StratPilot Legal
Privacy And Data Notice
StratPilot Privacy and Data Notice
1. Purpose
This Privacy/Data Notice explains what categories of data StratPilot may process locally, what data may be processed by StratPilot's online services and what data may be sent to StratPilot Community API / Community Brain when your accepted Terms and Privacy/Data Notice are current and your account, license, app version and StratPilot server policy allow it.
This notice should be read together with the Terms of Use, Community Data Notice and Refund, Cancellation and Withdrawal Policy.
2. Controller/operator and contact
Controller/operator: Joakim Lundin
Contact/support: admin@stratpilot.app
Data protection contact: admin@stratpilot.app
Governing law / jurisdiction: Swedish law / Sweden
3. Required acceptance and Community Brain contribution
Before using the app, you must actively accept the current Terms of Use and this Privacy/Data Notice. The app and the StratPilot server may save the accepted document version, timestamp, locale, account identifier and document hash or checksum.
By accepting the required Terms of Use and this Privacy/Data Notice, you agree that StratPilot may upload and process permitted, anonymized or pseudonymized Community Brain contribution data from your local scans and analyses when your account, license, app version and StratPilot server policy allow it.
Community Brain contribution is governed by the Terms of Use, this Privacy/Data Notice, the Community Data Notice and the server policy active for your account. The app does not need to show a separate Community Brain checkbox for the signed-in account when the current Terms and Privacy/Data Notice are accepted.
Contribution upload is not active by acceptance alone. It still depends on account status, license status, feature availability, app version, server policy, data validation and safety rules.
4. Local processing
The local StratPilot app may process data needed for the user's own app operation, including:
- app settings;
- strategy settings;
- risk settings;
- local runtime files;
- local logs;
- local scan outputs;
- scanner and strategy results;
- mock or paper trading data;
- simulation and backtest results;
- local status caches;
- local session state;
- local AppData;
- support/diagnostic information created locally; and
- exchange, Telegram or other integration credentials where the user chooses to configure them.
The user is responsible for securing the local device, local credential storage, backups and any credentials entered into the app.
Credential fields should be masked or cleared after saving. Raw secrets must not be included in normal screenshots, bug reports, support emails, Community Brain contributions, update manifests, legal documents or release packages.
5. Server processing
StratPilot's online services may process operational data needed to provide account access, license validation, legal acceptance, support, update workflow, Community Brain services, admin services, security, abuse prevention, checkout/payment administration where enabled, renewal reminders and service diagnostics.
Depending on the features used, this may include:
- account identifiers;
- email address or masked email;
- login provider status, such as Google/OAuth or email login status;
- account status;
- license status and license ownership metadata;
- plan, tier, trial or access status;
- invite/access-channel status;
- payment identifiers or order references where payment is used;
- legal acceptance metadata, document versions, hashes, locale and timestamps;
- update manifest and release access events;
- Community Brain contribution/read-access metadata;
- scan, strategy, matrix and performance metadata submitted under the allowed-data rules;
- API connection status, ownership status and safe fingerprints;
- KuCoin/Telegram configured-status and ownership metadata;
- device/session risk metadata such as safe hashed installation or session identifiers;
- abuse-prevention, security and audit events;
- support and bug report metadata; and
- admin actions and audit logs.
StratPilot's online service should not require raw exchange API secrets, wallet private keys, seed phrases or .env contents for normal account, license, update or Community Brain functions.
6. Community Brain allowed data
When Community Brain contribution is enabled for your account and server policy allows it, StratPilot may submit validated and allowlisted data such as:
- anonymized or pseudonymized scanner metadata;
- matrix counts or matrix units;
- strategy metadata;
- strategy signatures without secrets;
- timeframe and mode information;
- market regime or data-quality labels;
- rejected or no-trade reasons;
- mock, paper, simulation and backtest metrics;
- safe allowlisted performance metrics;
- percentage-based portfolio or strategy performance, such as
return_pct, for a configured period; - Community Brain consent, contribution and access status;
- app version;
- schema version; and
- idempotency metadata.
Contribution upload may occur before you have read access to Community Brain results. Read access and qualification are separate server-side decisions.
Community Brain is advisory-only. It must not directly control live trading, place orders, bypass user confirmation, override risk settings or control exchange credentials.
7. Data that must never be sent to Community Brain or normal support channels
StratPilot must not submit or request the following for Community Brain, legal documents, update manifests, bug reports or normal support channels:
- raw StratPilot internal access keys;
- raw license keys or license secrets;
- passwords;
- session, OAuth or reset tokens;
- database passwords;
.envcontents;- KuCoin API keys, secrets or passphrases;
- exchange credentials of any kind;
- Telegram bot tokens;
- Telegram chat IDs;
- wallet private keys;
- seed phrases;
- absolute balances;
- start values;
- end values;
- raw holdings;
- wallet addresses;
- order IDs;
- trade IDs;
- raw device identifiers where not strictly needed;
- raw account history;
- full exchange history; and
- raw logs containing secrets or sensitive identifiers.
Users should not email, paste, upload or otherwise send these secrets to StratPilot.
8. Community Brain qualification and server source of truth
Community Brain read access, qualification, contribution status, data-quality status, rolling thresholds, read/write eligibility and feature availability are decided by the StratPilot server.
The client must never self-grant Community Brain qualification or read access from local state alone.
Qualification rules may change over time and may depend on plan, license, contribution quality, data quality, support review, abuse-prevention checks, current server policy and rolling contribution or validation thresholds.
9. License, account and connected-service ownership
StratPilot may link a license, KuCoin API connection, Telegram connection, Community Brain access or other access entitlement to the verified account that activates, redeems or connects it.
This helps prevent one account from using another account's license, KuCoin connection, Telegram connection, Community Brain access or bot access. Changes to verified licenses, KuCoin connections or Telegram connections may require support review and manual security approval.
Device and session hashes may be used for session security, risk analysis, trial anti-abuse and audit. The intended model is that licenses and connections are linked to the verified account, while the same account may be used from multiple own devices according to the applicable security policy.
10. Purposes of processing
Allowed data may be processed for:
- account creation and login;
- license activation and validation;
- checks that licenses and connected services belong to the signed-in account;
- legal acceptance and re-consent;
- plan, access and trial enforcement;
- update/release validation;
- Community Brain contribution, data quality, qualification and read access;
- product improvement and diagnostics;
- anonymized or aggregated statistics;
- matrix, scanner and optimizer statistics;
- fraud, abuse and trial anti-abuse prevention;
- support and bug report handling;
- operational troubleshooting;
- admin audit trails and security monitoring;
- backup, restore and service continuity; and
- compliance with legal obligations where applicable.
11. Legal bases where GDPR applies
Where the GDPR applies, processing may be based on one or more of the following legal bases:
- performance of a contract, such as providing account access, license validation, updates and paid features;
- consent, including the acceptance of Terms and Privacy/Data Notice for Community Brain contribution where applicable;
- legitimate interests, such as service security, abuse prevention, support, diagnostics, audit logging and product improvement;
- legal obligation, where records must be kept or action must be taken to comply with law; and
- establishment, exercise or defense of legal claims where necessary.
Some rights and choices may depend on the legal basis and the specific data involved.
If you do not agree to the Community Brain contribution model described in the Terms of Use, this Privacy/Data Notice and the Community Data Notice, you must not use features for which that contribution is a required condition.
12. Data sharing and third-party providers
StratPilot may use third-party providers for hosting, domain/DNS, email, payment processing where enabled, backup, error/security monitoring, Telegram messaging, exchange connectivity and related infrastructure.
Current or expected categories of providers may include:
- hosting / VPS provider;
- domain and DNS provider;
- email provider;
- backup or file storage provider;
- payment provider where payment is enabled;
- crypto networks or payment rails where crypto payment is offered;
- exchange integration provider, such as KuCoin, when the user configures exchange access;
- messaging/notification provider, such as Telegram, when the user enables notifications;
- reverse proxy / TLS infrastructure; and
- operating-system or runtime components required to run the app.
Third-party services have their own terms, privacy practices, outages, pricing, fees and security risks. StratPilot should share only the data needed for the relevant service purpose. The user is responsible for any third-party account they connect to StratPilot.
13. Retention
Data may be retained for as long as needed for the purpose for which it was collected, including account access, license records, payment records where applicable, legal acceptance, security, audit, support, backup, dispute handling, abuse prevention, Community Brain integrity and legal obligations.
Typical retention periods may include:
- license/account records: while the account or license is active, plus a reasonable period for support, disputes, accounting, abuse prevention or compliance;
- payment/order records: according to applicable accounting, bookkeeping, tax and dispute requirements;
- audit/security logs: normally 12–24 months unless a longer period is needed for security, legal claims or compliance;
- Community Brain contribution ledger and qualification records: normally up to 24 months, or longer if needed for qualification, data quality, abuse prevention, troubleshooting, aggregation or service integrity;
- raw operational logs: normally 30–90 days unless needed longer for security, support or legal reasons;
- backups: normally 30–90 days according to the configured backup retention policy;
- administrative exports: until deleted or rotated according to operational policy, with regular review and cleanup;
- local user configuration: until the user uninstalls, deletes or resets the local configuration.
Local data remains on the user's device unless the app, user or configured feature sends allowed data to StratPilot's online service.
Previously processed aggregated or anonymized Community Brain data may remain where it can no longer reasonably be linked to a user or where retention is needed for data quality, service integrity, abuse prevention, audit or legal obligations.
14. User rights
Depending on applicable law, you may have rights to access, correct, delete, export, restrict or object to certain processing of your personal data.
Some operational, license, audit, payment, security, support or Community Brain records may need to be retained where required for security, fraud prevention, legal compliance, accounting, payment disputes, support, data integrity or legal claims.
Requests can be sent to: admin@stratpilot.app
Do not include API keys, exchange secrets, Telegram tokens, wallet private keys, seed phrases, passwords, .env files or other secrets in support or privacy requests.
15. Security
StratPilot uses access controls, account checks, license checks, secret masking, audit records and safety gates to reduce risk. No system can be guaranteed to be completely secure.
You are responsible for securing your own device, operating system, browser, email account, exchange account, Telegram account, passwords, backups and any credentials you enter into the app.
If you believe your account or credentials have been compromised, contact admin@stratpilot.app and rotate affected third-party credentials immediately.
16. Changes
This Privacy/Data Notice may be updated. If material changes are made, the app may require you to accept the updated version before continued use or before enabling or continuing to use certain account, Community Brain, automation, live trading or data-processing features.
17. Contact
Contact and data protection contact: admin@stratpilot.app
Support: https://stratpilot.app/support
Terms: https://stratpilot.app/legal/terms
Privacy/Data Notice: https://stratpilot.app/legal/privacy
Community Data Notice: https://stratpilot.app/legal/community-data
Refund, Cancellation and Withdrawal Policy: https://stratpilot.app/legal/refund