Last updated: January 2026
1. Overview
Blofin Trading Bot ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our automated trading service.
2. Information We Collect
Account Information
| Data | Purpose | Required |
|---|---|---|
| Email address | Account login, notifications, password recovery | Yes |
| Full name | Account identification | No |
| Telegram username | Signal delivery and notifications | No |
| Password (hashed) | Account authentication | Yes |
Trading Data
- BloFin API keys — Encrypted at rest, used solely to execute trades on your behalf
- Trade history — Records of executed trades for your P&L dashboard
- Position data — Real-time position information fetched from BloFin
- Strategy settings — Your configured trading parameters
Technical Data
- IP address and browser user agent (for rate limiting and security)
- Login timestamps
- Session tokens
3. How We Use Your Data
- Service delivery — Execute trades, display positions, generate reports
- Security — Detect unauthorized access, rate limiting, fraud prevention
- Communication — Account notifications, password resets, service updates
- Improvement — Aggregate analytics to improve the Service (no individual data shared)
4. Data Security
We take data security seriously and implement multiple layers of protection:
- Encryption at rest — All API keys are encrypted using AES-256 before storage
- Encryption in transit — All communications use TLS 1.3 (HTTPS)
- Password hashing — Passwords are hashed using PBKDF2-SHA256 with random salt
- Access control — JWT-based authentication with token expiry and refresh
- Rate limiting — Protection against brute-force attacks
5. Data Sharing
We do not sell, rent, or share your personal data with third parties, except:
- BloFin Exchange — Your encrypted API keys are used to communicate with BloFin's API to execute trades. No personal information is sent to BloFin.
- Legal requirements — If required by law or valid legal process
6. Data Retention
- Account data is retained while your account is active
- Trade history is retained for reporting purposes while your subscription is active
- When you delete your account, all personal data, API keys, and trade records are permanently removed
- Server logs are retained for a maximum of 30 days
7. Your Rights
You have the right to:
- Access — View all data we hold about you (via your dashboard)
- Update — Modify your profile information at any time
- Export — Download your trade history as CSV
- Delete — Permanently delete your account and all associated data
8. Cookies
We use minimal browser storage (localStorage) for authentication tokens only. We do not use tracking cookies or third-party analytics.
9. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect data from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. Continued use of the Service after changes constitutes acceptance.
11. Contact
For privacy-related inquiries, contact us through the support channels provided in the dashboard.