Log In

Privacy Policy

1. Introduction

Green Crypto Signals ("we," "us," or "our") is the data controller responsible for your personal data. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, progressive web application (PWA), trading bot, and all related services (collectively, the "Service").

This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy, which are incorporated herein by reference.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to the collection and processing of your information as described in this Privacy Policy. If you do not agree with this policy, you must not access or use the Service.

This policy is designed to align with the General Data Protection Regulation (GDPR) and other applicable data protection laws. Regardless of where you reside, we aim to apply a consistent standard of data protection to all users.

2. Information We Collect

We collect several categories of information depending on how you interact with the Service:

Account Information

  • Email address
  • Hashed password (we never store your password in plain text)
  • Google OAuth data (name, email, and profile identifier) if you choose to sign in with Google
  • Account creation date and account preferences

Binance API Keys

  • Your Binance API key and secret key, which are encrypted at rest and transmitted exclusively over HTTPS
  • We strongly recommend configuring your API keys with trade-only permissions and disabling withdrawal permissions
  • Your funds never leave your Binance account, we do not have the ability to withdraw or transfer your assets

Trading Data

  • Strategy selections and configuration (including leverage settings)
  • Trade history and execution logs
  • Profit and loss data
  • Account balances retrieved from Binance

Subscription & Payment Data

  • Subscription tier and billing cycle
  • Payment history and transaction references
  • Payment card details are handled directly by our third-party payment processor, we do not store your full card number on our servers

Notification Preferences

  • Push notification tokens and subscription endpoints
  • Email notification toggles and preferences

Device & Browser Information

  • Browser type and version
  • Operating system
  • IP address
  • Push notification endpoints

Contact Form Data

  • Name, email address, subject, and message content submitted through our contact form

Cookies & Local Storage

  • Authentication tokens and session identifiers
  • CSRF protection tokens
  • UI preferences and settings

For full details on our use of cookies and local storage, please refer to our Cookie Policy.

Automatically Collected Information

  • Server access logs (timestamps, request URLs, response codes)
  • Usage data and interaction patterns within the Service
  • Analytics data to help us understand how the Service is used

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the Service: Execute trades via the Binance API, deliver trading signals, manage your account, and process subscriptions.
  • Communicate with you: Send trade notifications, account updates, security alerts, and respond to your inquiries.
  • Improve the Service: Analyze usage patterns, optimize trading strategies, fix bugs, and develop new features.
  • Security and fraud prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity.
  • Legal compliance: Comply with applicable laws, regulations, legal processes, and governmental requests.
  • Process payments: Manage subscriptions, process billing, and handle payment-related communications.
  • Personalization: Customize your experience based on your preferences, trading activity, and subscription tier.

4. Lawful Basis for Processing (GDPR)

We process your personal data based on the following lawful bases under the General Data Protection Regulation:

  • Contract performance: Processing necessary to fulfill our contract with you, including providing the Service, executing trades, managing your account, and processing payments.
  • Consent: Where you have given explicit consent, such as opting in to marketing communications or providing your Binance API keys. You may withdraw your consent at any time by adjusting your account settings or contacting us.
  • Legitimate interests: Processing necessary for our legitimate interests, such as improving the Service, ensuring security, preventing fraud, and analyzing usage patterns, provided these interests are not overridden by your rights and freedoms.
  • Legal obligation: Processing necessary to comply with legal obligations, such as tax reporting, regulatory requirements, and responding to lawful requests from authorities.

5. How We Share Your Information

We do not sell your personal data to third parties.

We may share your information in the following circumstances:

  • Binance: Your API keys are used to connect to Binance's API to execute trades and retrieve account data on your behalf.
  • Google OAuth: If you sign in with Google, authentication data is exchanged with Google's identity services.
  • Push notification services: Device tokens are shared with push notification providers to deliver trade alerts and notifications.
  • Email service providers: Your email address is shared with our email delivery provider to send transactional and notification emails.
  • Analytics providers: Anonymized or aggregated usage data may be shared with analytics services to help us improve the Service.
  • Legal requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you of any such change.
  • With your consent: We may share your information for purposes not listed here if we have obtained your explicit consent.

6. Binance API Key Security

Given the sensitive nature of Binance API keys, we implement the following security measures:

  • Encryption at rest: All API keys are encrypted using industry-standard encryption algorithms before being stored in our database.
  • Encryption in transit: All communication between your browser, our servers, and Binance is conducted over HTTPS/TLS.
  • Access controls: Access to stored API keys is strictly limited to the automated systems that require them to execute trades on your behalf.
  • Trade-only permissions: We strongly recommend configuring your API keys with trade-only permissions and disabling withdrawal capabilities.
  • Funds remain on Binance: Your funds never leave your Binance account. We do not have the ability to withdraw, transfer, or access your funds directly.
  • Revocation: You can remove your API keys from our platform at any time through your account settings. We also recommend revoking the keys directly on Binance for immediate effect.

Disclaimer: While we implement robust security measures to protect your API keys, no method of electronic storage or transmission is 100% secure. By providing your API keys to the Service, you acknowledge and accept the inherent risks associated with sharing API credentials with any third-party service. You are responsible for the permissions you grant to your API keys and for monitoring your Binance account for unauthorized activity. Please refer to our Terms of Service for full limitation of liability provisions.

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

  • Account data: Retained for the duration of your account. Upon account deletion, your personal data will be deleted within 30 days, except where retention is required by law.
  • Binance API keys: Deleted immediately upon removal by you or upon account deletion.
  • Trading data: Retained for the duration of your account. After account deletion, trading data may be anonymized and retained for analytical and statistical purposes.
  • Contact form submissions: Retained for up to 12 months after the inquiry has been resolved.
  • Server logs: Retained for up to 12 months for security and diagnostic purposes.
  • Payment records: Retained as required by applicable tax and accounting regulations.

8. Your Rights (GDPR Data Subject Rights)

If you are located in the European Economic Area (EEA) or in a jurisdiction that provides similar rights, you have the following rights regarding your personal data:

  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
  • Right to erasure ("right to be forgotten"): You have the right to request deletion of your personal data, subject to legal retention requirements.
  • Right to restriction of processing: You have the right to request that we limit the processing of your personal data under certain circumstances.
  • Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
  • Right to object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us with the subject line "Data Protection Request." We will respond to your request within 30 days. We may need to verify your identity before processing your request. Please note that certain rights may be subject to exemptions or limitations under applicable law.

9. International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws in your jurisdiction.

Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Transfers to countries that have been recognized by the European Commission as providing an adequate level of data protection.
  • Other legally recognized transfer mechanisms.

By using the Service, you acknowledge and consent to the transfer and processing of your data in accordance with this policy.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of sensitive data at rest and in transit (HTTPS/TLS).
  • Cryptographic hashing of passwords, we never store passwords in plain text.
  • Strict access controls and role-based permissions for our systems.
  • Regular security reviews and updates.
  • Secure development practices.

Disclaimer: While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your data. You are responsible for maintaining the security of your account credentials and for any activity that occurs under your account.

11. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where required under GDPR Article 33, unless the breach is unlikely to result in a risk to your rights and freedoms.
  • Notify affected users without undue delay where the breach is likely to result in a high risk to your rights and freedoms, in accordance with GDPR Article 34.
  • In the event of a breach involving Binance API keys, we will notify affected users immediately and strongly recommend revoking and regenerating their API keys on Binance as a precautionary measure.

Breach notifications will include a description of the nature of the breach, the likely consequences, and the measures taken or proposed to address it.

12. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly. If you believe that we have inadvertently collected data from a minor, please contact us immediately.

13. Third-Party Links & Services

The Service may contain links to third-party websites and services, including but not limited to Binance. We are not responsible for the privacy practices, content, or security of any third-party websites or services.

We encourage you to review the privacy policies of any third-party services you interact with, including Binance's Privacy Policy, before providing them with your personal data.

14. Cookies & Local Storage

We use cookies and local storage technologies to operate the Service, maintain your session, and improve your experience. For detailed information about the types of cookies and storage we use, their purposes, and how to manage them, please refer to our Cookie Policy.

15. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. When we make changes, we will:

  • Notify users of material changes via email or through an in-app notification.
  • For material changes that affect how we process your personal data, we may request your renewed consent where required by law.

Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the updated policy, you must stop using the Service and delete your account.

16. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about how your data is being processed, please contact us with the subject line "Data Protection Request."

We will respond to all data protection inquiries within 30 days of receipt.