Privacy Policy
1. Data controller
The data controller for your personal data is the operator of YudBot (yudbot.com), reachable at support@yudbot.com.
We take privacy seriously. This policy explains what data we collect, why, with whom we share it, and what rights you have.
2. Data we collect
We only collect the data strictly necessary for the Service to work:
| Category | Data | When |
|---|---|---|
| Account | Name, email, password (bcrypt hash — never plaintext) | On signup |
| Verification | 6-digit OTP codes, reset tokens, expiration timestamps | On email verification or password reset |
| Bots | Bot configuration (market, pair, strategy, indicators, risk parameters) | On building a bot in the wizard |
| Payment | Lemon Squeezy order identifiers. We do NOT store card numbers or CVVs. | On completing a payment |
| Technical | IP address, User-Agent, timestamp of requests (server logs) | While using the Service |
3. Legal basis for processing
We process your data on the following legal bases under article 6 of the GDPR:
- Performance of contract (art. 6(1)(b)): to create your account, generate bots and process payments.
- Consent (art. 6(1)(a)): to send transactional emails (codes, receipts) which you accept upon signup.
- Legitimate interest (art. 6(1)(f)): to keep the Service secure (detect fraud, abuse, attacks).
- Legal obligation (art. 6(1)(c)): to keep tax records as required by Spanish law.
4. Purpose
- Create and maintain your user account.
- Generate and deliver the .mq4/.mq5 files you have purchased.
- Send account-related emails: welcome, verification code, password reset, email-change confirmation, receipts.
- Handle support requests.
- Detect and prevent fraudulent or abusive activity.
- Comply with legal obligations (taxes, court requests).
We do not use your data for personalized advertising, do not sell it, and do not transfer it to data brokers.
5. Third parties and subprocessors
To deliver the Service, we share strictly necessary data with the following providers, who act as data processors under contract:
| Provider | Function | Data shared |
|---|---|---|
| Lemon Squeezy | Payment processing (Merchant of Record), invoicing | Email, name, payment data, country |
| Resend | Sending transactional emails | Email, name, message content |
| Supabase | PostgreSQL database | Full account and bots data |
| Railway | Backend hosting | Logs, data in transit |
| Vercel | Frontend hosting | IP and User-Agent (access logs) |
| Hostinger | Domain email hosting (@yudbot.com) | Messages received at support@yudbot.com |
Each of them is GDPR-compliant and applies appropriate technical and organizational security measures. You can review their privacy policies on their respective websites.
6. International transfers
Some of the providers listed above (Lemon Squeezy, Resend, Vercel, Railway) may process data on servers outside the European Economic Area, primarily in the United States. In those cases, transfers rely on one of the mechanisms in Chapter V of the GDPR:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- EU-U.S. Data Privacy Framework (where applicable).
- Your explicit consent when using the Service.
7. Data retention
- Account and bot data: while your account is active.
- After account deletion: personal data is deleted within a maximum of 30 days.
- Tax data (invoices, payment records): kept for 6 years as required by Spanish law (Commercial Code, art. 30).
- Technical logs: up to 90 days.
- Verification / reset tokens: 10-60 minutes (auto-expire).
8. Your GDPR rights
As a user you have the following rights regarding your personal data:
- Access (art. 15): obtain a copy of the data we hold about you.
- Rectification (art. 16): correct inaccurate data. Some can be edited directly from the "Account" section.
- Erasure (art. 17): "right to be forgotten" — request deletion of your data.
- Restriction (art. 18): limit processing in certain cases.
- Portability (art. 20): receive your data in a structured format (JSON) to take it to another service.
- Objection (art. 21): object to processing based on legitimate interest.
- Withdraw consent at any time, without affecting the lawfulness of prior processing.
To exercise any right, write to support@yudbot.com from your registered email. We will respond within a maximum of 30 days.
If you believe your request has not been handled correctly, you have the right to lodge a complaint with the Spanish Data Protection Agency (aepd.es) or your country's supervisory authority.
9. Security
We apply reasonable technical and organizational measures to protect your data:
- Encrypted connections (HTTPS/TLS) across the entire Service.
- Passwords stored using bcrypt hash (never plaintext).
- Authentication via signed JSON Web Tokens (JWT).
- Email verification on first login to detect unauthorized access.
- Restricted access to the production backend, with least-privilege principle.
No measure is foolproof. If we detect a security breach that may affect you, we will notify you without undue delay and, where appropriate, also notify the AEPD as required by GDPR articles 33-34.
10. Cookies and local storage
YudBot does not use tracking or advertising cookies. We do not install Facebook pixels, Google Analytics, or cross-site trackers.
We do use the browser's localStorage, a cookie-similar but strictly local technology, for:
- Keeping you signed in (JWT token).
- Remembering your theme preference (light/dark).
- Preserving the configuration of a bot under construction so you don't lose it on page reload.
You can clear this storage at any time from your browser settings. If you clear it, you will need to sign in again.
11. Minors
The Service is intended for users 18 years or older. We do not knowingly collect data from minors. If you believe a minor has created an account, write to support@yudbot.com and we will delete it without delay.
12. Changes to this policy
We may update this policy. When we do, we will update the "Last updated" date and, if changes are substantial (e.g. new third parties, new purposes), we will notify you by email before they take effect.
13. Contact
- Email: support@yudbot.com
- Web: yudbot.com