocable commitment: CryptoCode NEVER sells, rents, trades, or shares your personal data with third parties for commercial, advertising, or any other purpose.

Your data belongs to you. It is not a product. We do not monetize it or share it with marketing companies, data brokers, advertising platforms, or any type of third party for commercial purposes.

The only cases in which we might share information are the following, and always in a minimal and justified manner:

  • Infrastructure providers: the database server and hosting where CryptoCode operates. These providers act as data processors and are subject to their own privacy policies and confidentiality agreements.
  • Legal requirement: if we receive a valid court order or legal requirement from a competent authority, we may be obligated to disclose specific information. We will only share what is strictly required by the order.
  • Business transfer: in the hypothetical case of a merger, acquisition, or sale of assets, users will be notified in advance and will have the option to delete their account before any transfer.

4. Storage and Security

We implement multiple layers of security to protect your information:

  • API key encryption: Binance keys are encrypted with AES-256-GCM (military standard) before being stored. The encryption key resides in the server environment and never in the database. API keys are always displayed masked (e.g., abcd****efgh).
  • Passwords: passwords are hashed with bcrypt using 12 salt rounds. There is no way to recover the original password. The system can only verify if the entered password matches the stored hash.
  • Secure sessions: authentication via JWT stored in httpOnly, secure cookie with sameSite: lax. This prevents malicious scripts (XSS) from accessing the session token from the browser.
  • Database: PostgreSQL with network-restricted access. Not publicly exposed. Only the application server has direct access to the database.
  • HTTPS in production: all communication between your browser and our servers is encrypted via TLS. We never transmit sensitive data in plain text.

No system is 100% infallible. If we detect a security breach affecting your data, we will notify you by email within 72 hours of becoming aware of the incident.

5. Cookies

CryptoCode has an extremely minimalist cookie policy. We use a single session cookie with the following characteristics:

  • Name: JWT session cookie
  • Purpose: keep your session active while you browse the platform
  • Configuration: httpOnly (not accessible by JavaScript), secure (HTTPS only), sameSite: lax (CSRF protection)
  • Duration: deleted on logout or when the token expires

What we do NOT do with cookies:

  • We do not use tracking or behavior monitoring cookies
  • We do not integrate Google Analytics, Facebook Pixel, or any third-party analytics service
  • We do not display advertising or use cookies for ad profiling
  • We do not share cookie information with third parties

Your browsing on CryptoCode is not monitored or sold to advertising platforms.

6. Your Rights

As a CryptoCode user, you have the following rights over your personal data:

  • Right of access: you can request a complete copy of all personal data we hold about you.
  • Right of rectification: if any data is incorrect or outdated, you can request its correction. Some data (like email) can be updated directly from your profile.
  • Right to be forgotten (deletion): you can request the complete deletion of your account and all associated data. Once the request is confirmed, personal data is deleted within 30 days.
  • Right to portability: you can request the export of your data in a readable format (JSON or CSV), including strategy configurations, portfolio history, and usage data.
  • Right to object: you can object to the use of your data for certain purposes (e.g., improving signal classifiers). This may limit some service features.
  • Right to withdraw consent: you can withdraw the consent you gave when registering at any time, which implies the deletion of your account.

To exercise any of these rights, contact us at [email protected]. We respond to all requests within 10 business days.

7. Data Retention

We retain your data only as long as necessary to provide the service or comply with legal obligations:

  • Active account: while your account is active, we retain all data necessary for the operation of the service.
  • Account deletion: upon requesting account deletion, identifiable personal data (name, email, password) is permanently deleted within 30 days of confirmation.
  • Anonymized trading data: certain aggregated and anonymized data (with no possible link to you) may be retained for an additional period to improve system algorithms. This data cannot identify you in any way.
  • System logs: technical server logs are retained for a maximum of 90 days for security and diagnostic purposes, then automatically deleted.
  • Inactive accounts: if an account has been inactive for more than 24 months, we reserve the right to notify you and, if there is no response, proceed with the deletion of associated data.

8. Minors

CryptoCode is a service exclusively intended for persons over 18 years of age. Cryptocurrency trading carries significant risks and requires legal capacity to enter into contracts.

  • We do not allow registration of minors under 18 under any circumstances.
  • We do not intentionally collect any data from minors.
  • If we become aware that a minor has registered on the service, we will proceed to delete their account and all associated data immediately.
  • If you are a parent or guardian and believe your minor child has created a CryptoCode account, contact us immediately at [email protected] so we can take the necessary measures.

9. Changes to this Policy

We may update this Privacy Policy periodically to reflect changes in the service, applicable legislation, or our privacy practices.

  • Notification: when we make material changes to this policy, we will notify you by email to the address associated with your account and/or through a prominent notice on the platform.
  • Effective date: the date of the last update will always be indicated at the beginning of this document. We recommend reviewing this page periodically.
  • Minor changes: wording corrections, clarifications, or changes that do not affect your rights may be made without prior notice.
  • Acceptance: your continued use of the service after the publication of changes implies acceptance of the new version of this policy. If you disagree with the changes, you can delete your account before they take effect.

10. Contact

If you have questions, concerns, or requests related to this Privacy Policy or the processing of your personal data, you can contact us through:

  • Email: [email protected]
  • Response time: we commit to responding to all inquiries within 10 business days.
  • Language: you can write to us in Spanish or English.

We commit to treating all privacy inquiries with seriousness, transparency, and the greatest possible speed.