beta
Privacy Policy
Terms of Service
BOTHUB MICA Statement
Cookie Policy
Data Breach Policy
Data Request Policy
Data Subject Request Form
Disclaimer
General Terms and Conditions
Payment and Refund Policy
Security Policy

Privacy Policy

Last Updated: 26 September 2025

1. Introduction

This Privacy Policy explains how Bothub Global AB (company number: 559431-4493, registered at Kungsgatan 32, 111 35 Stockholm, Sweden) (“Bothub”, “we”, “our”, “us”) collects, uses, stores, transfers, and protects your personal data when you use our services and website https://bothub.trade (the “Website”).

Important Disclaimer:
Bothub is not a financial intermediary, broker, custodian, or investment advisor. We do not provide financial, investment, or tra*ding advice. Our services consist solely of technical tools that allow you to connect your exchange accounts via API keys and automate trading. We do not hold or manage your funds. Bothub is not supervised or licensed by the Swedish Financial Supervisory Authority (Finansinspektionen) or any other regulator. Our services are not subject to MiFID II, PSD2, or other financial services regulations.

If you do not agree with this Privacy Policy, please discontinue using the Website and our services.

This Privacy Policy should be read in conjunction with our Terms of Service, Cookie Policy, and Disclaimer.

2. Key Terminology

  • Controller: Bothub Global AB determines how and why your personal data is processed.
  • Data Subject: The natural person (you) whose personal data is processed.
  • Personal Data: Any information that identifies or can identify you.
  • Processing: Any operation performed on personal data (collection, storage, use, transfer, etc.).
  • Profiling: Automated processing to analyze or predict your preferences or behavior.
  • Data Protection Authority: The independent authority supervising compliance with data protection laws. In Sweden, this is IMY (Integritetsskyddsmyndigheten).
  • Services: The automated trading tools and related services we provide.

(Additional definitions follow the meanings in the Terms of Service.)

3. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or deletion of your data.
  • Restrict or object to how we process your data.
  • Request a copy of your data in a portable format (data portability).
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Lodge a complaint with a supervisory authority (see Section 10).

You can enforce these rights using our [Data Subject Request Form].

4. Principles of Data Processing

We process personal data in line with GDPR principles:

  • Lawfulness, fairness, transparency – we process your data openly and legally.
  • Purpose limitation – we collect data only for defined, legitimate purposes.
  • Data minimization – we process only what is necessary.
  • Accuracy – we strive to keep data accurate and up to date.
  • Integrity & confidentiality – we apply strong security measures to protect your data.

5. What Personal Data We Collect

We collect data in the following contexts:

Website Visits

  • Data: Browser type, IP address, time zone, cookies, pages viewed, interactions.
  • Purpose: Website operation, analytics, optimization.
  • Legal ground: Legitimate interest.
  • Retention: During website use + 1 year.

Account Registration

  • Data: Name, email, verification code.
  • Purpose: Provide and secure services.
  • Legal ground: Consent.
  • Retention: During service use + 1 year.

Payments

  • Data: Transaction hash, payment identifier, amount.
  • Purpose: Process payments and fulfill contracts.
  • Legal ground: Contract performance.
  • Retention: 1 year unless required longer by law.

Customer Support

  • Data: Name, email, exchange ID, Telegram ID, payment info (case-dependent).
  • Purpose: Provide support and resolve issues.
  • Legal ground: Consent.
  • Retention: 1 year after last contact.

Integrations

  • Data: Usernames/IDs (Discord, Telegram, X, Exchange), API keys.
  • Security: API keys are encrypted and restricted to trading (no withdrawals).
  • Purpose: Service delivery, access control, support.
  • Legal ground: Consent.
  • Retention: During service use + 1 year.

Questionnaires

  • Data: Optional personal details (e.g., gender, preferences).
  • Purpose: Service improvements.
  • Legal ground: Consent.
  • Retention: 1 year.

Account Management

  • Deletion: Users may delete accounts via the deactivation page. Once deleted, data cannot be recovered (unless required by law).
  • Automatic deletion: Inactive accounts are deleted after 2 years.

Other Data Processing

  • Profiling: Limited to improving services and marketing insights. Not used for automated decisions with legal effects.
  • Storage: Personal data stored securely on servers in Frankfurt, Germany.
  • Transfers: Data may be transferred outside the EEA under EU-approved safeguards (e.g., Standard Contractual Clauses).

6. How We Share Personal Data

We may share personal data with:

  • Payment providers: Stripe (https://stripe.com/privacy).
  • Analytics providers: Google Analytics, Hotjar, Leadfeeder.
  • Social platforms: Discord, X (Twitter), Telegram.
  • Cloud & SaaS providers: AWS, Atlassian, Google Workspace, Intercom.
  • Exchanges for integrations: Binance, Kraken, Hyperliquid, Bybit (as independent controllers).
  • Corporate transactions: In case of merger, acquisition, or sale.
  • Authorities & law enforcement: Where legally required or to protect rights/safety.

We never sell your personal data. Sharing is limited to what is necessary for service provision.

7. How We Protect Personal Data

We apply administrative, technical, and organizational measures including:

  • Encryption at rest and in transit.
  • Restricted access controls.
  • Industry-standard cloud security (AWS infrastructure).

We maintain breach response procedures and will notify authorities and affected users in line with GDPR obligations.

8. Data Breach Notification

In case of a Personal Data Breach:

  • We will act promptly to mitigate risks.
  • We will notify the Swedish Data Protection Authority (IMY) within 72 hours, where required.
  • We will notify you if the breach poses high risk to your rights or freedoms.

See our [Data Breach Policy] for more details.

9. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The latest version will always be published on our Website with the “Last Updated” date.

10. Governing Law & Dispute Resolution

This Privacy Policy is governed by Swedish law. Disputes will first be addressed through good-faith negotiations (30 days minimum). If unresolved, disputes will be settled by Swedish courts, with Stockholm District Court as the court of first instance.

11. Contact Information

If you have questions, concerns, or wish to exercise your rights, please contact us: [email protected].

You may also lodge complaints with your local authority or with the Swedish Authority for Privacy Protection (IMY): https://www.imy.se.


Consent to the use of cookies

🍪 Our website uses cookies

This site uses tracking technologies. You can control how we use this information. We use cookies to improve our product and your experience on our website according to our Cookie Policy.