PRIVACY POLICY

Last Updated: 11.01.2025

This Privacy Policy explains how we, as Haysoft S.R.L ("Platform", "We" or "Company"), collect, process, protect, and share your personal data when you visit our website and use our SaaS (Software as a Service) based algorithmic crypto trading automation tools.

Our data processing activities are carried out in full compliance with the European Union General Data Protection Regulation (GDPR) standards and Romanian data protection laws.

1. IDENTITY OF THE DATA CONTROLLER

The corporate contact details of the "Data Controller" regarding your collected personal data are as follows:

  • Company Name: Haysoft S.R.L.
  • Registered Address: Jud. Ilfov, Oraş Voluntari, Strada Petofi Şandor, Nr. 4
  • Privacy and Data Protection Contact: [email protected]

2. WHAT PERSONAL DATA DO WE COLLECT?

In order to provide the automation services promised by our platform, we collect the following categories of data:

  • Identity and Contact Data: Your name, surname, and email address.
  • Technical Service Data: API Keys belonging to your cryptocurrency exchange accounts (Binance, OKX, etc.) with strictly "Read" and "Trade" permissions only. (Our platform never initiates fund withdrawals/transfers via API keys and actively rejects keys containing such permissions).
  • Device and Usage Data: The IP address from which you access the platform, browser type, operating system, login logs, and your bot/signal configurations.
  • Financial and Transaction Data: Billing information for purchased subscriptions and credits. Important Note: Your credit card details are not stored on our servers. This data is processed and encrypted directly by our PCI-DSS compliant licensed payment providers (e.g., Stripe, Paddle).

3. PURPOSES AND LEGAL BASIS OF DATA COLLECTION (GDPR Article 6)

We process your personal data only for the following purposes and legal bases:

  • Performance of a Contract: Creating your account, integrating your exchange API, transmitting your bot strategies to the exchange via API, and managing your credit balance.
  • Legal Obligations: Issuing invoices in accordance with Romanian and EU tax laws, reporting suspicious transactions within the framework of MASAK/AMLD5 (Anti-Money Laundering) rules, and monitoring compliance with the prohibition on accepting crypto payments from residents of restricted jurisdictions.
  • Legitimate Interest: Ensuring the cybersecurity of the platform, enforcing IP Whitelisting controls, bug detection, and fraud prevention.

4. DATA SECURITY AND ENCRYPTION

The security of your sensitive technical data (especially API keys) is our highest priority:

  • Cryptographic Encryption: The API keys you register in our system are not stored as plaintext in our database. They are encrypted and stored using industry-standard AES-256 (or equivalent) encryption algorithms.
  • Network Security: All data traffic between our servers and the exchanges is transmitted over secure TLS/SSL protocols.
  • Limitation of Authorization: No human, including our company employees, has direct access to your API keys; transactions are executed exclusively machine-to-machine (M2M) by algorithmic bots.

5. DATA SHARING AND THIRD PARTIES

We never sell your data for advertising purposes. We share it only with the following trusted service providers necessary to deliver the service:

  • Payment Infrastructure Providers: For billing and payment collection (e.g., Stripe, Paddle).
  • Cloud Server Services: For platform hosting and database management (e.g., AWS, Google Cloud, DigitalOcean).
  • Connected Exchanges: Cryptographic API calls sent to the exchanges selected by the user to execute trading orders.
  • Official Authorities: State or EU institutions only in the event of a court order or a formal legal request.

6. DATA RETENTION

We retain your data only for as long as necessary for legal and operational purposes:

  • If you delete your account or permanently cancel your subscription, your API keys and bot configurations are permanently and irreversibly deleted from our database within 30 days.
  • Financial records, contracts, and billing data are archived for the legally required period (typically 5 to 10 years) in compliance with Romanian commercial and tax laws.

7. INTERNATIONAL DATA TRANSFERS

If our infrastructure providers (e.g., cloud servers) are located outside the European Economic Area (EEA), the transfer of your personal data is carried out under strong legal safeguards such as Standard Contractual Clauses (SCC) approved by the European Commission.

8. YOUR RIGHTS UNDER THE GDPR

Under the GDPR, you have the following rights:

  1. Right to Access: To request information about what personal data we process.
  2. Right to Rectification: To request the correction of incomplete or inaccurate information.
  3. Right to Erasure (Right to be Forgotten): To request the complete deletion of your data, excluding data subject to legal retention obligations.
  4. Right to Restriction and Objection: To stop the processing of your data for specific purposes (e.g., marketing).
  5. Right to Data Portability: To receive your data in a structured, machine-readable format.

To exercise these rights, you can send an email to [email protected] from your registered email address. Your request will be answered free of charge within the legal time limit of maximum 30 (thirty) days.

By registering on our platform and using our services, you explicitly declare that you understand and accept the data processing procedures specified in this Privacy Policy.