Security & Privacy

Your security and privacy are our top priorities. Learn how we protect your data and keep your funds safe.

Back to Help Center
Data Protection API Security Best Practices Privacy Policy Data Deletion Incident Response

Data Protection & Encryption

Bank-Level Security: We use industry-standard encryption and security measures to protect your data, ensuring it's as secure as your banking information.

How We Protect Your Data

AES-256 Encryption

All data is encrypted using AES-256 encryption both in transit and at rest, providing military-grade security.

Secure API Storage

Your API keys are encrypted and stored securely. We never store them in plain text or share them with third parties.

Secure Servers

Our servers are hosted on secure, enterprise-grade infrastructure with regular security audits and monitoring.

Access Controls

Strict access controls ensure only authorized personnel can access your data, and all access is logged and monitored.

Data We Collect

We only collect the minimum data necessary to provide our services:

  • Account Information: Email address, password (encrypted), and basic profile information
  • API Credentials: Encrypted API keys for portfolio tracking (read-only access only)
  • Usage Data: App usage patterns and preferences to improve our services
  • Device Information: Device type and app version for technical support

Data We Never Collect

We Never Access:
  • Your private keys or wallet passwords
  • Your trading passwords or 2FA codes
  • Personal financial information beyond portfolio balances
  • Your private messages or communications
  • Any data that could compromise your account security

API Security & Permissions

Read-Only Access Only: We only allow API keys with read-only permissions from your exchange accounts. We cannot and will never execute trades, withdraw funds, or make any changes to your account.

API Permission Model

Enable Reading

REQUIRED - Allows us to read your account information, balances, and transaction history for personalized recommendations.

Enable Trading

NEVER REQUESTED - We never request trading permissions. Your funds remain completely safe from unauthorized trading.

Enable Withdrawals

NEVER REQUESTED - We never request withdrawal permissions. We cannot access or move your funds.

IP Restrictions

RECOMMENDED - You can restrict API access to specific IP addresses for additional security.

What We Can Access

  • Account balances and portfolio composition
  • Transaction history and trading patterns
  • Account status and verification level
  • Market data and price information

What We Cannot Access

  • Your private keys or wallet passwords
  • Trading capabilities or order placement
  • Withdrawal or transfer functions
  • Account settings or personal information
  • Your funds or cryptocurrency assets
Security Guarantee: Even if we wanted to, we cannot access your funds or execute trades because we only request read-only permissions. Your cryptocurrency assets remain completely secure in your exchange account.

Security Best Practices

Account Security Checklist

Follow these security practices to keep your account and funds safe:
  • Use a strong, unique password for your Crypto AI Advisor account
  • Enable two-factor authentication (2FA) on your exchange accounts
  • Only create read-only API keys with "Enable Reading" permission
  • Regularly review and rotate your API keys (every 3-6 months)
  • Use IP restrictions on your API keys if available
  • Monitor your account activity regularly
  • Log out from shared or public devices
  • Keep your device and app updated
  • Never share your API credentials with anyone
  • Use a password manager for secure credential storage

API Key Security

  1. Create Strong API Keys: Use descriptive names and enable only necessary permissions
  2. Set IP Restrictions: Limit API access to specific IP addresses when possible
  3. Regular Rotation: Change your API keys every 3-6 months
  4. Monitor Usage: Check your exchange's API usage logs regularly
  5. Immediate Revocation: Revoke API keys immediately if you suspect compromise

Device Security

Mobile Security

Keep your device updated, use screen locks, and avoid installing apps from unknown sources.

Network Security

Use secure Wi-Fi networks and avoid public Wi-Fi when accessing sensitive accounts.

App Security

Only download the app from official app stores and keep it updated to the latest version.

Session Management

Log out from the app when not in use and avoid staying logged in on shared devices.

Privacy Policy & Data Usage

How We Use Your Data

We use your data only for the following purposes:

  • Service Provision: To provide AI recommendations and portfolio tracking
  • Personalization: To customize recommendations based on your portfolio and preferences
  • Communication: To send important updates and notifications about the service
  • Improvement: To improve our AI algorithms and app functionality
  • Support: To provide customer support and technical assistance

Data Sharing Policy

We Do Not Sell Your Data: We never sell, rent, or trade your personal information to third parties for marketing purposes.

Third-Party Services

We only share data with essential third-party services:

  • Firebase: For push notifications (Google's secure messaging service)
  • OpenAI: For AI processing (using anonymized data only)
  • Exchange APIs: For market data and portfolio information (read-only access)

Data Retention

We retain your data for as long as necessary to provide our services:

  • Account Data: Retained while your account is active
  • API Keys: Stored securely until you disconnect or delete your account
  • Usage Data: Anonymized and retained for service improvement
  • Support Data: Retained for 2 years for customer service purposes
Full Privacy Policy: For complete details, read our full Privacy Policy.

Data Deletion & Account Removal

Your Right to Data Deletion

You have the right to request complete deletion of your data at any time. We will permanently remove all your information from our systems.

How to Delete Your Account

  1. Contact Support: Email us at agent@crypto-ai-advisor.com with your deletion request
  2. Verify Identity: We'll ask you to verify your identity for security purposes
  3. Disconnect APIs: We'll help you disconnect any connected exchange APIs
  4. Data Removal: We'll permanently delete all your data within 30 days
  5. Confirmation: You'll receive confirmation once the deletion is complete

What Gets Deleted

  • Your account information and profile data
  • All stored API keys and credentials
  • Portfolio data and transaction history
  • App preferences and settings
  • Support tickets and communication history
  • Any other personal data we have collected

What We Keep

Anonymized Data Only: We may keep anonymized, aggregated data that cannot be linked back to you for service improvement and analytics purposes.

Immediate Actions You Can Take

  • Revoke API Keys: Immediately revoke your API keys from your exchange accounts
  • Change Passwords: Change passwords for any accounts you used with our service
  • Uninstall App: Remove the app from your devices
  • Contact Support: Email us to initiate the account deletion process

Security Incident Response

If You Suspect a Security Breach

Immediate Action Required: If you suspect any security issues with your account or API keys, take immediate action to protect your funds.

Immediate Steps

  1. Revoke API Keys: Immediately revoke all API keys from your exchange accounts
  2. Change Passwords: Change passwords for your exchange accounts and Crypto AI Advisor account
  3. Enable 2FA: Ensure two-factor authentication is enabled on all accounts
  4. Check Activity: Review your exchange account activity for any unauthorized transactions
  5. Contact Support: Email us immediately at agent@crypto-ai-advisor.com

Our Response Process

Immediate Response

We respond to security reports within 1 hour during business hours and investigate immediately.

Investigation

Our security team investigates the incident and determines the scope and impact.

Containment

We take immediate steps to contain any potential security issues and protect user data.

Communication

We communicate with affected users and provide guidance on protective measures.

Prevention Measures

  • Regular security audits and penetration testing
  • Continuous monitoring of our systems and infrastructure
  • Employee security training and access controls
  • Regular updates and security patches
  • Encryption of all sensitive data
Security Commitment: We take security seriously and are committed to protecting your data and funds. If you have any security concerns, please contact us immediately.