Briefly about the main points
We process only the data necessary for the functioning of the website and platform, security, support, and contract execution. We do not sell personal data. Users may request access, correction, or deletion of data within applicable law.
1. Scope
This Privacy Policy describes the processing of information when using the website copytrader.pw, personal account, software, API, modules, support, and related CopyTrader products, collectively referred to as the “Service.”
The policy applies to website visitors, registered users, client and partner representatives, white-label project administrators, traders, and investors if CopyTrader processes their data.
Third-party exchanges, payment systems, websites, and applications process data according to their own rules. You must review their respective privacy policies before use.
2. Who processes the data
The owner of the website and the personal data operator processing data for providing CopyTrader is Individual Entrepreneur Kuklin Dmitry Gennadievich (TIN 541000081610, OGRNIP 322547600003548, registration date — January 14, 2022, registration place — Novosibirsk Region, Novosibirsk District), operating under the CopyTrader brand. The operator can be contacted at [email protected].
In white-label projects, the CopyTrader client independently determines the purposes and methods of processing their end users' data. In such cases, the client acts as an independent operator or data controller, and CopyTrader processes data on their behalf and within the contract terms.
If you use a system created by a third-party project owner, some requests regarding personal data may require direct contact with that owner. We will help identify the appropriate request recipient.
3. What data we may process
3.1. Account and project data
- email address, name or nickname, user ID, and authentication data;
- role in the project, organization affiliation, settings, tariff plan, status, and access rights;
- information voluntarily provided by the user in profile, application, or correspondence with support.
3.2. Connection and trading data
- exchange name, connected account ID, technical integration parameters, and API permissions;
- API keys and other connection secrets to the extent necessary for the chosen functions;
- trading settings, copying events, orders, deals, execution statuses, balances, and error logs received through integration;
- links between traders, investors, and projects created by the user or administrator.
3.3. Technical data
- IP address, date and time of request, browser and device type, operating system, language, and approximate region;
- visited page addresses, referral source, interface actions, session identifiers, diagnostic events, and security logs;
- cookies, local and session browser storage data, and similar technologies.
3.4. Payments and communications
- selected tariff plan, invoices, amounts, currency, payment status and history, payer details, and transaction ID;
- content of support requests, chat, and other communication channels, as well as information needed to respond;
- bank card data is typically processed by the payment provider and should not be stored on CopyTrader servers unless explicitly stated otherwise.
4. Where We Get Data From
We receive data directly from the user during registration, project setup, integration connections, payments, and support requests; automatically from the browser and infrastructure; from connected exchanges and services upon the user's command; from the white-label project owner or organization that granted the user access.
If the user provides data of another person, they confirm they have a legal basis for such transfer and are obliged to inform that person with the necessary information about the processing.
5. Purposes and Legal Grounds for Processing
Depending on applicable law, we process data to execute a contract, perform actions upon request before contract conclusion, fulfill legal obligations, protect CopyTrader's and users' legitimate interests, or based on consent.
Main purposes of processing:
- registration, authentication, role management, and providing the Service's functions;
- connecting exchanges, synchronizing, and copying trading operations according to user settings;
- billing, payment accounting, executing tariffs and contracts;
- support, error diagnostics, service notifications, and handling requests;
- account protection, abuse prevention, incident investigation, and infrastructure resilience;
- usage analysis, traffic measurement, and improvement of the website's interface, performance, and content;
- compliance with legal requirements, fulfillment of lawful requests, and protection of rights in claims and legal proceedings.
If processing is based on consent, it can be withdrawn. Withdrawal does not affect the legality of processing performed before withdrawal and does not stop processing for which another legal ground exists.
6. Cookies, Local Storage, and Analytics
The website uses necessary cookies for session, security, form protection, and language selection. Browser may also store interface settings, session start time, and informational banner display date.
Yandex.Metrica is used for statistics and site improvement, including analysis of transitions, clicks, and page interactions. The service may receive cookies, IP address, device parameters, referral source, and site activity data. The site also runs a Jivo support widget, which processes technical data and information voluntarily sent in chat.
Users can restrict cookies in browser settings and use analytics blockers. Disabling necessary cookies may disrupt login, language saving, and some functions. If applicable law requires consent for non-essential technologies, they are used only after obtaining such consent.
7. Who May Receive Data
We do not sell or rent personal data. Access is only granted as necessary for the relevant purpose to the following recipient categories:
- hosting providers, cloud infrastructure, monitoring, protection, backup, and technical support;
- exchanges, brokers, and other integrations connected by user choice;
- payment providers, banks, accountants, and other participants in payment processing;
- analytics providers, online chat, email, and other communication tools;
- white-label project owners or user's organization, according to roles, contracts, and access settings;
- professional consultants and potential successors during reorganization or business transfer with confidentiality obligations;
- government authorities and others when required by law, lawful request, or necessary to protect rights and security.
Contractual and organizational protection measures are applied with providers processing data on our behalf as required by applicable law.
8. Data Storage Location and Cross-Border Transfers
CopyTrader and its providers may process data in different countries. The protection level in the recipient country may differ from the protection level where the user is located.
For cross-border transfers, we apply legally prescribed grounds and guarantees, including recipient contractual obligations, transfer admissibility assessment, and obtaining consent when required. Data localization requirements are met where applicable to specific processing.
9. How Long Data Is Stored
Data is stored no longer than necessary for processing purposes, account and contract validity, legal requirements, dispute resolution, and security.
- account and project data are typically stored during Service use and for a limited time after termination to close accounts and claims;
- trade logs and operation history are kept within project, tariff, contract settings, and terms needed for diagnostics and audits;
- API secrets must be deleted or disabled after integration disconnect, project deletion, or service termination, except for technically necessary backups with limited retention;
- financial documents and payment details are retained according to accounting, tax, and other applicable laws;
- technical logs, requests, and backups are deleted or anonymized according to approved terms or after storage purposes cease.
After expiration, data is deleted, anonymized, or isolated until safe removal from backups.
10. How We Protect Data
We apply proportionate technical and organizational measures including access segregation, secure connections, logging, backups, component updates, and incident response procedures.
No method of data transmission or storage guarantees absolute security. The user is also responsible for strong passwords, two-factor authentication, device protection, minimal API permissions, and timely revocation of compromised keys.
For exchange APIs, it's recommended to disable withdrawal permissions, restrict keys by IP addresses if supported, and create separate keys for each project.
In incidents affecting user rights and requiring notification, we act within timeframes and procedures mandated by applicable law.
11. User Rights
Depending on applicable law, the user may:
- obtain confirmation of processing, information about purposes and recipients, and a copy of their personal data;
- request correction of inaccurate or completion of incomplete data;
- to request data deletion or processing restriction if there is no legal basis for continuation;
- to object to processing based on legitimate interest and to withdraw previously given consent;
- to receive provided data in a structured format when the right to data portability applies;
- to file a complaint with the competent personal data protection authority or a court.
To fulfill the request, we may need to verify the identity and authority of the requester. We will respond within the timeframe established by applicable law. In cases provided by law, the request may be limited, for example, to protect the rights of others, security, or legal obligations.
12. Data of minors
The Service is intended for individuals over 18 years old and is not targeted at children. We deliberately do not collect data from minors. If you believe a child has provided us with data without proper consent, please report it for verification and removal.
13. Policy Changes
We may update the Policy when the Service, supplier composition, processing methods, or legislation change. The current version and effective date are always published on this page.
We will notify about significant changes via the website, personal account, or email, when possible and required. If consent is needed for a new purpose, it will be requested separately.