Privacy Policy

Last updated: March 18, 2026

1. Introduction

Stratrevo ("we," "our," or "us") operates the Stratrevo crypto trading automation platform at stratrevo.com. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

By creating an account or using the Service, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account Information

When you register, we collect your name and email address. Passwords are never stored in plaintext — they are hashed using PBKDF2-SHA256 with 100,000 iterations and a unique random salt before storage.

Exchange API Keys

When you connect an exchange, you provide API keys that are used to execute trades on your behalf. These keys are encrypted in your browser using AES-GCM before transmission. We store only the ciphertext and the initialization vector (IV). We never store or log plaintext API keys.

Our servers decrypt your keys only at the moment they are needed to execute a bot trade. Keys are used solely for the exchange actions you configure (placing orders, checking balances, fetching prices). We do not share your keys with any third party.

Trading and Bot Data

We store your bot configurations, bot states, trade execution records (price, quantity, fee, realized P&L), backtest runs, and results. This data is used to display your dashboard, calculate P&L, and support tax exports.

Billing Information

Payments are handled by Stripe. We do not store your credit card number or full payment details. We store only your Stripe customer ID and subscription ID to manage your plan status and billing portal access.

Notification Credentials

If you configure notification channels, we store your Telegram bot token and chat ID, Discord webhook URL, or CallMeBot phone number and API key. These are stored in our database and used only to send trade notifications you have configured.

Usage Data

We may log standard request metadata (IP address, user agent, timestamps) via Cloudflare infrastructure for security and debugging purposes. We do not sell or share this data.

3. How We Use Your Information

  • To operate, run, and monitor your trading bots
  • To display your portfolio, trade history, P&L, and risk metrics
  • To process subscription payments via Stripe
  • To send trade notifications to channels you configure
  • To provide customer support and respond to inquiries
  • To detect and prevent fraudulent or abusive use of the platform
  • To generate tax-related export data from your trade records

We do not use your data for advertising, and we do not sell your data to any third party.

4. Data Storage and Security

Your data is stored in Cloudflare D1 (SQLite) and Cloudflare KV, hosted on Cloudflare's globally distributed infrastructure. Session tokens are stored in Cloudflare KV with expiration.

We apply the following security measures:

  • Exchange API keys: AES-GCM encrypted client-side; only ciphertext stored
  • Passwords: PBKDF2-SHA256 with 100,000 iterations and random salt
  • API tokens: SHA-256 hash stored; full token shown only once at creation
  • Webhook tokens: SHA-256 hash stored; full token shown only once
  • All data transmitted over HTTPS/TLS

No security system is infallible. In the event of a data breach affecting your account, we will notify you by email as promptly as practical.

5. Third-Party Services

We use the following third-party services to operate the platform:

  • Cloudflare — infrastructure, hosting, edge compute, and database. Cloudflare's privacy policy applies to infrastructure-level data.
  • Stripe — payment processing. Stripe's privacy policy governs all payment data.
  • Cryptocurrency exchanges (Binance, Bybit, OKX, Coinbase, Kraken, KuCoin, Gate.io, HTX) — your connected exchanges receive API requests from our servers on your behalf. Their respective privacy policies and terms of service govern how they handle those requests.
  • Telegram / Discord / CallMeBot — if you configure notification channels, trade alert messages are transmitted to those services. Their privacy policies apply to messages delivered through their platforms.

6. Data Retention

We retain your account data and trade records for as long as your account remains active. If you delete your account, we will delete your personal information, bot configurations, exchange keys, and trade data from our production systems. Residual data in backups may persist for up to 30 days before being purged.

7. Your Rights

You have the right to:

  • Access the data we hold about you (your dashboard displays the primary data)
  • Export your trade data via the Tax Reporting page
  • Update your name and email from the Settings page
  • Delete your account and all associated data from the Settings page
  • Disconnect exchange integrations at any time from the Exchanges page

For data requests not addressed by in-app tools, contact us at privacy@stratrevo.com.

8. Cookies and Sessions

We use a single session cookie to authenticate you while logged in. This cookie stores a session token that references your server-side session in Cloudflare KV. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

Stratrevo is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has created an account, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we will make reasonable efforts to notify you by email.

11. Contact

Questions or concerns about this policy? Email us at privacy@stratrevo.com.