MoonBotBack home

Privacy Policy

What MoonBot collects and why.

This Policy explains how MoonBot handles personal information when you visit the site, create an account, pair a device, or use the software.

1. Scope and controller

This Policy applies to the MoonBot website, portal, APIs, receiver, installer, support, and related services. MoonBot is responsible for the personal information described here. It does not govern NinjaTrader, brokers, exchanges, market-data vendors, model providers, or other third parties, which publish their own policies.

Privacy questions and requests may be submitted through the support channel in your account portal.

2. Information we collect

Account information. Name, email address, password hash, account status, acceptance records, and account timestamps.

Security and device information. Session and API-key hashes, key prefixes, receiver identifiers, device names, credential version, IP and user-agent hashes, authentication events, revocations, and security logs. Raw passwords and raw API keys are not stored. A raw API key or device credential is displayed only when created.

Product and trading-system data. Configuration such as selected account label, instrument, mode, quantity, optional controls, software version, connectivity health, command status, signal records, model verdicts, fills, and outcomes. MoonBot does not request or store your brokerage password through the website.

Communications. Information you provide in support requests, bug reports, surveys, or other messages.

Website data. Necessary cookie values, request timing, page and API requests, approximate network information, and diagnostic events. MoonBot does not currently use third-party advertising cookies or sell browsing profiles.

3. Sources

We receive information directly from you, from the MoonBot receiver and website, from devices you authorize, and from service providers that help deliver hosting, security, support, model review, payments, or email. Trading platforms and market-data providers may send operational data only when you configure the integration.

4. How we use information

We use information to create and secure accounts, authenticate sessions and devices, deliver signals and receiver services, apply user-selected configuration, maintain audit records, provide support, prevent abuse, debug failures, improve reliability, comply with law, enforce agreements, and communicate material service or security information.

We do not use brokerage credentials because the website does not collect them. We do not use personal information to guarantee, personalize, or manipulate a trading outcome.

5. How we disclose information

We may disclose limited information to vendors that process data for hosting, databases, security, communications, model services, payments, or support under contractual restrictions. We may disclose information when required by law, to protect rights and safety, to investigate abuse, or as part of a financing, merger, acquisition, or sale subject to appropriate protections.

We do not sell personal information for money. We do not share personal information for cross-context behavioral advertising. We do not disclose raw API keys or device secrets after their one-time presentation.

6. Cookies and local storage

MoonBot uses strictly necessary cookies for authentication and cross-site request protection. The session cookie is HttpOnly where supported, and cookies use SameSite protections. The site may use browser storage for short-lived setup state, such as a one-time provisioning download, but should not be treated as a password vault. Blocking necessary cookies may prevent login or portal use.

7. Retention

We keep personal information only as long as reasonably necessary for the purposes described here, including security, dispute, accounting, regulatory, and audit needs. Active account and device records are retained while the account operates. Revoked credentials and security events may be retained to prevent replay and investigate abuse. Support and transaction records may be retained for legal or operational periods. We delete or de-identify information when it is no longer needed, unless law requires retention.

8. Security

MoonBot uses measures designed to protect information, including Argon2 password hashing, hashed session and API credentials, HttpOnly session cookies, same-origin and CSRF controls, per-device credentials, revocation, encrypted transport in production, access restrictions, and audit events. No system is perfectly secure. You must protect your devices and promptly revoke exposed keys.

9. Your choices and rights

You may update certain account information, revoke API keys and devices, log out sessions, and request access, correction, deletion, or a portable copy of personal information through the portal support channel. You may also object to or request restriction of certain processing where applicable. We may verify your identity and retain information when required for security, legal obligations, or dispute resolution.

Residents of jurisdictions with additional privacy rights may exercise those rights without discriminatory treatment. An authorized agent may submit a request where law permits, subject to verification. MoonBot does not sell or share personal information as those terms are used for cross-context behavioral advertising.

10. Children

MoonBot is not directed to children and is limited to users who are at least 18. We do not knowingly collect personal information from children. Contact us if you believe a child submitted information.

11. International use

MoonBot may process information in the United States and other places where service providers operate. Those locations may have different privacy laws. Where required, we use appropriate transfer protections.

12. Changes

We may update this Policy as the service changes. The current version and effective date appear at the top. Material changes will be presented through the website, portal, email, or another reasonable channel. We review the Policy at least annually.

13. Contact

Submit privacy requests through the authenticated support channel in the MoonBot account portal. Include the email associated with your account and the nature of the request. Do not include brokerage passwords, API keys, or device secrets.