Koinets
LoginGet Started

Privacy Policy

Effective date: 1 January 2026  ·  Last updated: 1 January 2026

1. Introduction

Koinets operates an automated cryptocurrency trading platform. This Privacy Policy explains what personal data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Information you provide

  • Account data: Email, full name, password (bcrypt hash only — never plaintext).
  • Exchange API keys: Stored encrypted with AES-256. We never store withdrawal permissions.
  • Payment data: Cryptocurrency wallet addresses only. No credit card data collected.
  • Support communications.

2.2 Data collected automatically

  • Usage data: Pages visited, features used.
  • Device & connection data: IP address, browser, OS.
  • Trade data: Symbol, quantity, price, direction and outcome.
  • Log data: Retained for 90 days.

2.3 Referral data

Referring user's anonymised ID is recorded to attribute commissions. Full names and emails are never exposed in the referral system.

3. How We Use Your Data

  • Account management and authentication.
  • Executing automated trades via exchange APIs.
  • Calculating subscription and platform profit fees.
  • Crediting referral commissions.
  • Sending transactional emails.
  • Customer support.
  • Fraud detection and security.
  • Service improvement via aggregate analytics.
  • Legal compliance.

We do not sell, rent or trade your data to third parties for marketing.

4. Exchange API Keys

  • Encrypted with AES-256-GCM before storage.
  • Encryption keys stored separately from the database.
  • Decrypted only in memory at execution time — never logged.
  • Never transmitted to third parties other than the relevant exchange.
  • Withdrawal permissions verified and rejected at connection time.

5. Data Sharing & Third Parties

5.1 Exchange APIs

Binance, Bybit, KuCoin, OKX and Kraken receive your API keys solely to execute trades.

5.2 Email provider

Resend receives your email address solely to deliver transactional emails you requested.

5.3 Payment processor

BlockBee receives wallet addresses to generate payment addresses and verify on-chain transactions.

5.4 Infrastructure

Cloud hosting with encrypted storage and access restricted to authorised personnel.

5.5 Legal requirements

We may disclose data if required by law or to protect the safety of our users or the public.

6. Data Security

  • TLS/HTTPS for all data in transit.
  • AES-256 encryption for sensitive data at rest.
  • bcrypt password hashing.
  • JWT authentication with short-lived tokens.
  • Rate limiting on all authentication endpoints.
  • Cloudflare WAF and DDoS protection.
  • Firewall deny-by-default, access restricted to Cloudflare IP ranges.
  • Regular security audits.

7. Cookies & Tracking

  • Session cookie: HMAC-signed, HttpOnly. Expires after 12 hours of inactivity.
  • Referral cookie: Short-lived, to attribute registration to a referral link only.

No advertising cookies, third-party trackers or individual-user analytics.

8. Data Retention

  • Account data: Active + 90 days post-deletion.
  • Trade records: Up to 7 years (legal compliance).
  • API keys: Deleted immediately on disconnection or account deletion.
  • Log data: 90 days.
  • Support communications: 2 years.

9. Your Rights

  • Access your data.
  • Rectify inaccurate data.
  • Erase your data ("right to be forgotten").
  • Restrict processing.
  • Data portability.
  • Object to processing.
  • Withdraw consent.

Email support@koinets.com to exercise any right. We respond within 30 days.

10. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect data from minors.

11. International Data Transfers

Data may be processed outside your country of residence, protected by appropriate safeguards.

12. Changes to This Policy

We will notify you by email and on this page when the policy changes. Continued use constitutes acceptance.

13. Contact Us

Koinets
Email: support@koinets.com
Website: koinets.com