1. Information We Collect
Account Information
When you register for a Volabots account, we collect:
- Full name and email address
- Password (stored as a bcrypt hash — we never store your plain-text password)
- Deriv API token (stored encrypted using Fernet symmetric encryption)
- Chosen subscription plan
Trading Data
To provide the dashboard and reporting features, we collect and store trade data associated with your Deriv account, including trade history, profit and loss figures, open position details, and signal logs.
Technical Information
We may collect IP addresses for security purposes (detecting unusual login activity) and basic usage logs for debugging and platform improvement.
2. How We Use Your Information
Your information is used solely to operate the Volabots service:
- Placing and monitoring trades on your Deriv account via API
- Sending daily, weekly, and monthly performance reports to your email
- Displaying trading analytics in your subscriber dashboard
- Providing customer support when you contact us
- Detecting and preventing unauthorised account access
We do not sell, share, rent, or transfer your personal data to any third party for marketing, advertising, or commercial purposes under any circumstances.
3. Data Security
Encryption
Your Deriv API token is encrypted at rest using Fernet symmetric encryption before storage. The encryption key is never stored in the same database as the encrypted data — a complete database breach would expose nothing usable.
Password Security
Passwords are hashed using bcrypt with a per-user salt. We cannot retrieve your plain-text password under any circumstances.
Two-Factor Authentication
Two-factor authentication is mandatory for all accounts, providing an additional layer of security beyond your password.
Infrastructure
All data is stored on encrypted servers hosted by Hetzner Cloud in the European Union. We conduct regular security reviews and keep all system software up to date.
4. Data Retention
Your data is retained for as long as your account is active. When you delete your account:
- Your API token is deleted immediately and permanently
- Your personal information is removed within 30 days
- Your trade history is anonymised or deleted within 30 days
- Backup copies are purged within 60 days
5. Your Rights
You have the following rights regarding your personal data:
- Access: Request a copy of all personal data we hold about you
- Correction: Request correction of any inaccurate personal data
- Deletion: Request deletion of your account and all associated data
- Portability: Request your trade data in a machine-readable format
- Objection: Object to any processing of your personal data
To exercise any of these rights, use the contact form on our website. We will respond within 30 days.
6. Cookies
This website uses minimal cookies for session management only — to keep you logged in to your subscriber dashboard. We do not use tracking cookies, advertising cookies, or any third-party analytics that identify you personally.
7. Third-Party Services
We use the following third-party services to operate the platform:
- Deriv API: For trade execution and market data. Subject to Deriv's own privacy policy.
- Brevo (email): For sending performance reports and notifications. Emails contain your trading data.
- Hetzner Cloud: Server infrastructure provider. Data stored in EU data centres.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify active subscribers via email. Continued use of the service after changes constitutes acceptance of the updated policy.
9. Contact
For privacy-related enquiries, data access requests, or deletion requests, please use the contact form on the main page. We respond within 24 hours on business days.