Privacy Policy

Last updated: 11 March 2026

Your privacy matters. This policy explains what data VersaSuite collects, how it's used, and how it's protected. Short version: we collect only what we need, we don't sell your data, and we don't use tracking cookies.

1. Information We Collect

We collect the following information when you create an account or use our services:

  • Email address — used for account login and service communications
  • Password hash — stored as a bcrypt hash; we never store your plain-text password
  • TOTP secret — for two-factor authentication, encrypted at rest
  • Exchange API keys — if you connect an exchange, your read-only API keys are stored encrypted in our database
  • Usage data — aggregate, anonymised analytics (page views, feature usage) via privacy-first analytics (no cookies, no personal data)
  • Payment records — cryptocurrency transaction hashes and amounts for subscription verification; no card numbers or bank details are ever stored

2. How We Use Your Data

Your data is used solely to provide and improve the VersaSuite service:

  • Authenticate your account and maintain your session
  • Connect to exchanges on your behalf using your API keys
  • Verify subscription payments and manage Pro access
  • Send transactional emails (account confirmation, password reset)
  • Understand how the product is used in aggregate to improve it

We do not use your data for advertising, profiling, or any purpose beyond operating the service.

3. Data Storage and Security

All data is stored on servers located in Singapore (Linode/Akamai). Exchange API keys are encrypted at rest using AES-256. Passwords are hashed with bcrypt. Database connections use TLS in transit.

We apply principle-of-least-privilege access controls: only the application itself can read your data. No third parties have access to the database.

4. Cookies and Analytics

VersaSuite does not use tracking cookies or third-party analytics. We use privacy-first analytics (Plausible or Umami) that collect no personal data, set no cookies, and are fully GDPR compliant. No IP addresses are stored.

Session cookies are used solely for authentication and expire when you log out or after 30 days of inactivity.

5. Third Parties

We do not sell, rent, or share your personal data with third parties. The only external services we interact with on your behalf are the cryptocurrency exchanges you explicitly connect (Binance, Bybit) using the API keys you provide.

We do not use Google services, Facebook Pixel, or any advertising networks.

6. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all personal data (email, API keys, saved layouts, alerts) is permanently deleted within 30 days. Aggregate anonymised analytics are retained indefinitely as they contain no personal information.

7. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update incorrect or incomplete data
  • Deletion — request permanent deletion of your account and all associated data
  • Portability — request an export of your data in a machine-readable format

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

8. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email or with a notice on the site. The "last updated" date at the top of this page always reflects the most recent revision.

9. Contact

Questions about privacy or data handling? Get in touch at [email protected].