Privacy Policy

This Privacy Policy applies to all users of the ScalpEx platform, including our website, dashboard, APIs, and any related services. It describes the types of personal data we collect, how we process it, the legal bases for processing, and your rights regarding your data.

By accessing or using ScalpEx, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use our services.

We process personal data in accordance with the EU General Data Protection Regulation (Regulation 2016/679), the UK Data Protection Act 2018, the California Consumer Privacy Act (as amended by the CPRA), and other applicable privacy laws in the jurisdictions where we operate.

ScalpEx is the data controller responsible for your personal data. As the data controller, we determine the purposes and means of processing your personal data and are accountable for ensuring that processing complies with applicable data protection laws.

For any questions about this Privacy Policy or our data practices, you may contact our Data Protection Officer using the contact information provided in Section 17 of this policy.

Under the GDPR, we process your personal data on the following legal bases:

Where we rely on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.

We use your personal data for the following purposes:

• Service Delivery: To operate the scalping bot, execute trades on your Coinbase account, and provide real-time monitoring, analytics, and AI-generated trade insights.
• Account Management: To create, maintain, and secure your account, authenticate your identity, and manage your subscription.
• Payment Processing: To verify USDT payments on the Ethereum and Polygon blockchains, activate subscriptions, and maintain billing records.
• Communication: To send you trade alerts, stop-loss notifications, subscription reminders, and critical system notifications related to your bot activity.
• Service Improvement: To analyze usage patterns, identify bugs, optimize performance, and develop new features.
• Security: To detect, prevent, and respond to fraud, unauthorized access, and other security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We will never use your Coinbase API credentials for any purpose other than executing the trading operations you have configured and retrieving the account data necessary to display your dashboard information.

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

• Coinbase: Your API credentials are used to communicate with the Coinbase Advanced Trade API to execute trades and retrieve account data. Coinbase processes this data under their own privacy policy.
• Blockchain Networks: Subscription payment transactions are recorded on the Ethereum and Polygon public blockchains. Transaction hashes and wallet addresses are inherently public on these networks.
• Blockchain Explorers: We use Etherscan's API to verify payment transactions. Transaction hashes are shared with Etherscan for verification purposes.
• Infrastructure Providers: We use cloud hosting, database, and storage providers to operate our platform. These providers process data on our behalf under data processing agreements that comply with GDPR Article 28.
• Legal Requirements: We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of ScalpEx, our users, or the public.

All third-party service providers are contractually bound to protect your data and may only process it for the specific purposes we have authorized.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption at Rest: All sensitive data, including API credentials, is encrypted using AES-256 encryption before storage.
• Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS 1.2 or higher.
• Access Controls: Access to personal data is restricted to authorized personnel on a need-to-know basis, with role-based access controls and audit logging.
• Secure Authentication: We use OAuth-based authentication with JWT session tokens signed with secure secrets.
• Regular Security Reviews: We conduct periodic security assessments and vulnerability testing of our infrastructure.

While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be associated with you.

We use cookies and similar technologies to operate our platform:

Essential cookies are required for the platform to function and cannot be disabled. You can manage functional and analytics cookies through your browser settings. Disabling certain cookies may affect your experience on the platform.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the GDPR:

To exercise any of these rights, please contact us using the information in Section 17. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes for collection, and the categories of third parties with whom we share your data.
• Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions such as legal compliance and financial record-keeping obligations.
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Should this change, you will have the right to opt out.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or access levels for exercising your rights.

To submit a CCPA request, please contact us using the information in Section 17. We will verify your identity before processing your request and respond within 45 days.

Your personal data may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognized transfer mechanisms under GDPR Article 46.

By using our service, you acknowledge that your data may be processed in jurisdictions with different data protection standards. We take all reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.

ScalpEx is not intended for use by individuals under the age of 18 (or the age of legal majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child, we will take immediate steps to delete such data from our systems.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately using the information in Section 17.

Our trading bot uses automated algorithms to make trading decisions based on technical indicators (EMA crossovers, RSI, Bollinger Bands) and your configured parameters. These automated decisions directly affect the trades executed on your Coinbase account.

Under GDPR Article 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. You maintain full control over the bot at all times: you can start, stop, or modify the bot's parameters, and you can override any automated decision by managing your positions directly on Coinbase.

The bot's trading decisions are based on market data analysis and your configured risk parameters, not on profiling of your personal characteristics. You may request human review of any automated trading decision by contacting us.

Our breach notification will include the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by posting the updated policy on our platform with a revised "Last updated" date and, where appropriate, by sending you a notification through the platform or via email.

We encourage you to review this Privacy Policy periodically. Your continued use of ScalpEx after any changes constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, including exercising your data protection rights, please contact us:

We aim to respond to all legitimate requests within 30 days. If your request is particularly complex or you have made multiple requests, we may need up to 60 days, in which case we will notify you of the extension and the reasons for it.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.