Privacy Policy

1. Who We Are & Contact

LiquidityAI Pty Ltd is an Australian software company headquartered at Level 1 / 457–459 Elizabeth Street, Surry Hills, NSW 2010, Australia. We build AI-powered tools that help users design, test, automate, and observe cryptocurrency trading strategies through connections to supported third-party exchanges.

For privacy questions or requests, contact: [email protected]. For legal notices, contact: [email protected].

2. Scope & Applicability

This Policy applies to personal information we process about visitors, users, subscribers, community members, marketplace participants, and support contacts in connection with the Services. This Policy does not apply to non-personal data (e.g., anonymized or aggregated data) or to information processed by third-party exchanges or service providers acting as independent controllers under their own privacy notices.

3. Key Definitions

• Personal information / Personal data: Information that identifies or is reasonably linkable to an individual.
• Processing: Any operation on personal information (collection, storage, use, disclosure, etc.).
• Controller: The entity that determines the purposes and means of processing (typically LiquidityAI for the Services).
• Processor / Service provider: An entity that processes personal information on behalf of a controller.
• Sensitive information: Categories that may include government identifiers, precise geolocation, financial account numbers, or authentication credentials, where applicable law treats them as sensitive.

4. Information We Collect

We may collect the following categories of information:

• Account & Identity: Name, email address, username, profile photo (if provided), country/region, time zone, organization, role, preferences, support communications.
• Authentication & Security: Passwords (hashed), 2FA status, session tokens, IP address, login history, fraud and abuse signals.
• Subscription & Billing: Plan selections, status, invoices, tax country/region, purchase history. We do not store full payment card numbers; payments are processed by PCI-compliant providers (e.g., Stripe, PayPal).
• Exchange Connections: Exchange account identifiers, trade-only API keys or tokens (encrypted at rest), permission scopes you grant, and webhook endpoints you configure.
• Trading & Strategy Metadata: Strategy names/configs you create, backtest parameters and results, bot settings, exchange order instructions issued via your configuration, execution outcomes reported by exchanges, and related logs.
• Usage & Telemetry: Pages viewed, feature interactions, clickstream, referrer/UTM tags, device type, OS/browser, screen size, language, approximate location (derived from IP), and timestamps.
• Diagnostics & Performance: Error messages, stack traces, API latency, rate-limit hits, and service-health metrics.
• Community & Marketplace (if used): Posts, comments, strategy listings, ratings, and profile details you choose to make public.
• Support & Communications: Emails, tickets, chat transcripts, call notes, and attachments you submit.

Note: We do not take custody of your assets. Trading occurs on third-party exchanges using your keys and permissions.

5. Sources of Personal Information

• Direct from you via forms, account setup, strategy configuration, support requests, or marketplace listings.
• Automatically through cookies, SDKs, and similar technologies when you interact with the Services.
• From third parties such as payment processors, identity/anti-fraud providers, analytics vendors, or exchanges you connect.
• From publicly available sources (e.g., public blockchain data associated with your activities, if you provide wallet addresses).

6. How We Use Personal Information

• Provide, maintain, and improve the Services (including bots, backtesting, analytics, dashboards, and APIs).
• Authenticate users, secure accounts, detect/prevent fraud and abuse, and enforce policies.
• Facilitate exchange connections and execute instructions you configure through supported exchange APIs.
• Process subscriptions and payments; manage trials, promotions, referrals, and invoices.
• Provide customer support; respond to inquiries; diagnose and resolve issues.
• Analyze usage to improve features, performance, and UI/UX; conduct A/B testing and research.
• Send transactional messages (alerts, confirmations, service/incident notices) and, where permitted, product updates or marketing.
• Comply with legal obligations (tax, accounting, security, anti-fraud, sanctions/AML screening where applicable).
• Create anonymized or aggregated insights for benchmarking and product improvement without re-identification.

7. Legal Bases for Processing (GDPR/UK GDPR)

• Contractual necessity: To provide the Services you request (account, connections, automation, billing).
• Legitimate interests: To secure/defend Services, improve features, prevent abuse, and support customers. We balance against your rights.
• Consent: For certain analytics, marketing, or cookie categories where required. You may withdraw consent at any time.
• Legal obligation: Compliance with applicable laws (e.g., tax, accounting, sanctions screening where applicable).

8. How We Share Information

We do not sell your personal information. We may disclose information as follows:

• Service Providers / Processors: Cloud hosting, analytics, logging, email/SMS, customer support, payment processing, and security vendors under contractual confidentiality and data-processing terms.
• Exchanges & Integrations: At your direction, to exchanges you connect and services you enable (e.g., webhooks, messaging). These third parties are independent controllers of their own systems.
• Corporate Transactions: In connection with a merger, acquisition, financing, or sale of all/part of our business, subject to appropriate safeguards.
• Legal & Safety: To comply with law, lawful requests, or to protect rights, property, users, the public, or the integrity of the Services.
• With Consent: We may share beyond the above with your explicit consent or at your explicit direction.

We may publish anonymized/aggregated insights that do not identify individuals.

9. Analytics, Cookies & Similar Technologies

We use cookies, local storage, pixels, and SDKs to operate the Services, keep you signed in, remember preferences, measure performance, and understand usage. Categories may include: strictly necessary, functional, performance/analytics, and marketing cookies.

• Session & Security: Authentication tokens, CSRF protection, rate-limit signals.
• Preferences: Theme, locale, time zone, and saved UI settings.
• Analytics: Page views, events, performance metrics (e.g., Google Analytics or equivalent).
• Marketing (where used): Campaign attribution and engagement (with consent where required).

You can control cookies via your browser and (where provided) our Cookie Policy / Preferences Center. Disabling certain cookies may impact functionality. We do not respond to “Do Not Track” signals at this time.

10. Marketing, Ads & Communications

We may send product announcements, feature updates, and offers as permitted by law. You can opt out using unsubscribe links in emails or by updating your preferences. We will continue to send essential transactional messages (e.g., security alerts, receipts).

11. Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by category (e.g., billing records may be retained to meet tax/legal requirements). We may retain limited logs for security, fraud prevention, or compliance after account closure.

12. Security

We implement reasonable technical and organizational measures, including encryption at rest/in transit, key management, access controls, and secure development practices. No system is perfectly secure; you are responsible for safeguarding your credentials, devices, network, and exchange API keys (e.g., IP whitelisting, trade-only permissions).

If we become aware of a data incident affecting your personal information, we will investigate and, where required, notify you and/or regulators consistent with applicable law.

13. International Data Transfers

We may process and store information in countries outside your own. Where required, we implement appropriate safeguards (e.g., EU/UK Standard Contractual Clauses) for cross-border transfers and take steps to ensure an adequate level of protection.

14. Your Privacy Rights & Choices

Depending on your location, you may have the following rights over your personal information, subject to legal limits and verification:

• Access / Know: Request information about our processing and obtain a copy of your data.
• Correction (Rectification): Request we correct inaccurate or incomplete data.
• Deletion (Erasure): Request we delete certain data (e.g., when no longer necessary).
• Portability: Receive data you provided in a structured, commonly used format and request we transfer it to another controller where feasible.
• Restriction / Objection: Request we limit or stop certain processing, including objections to processing based on legitimate interests or direct marketing.
• Consent Withdrawal: Withdraw consent where processing is based on consent (e.g., certain analytics/marketing).
• Appeal / Complaint: Lodge a complaint with a supervisory authority (e.g., OAIC in Australia, ICO in the UK, DPA in the EU, or CPPA/AG in California).

California residents also have rights under the CCPA/CPRA, including to know, access, correct, delete, and opt out of “sale” or “sharing” for cross-context behavioral advertising. We do not “sell” personal information as that term is defined in the CCPA/CPRA, and we do not knowingly “share” personal information for cross-context behavioral advertising. We also do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA.

To exercise rights, email [email protected]. We may verify your request and identity before responding. Authorized agents may submit requests on your behalf where permitted by law.

15. Children’s Privacy

The Services are intended for adults and are not directed to children. We do not knowingly collect personal information from individuals under 18. If you believe a minor has provided personal information, contact us so we can take appropriate action.

16. Automated Decision-Making & Profiling

Our strategy engines and bots act according to configurations you set (signals, rules, risk limits). We may use analytics and heuristics to improve the Services, detect abuse, and recommend features. We do not make solely automated decisions that produce legal or similarly significant effects about you without appropriate human review where required by law.

17. Third-Party Sites, Exchanges & Integrations

The Services may link to or integrate with third-party sites and exchanges. Their privacy practices are governed by their own policies. We are not responsible for the privacy or security of information you share with third parties you choose to connect.

18. Changes to this Privacy Policy

We may update this Policy from time to time. We will post the updated version with a new “Last updated” date. Material changes may be communicated via email or in-product notices. Your continued use of the Services after the effective date constitutes acceptance.

19. How to Contact Us