Privacy Policy

Last updated: 19 March 2026

Your privacy matters. This policy explains what data VersaSuite collects, why, and how it's protected. I've kept it as straightforward as possible. Short version: we collect only what's needed to run the service, we don't sell your data, and we don't use tracking cookies or advertising networks.

VersaSuite is operated by Darren Lim, based in Kuala Lumpur, Malaysia. This policy covers all VersaSuite products: VersaCharts, VersaTrader, VersaDash, VersaScanner, VersaBot, and VersaLog.

1. Information We Collect

We collect the minimum data needed to provide the service. Here's exactly what we store:

Account data

  • Email address — used for login, password resets, and service communications
  • Password — stored as a bcrypt hash. We never store or see your plain-text password.
  • TOTP secret — if you enable two-factor authentication, your TOTP secret is encrypted at rest

Exchange API keys

  • If you connect an exchange (Binance, Bybit, MEXC, OKX, KuCoin, Kraken, Coinbase, Gate.io, HTX, Bitget), your API keys are stored encrypted using AES-256
  • We only support read and trade permissions. VersaSuite never requests or stores withdrawal-enabled API keys.

Trading data

  • Orders, positions, and portfolio snapshots are stored to provide the service (dashboards, performance tracking, trade history)

Payment data

  • Blockchain transaction hashes and amounts for subscription verification (USDT/USDC)
  • We do not collect or store credit card numbers, bank details, or billing addresses

Usage data

  • Aggregate, anonymised page view analytics via privacy-first tools (Plausible or Umami)
  • No personal data is collected. No IP addresses are stored. No cookies are set for analytics.

2. Information We Don't Collect

We intentionally don't collect:

  • Real names or legal names
  • Phone numbers
  • Physical or mailing addresses
  • Government-issued IDs
  • Browsing history outside VersaSuite
  • Data from advertising or tracking cookies

3. How We Use Your Data

Your data is used solely to provide and improve the service:

  • Authenticate your account and maintain your session
  • Connect to exchanges on your behalf using the API keys you provide
  • Store your trading data so you can view orders, positions, and performance
  • Verify subscription payments and manage Pro access
  • Send transactional emails (account confirmation, password reset, subscription updates)
  • Understand how the product is used in aggregate to improve it

We do not use your data for advertising, profiling, behavioural targeting, or any purpose beyond operating the service.

4. Legal Basis for Processing (GDPR)

If you're in the European Economic Area, we process your data under the following legal bases:

  • Contract — account data and trading data are processed to provide the service you signed up for
  • Legitimate interest — anonymised analytics to improve the product, without impacting your privacy
  • Legal obligation — retaining transaction records where required by applicable law

5. Data Storage and Security

All data is stored on servers in Singapore (Linode/Akamai). Here's how we protect it:

  • Exchange API keys are encrypted at rest using AES-256
  • Passwords are hashed with bcrypt (not reversible)
  • TOTP secrets are encrypted at rest
  • All database connections use TLS encryption in transit
  • Principle-of-least-privilege access: only the application itself reads your data
  • No third parties have access to the database

6. Cookies

VersaSuite uses one cookie: a session cookie for authentication. It's httpOnly and secure. It expires when you log out or after 30 days of inactivity.

We do not use tracking cookies, advertising cookies, or third-party cookies. There is nothing to consent to because we don't track you.

7. Third Parties

We do not sell, rent, or share your personal data with third parties. Period.

The only external services we interact with on your behalf are:

  • Cryptocurrency exchanges (Binance, Bybit, MEXC, OKX, KuCoin, Kraken, Coinbase, Gate.io, HTX, Bitget) — only when you explicitly connect your API keys
  • Blockchain networks — to verify subscription payments (USDT/USDC transactions)

We do not use Google Analytics, Google Fonts, Google Tag Manager, Facebook Pixel, or any advertising network.

8. International Data Transfers

Our servers are in Singapore. If you're in the EU/EEA, Singapore has an adequacy decision from the European Commission, which means your data transfers are covered without additional safeguards. If you're elsewhere, your data is processed in Singapore under the protections described in this policy.

9. Data Retention

Your data is retained for as long as your account is active. When you delete your account:

  • All personal data (email, API keys, trading data, saved layouts, alerts) is permanently deleted within 30 days
  • Anonymised, aggregate analytics data is retained indefinitely as it contains no personal information
  • Transaction records may be retained in anonymised form where required for bookkeeping obligations

10. Your Rights

Regardless of where you're located, you have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — update incorrect or incomplete data
  • Deletion — request permanent deletion of your account and all associated data
  • Portability — request an export of your data in JSON format
  • Objection — object to processing based on legitimate interest

To exercise any of these rights, email [email protected]. We respond within 30 days.

11. Do Not Sell My Information

We do not sell your personal information. We have never sold personal information. We will not sell personal information in the future. This applies to all users, including residents of California and other US states with consumer privacy laws.

12. Children

VersaSuite is not intended for anyone under 18. We do not knowingly collect data from minors. If we learn that a user is under 18, we will delete their account and associated data.

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will notify affected users by email within 72 hours and report to the relevant supervisory authority where required by law.

14. Changes to This Policy

We may update this policy from time to time. If we make significant changes, we will notify you by email or with a notice on the site. The "last updated" date at the top always reflects the most recent revision.

15. Contact

Questions about privacy or how your data is handled? Reach out at [email protected].

Darren Lim
Kuala Lumpur, Malaysia