HomePrivacy Policy

Privacy Policy

We take your privacy seriously. This policy explains exactly what data we collect, how we use it, and your rights — including under GDPR and CCPA.

Last updated: April 18, 2026~6 min readGDPR CompliantCCPA Compliant

1. Who We Are

CAJDA Bot is a web-based algorithmic trading assistant developed and operated by BlaqueGirlDev (blaquegirldev.com).

For the purposes of applicable data protection law (including the EU General Data Protection Regulation — GDPR — and the California Consumer Privacy Act — CCPA), BlaqueGirlDev is the data controller responsible for your personal data.

This Privacy Policy applies to all users of the CAJDA Bot platform, including visitors to our website, registered users, and subscribers. It covers all data processing activities carried out by CAJDA Bot.

Legal Basis for Processing (GDPR Art. 6)

We process your data on the following legal bases: (a) Contract — to provide the service you signed up for; (b) Legitimate Interests — to improve the platform and prevent fraud; (c) Consent — for optional analytics cookies, which you may withdraw at any time.

2. Data We Collect

We collect only the minimum data necessary to provide the CAJDA Bot service. Here is a full breakdown:

Account Information
  • Email address — used for authentication and service communications
  • Password (stored as a secure bcrypt hash — we never store plain-text passwords)
  • Account creation date and last login timestamp
Broker API Credentials
  • API keys and secrets you voluntarily provide when connecting a broker or exchange
  • These are stored encrypted in our Supabase database and are NEVER readable by the frontend
  • Only our server-side Edge Functions access credentials — never your browser
  • You may delete your credentials at any time by disconnecting the integration
Usage & Technical Data
  • Pages visited and features used (with your consent via analytics cookies)
  • Browser type, operating system, and device type
  • IP address (used for security and fraud prevention, not for tracking)
  • Session duration and interaction patterns (aggregated, not individually profiled)
Subscription & Payment Data
  • Subscription tier and status (free trial, active, expired)
  • Payment processing is handled entirely by Stripe — we do NOT store card numbers, CVVs, or full payment details
  • We receive only a Stripe customer ID and subscription status confirmation

We do not collect: real name, phone number, physical address, social security number, or any financial account balances.

3. How We Use Your Data

We use your data exclusively for the following purposes:

Authentication

Verifying your identity and maintaining secure sessions

Service Communications

Sending account confirmations, security alerts, and policy updates

Platform Operation

Routing broker API calls through our secure edge functions

Security & Fraud Prevention

Detecting and preventing unauthorized access or abuse

Platform Improvement

Understanding usage patterns to improve features (with consent)

Legal Compliance

Meeting our obligations under applicable laws and regulations

We do not use your data for advertising, profiling, or selling to third parties. We do not use your broker credentials for any purpose other than forwarding your authorized API requests to the relevant broker.

4. Broker & Exchange Integrations

When you connect a broker or exchange (e.g., Alpaca, Binance, Kraken, Coinbase Pro, Interactive Brokers), you voluntarily provide API credentials. Here is exactly how we handle them:

How Credentials Are Stored

  • Credentials are transmitted over HTTPS (TLS 1.3) and stored in an encrypted Supabase PostgreSQL database
  • Row Level Security (RLS) ensures only your own credential rows are accessible
  • The frontend application cannot read credentials back — there is no SELECT policy for the browser
  • Only server-side Edge Functions (running in Deno, not in your browser) can access credentials using the service role key
  • We never log, cache, or display your raw API keys or secrets after they are saved

How API Calls Work

When you request account data or trading actions, the flow is:

Your BrowserCAJDA Bot Edge FunctionBroker APIResponse to You

Your credentials never travel from the server back to your browser. The edge function fetches data on your behalf and returns only the result.

Deleting Your Credentials

You can disconnect any integration at any time from the Integrations page. Disconnecting permanently deletes your stored credentials for that platform from our database. We recommend also revoking the API key from your broker's dashboard after disconnecting.

Important Security Notice

CAJDA Bot staff will never ask for your API keys via email, chat, or support tickets. If anyone claiming to be from CAJDA Bot asks for your credentials, treat it as a phishing attempt and report it immediately.

5. Cookies & Tracking

We use cookies and browser storage technologies to operate the platform. Here is a full breakdown of what we use and why:

CategoryPurposeConsent RequiredRetention
EssentialAuthentication session, CSRF protection, security tokensNo — requiredSession / 7 days
PreferencesCookie consent choice, UI settings, dismissed bannersNo — device-local only1 year
AnalyticsAnonymized page views and feature usage patternsYes — opt-in90 days

On your first visit, a cookie consent banner will appear. You can accept all, decline non-essential, or manage individual categories. Your choice is saved in localStorage and respected on all future visits.

You can change your cookie preferences at any time by clicking "Cookie Settings" in the footer of any page. You can also clear all cookies via your browser settings — note that clearing essential cookies will log you out.

We do not use advertising cookies, cross-site tracking pixels, or third-party marketing trackers of any kind.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data. We share data only with the following trusted sub-processors, strictly as necessary to operate the service:

Supabase

USA (AWS us-east-1)

Role: Database, Authentication & Edge Functions

Data shared: Email, hashed password, encrypted broker credentials, session tokens

View their Privacy Policy

Stripe

USA / EU

Role: Payment Processing

Data shared: Email, subscription status, Stripe customer ID (no card data stored by us)

View their Privacy Policy

Broker APIs (Alpaca, Binance, etc.)

Varies by broker

Role: Trading Data & Order Execution

Data shared: Your API credentials are forwarded to the broker you chose to connect

We may also disclose data if required by law, court order, or to protect the rights and safety of our users or the public.

7. Data Retention

Account data (email, auth)

Until you delete your account — Deleted within 30 days of account deletion request

Broker API credentials

Until you disconnect the integration — Immediately deleted on disconnect

Session tokens

Session duration or 7 days (remember me) — Automatically expired by Supabase Auth

Analytics data

90 days — Aggregated and anonymized — not linked to your account

Subscription records

7 years — Required for financial/tax compliance

Security logs (IP, timestamps)

90 days — Used for fraud detection and security audits

8. Your Rights (GDPR / CCPA)

Depending on your location, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you

Right to Rectification

Request correction of inaccurate or incomplete data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict

Request that we limit how we process your data

Right to Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests

Withdraw Consent

Withdraw consent for analytics cookies at any time

Right to Complain

Lodge a complaint with your local data protection authority

How to Exercise Your Rights

To exercise any of the above rights, contact us via the Contact page. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

CCPA Note: California residents have the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information. We do not sell personal information.

9. Security Measures

We implement industry-standard security measures to protect your data:

TLS 1.3 encryption for all data in transit
AES-256 encryption for data at rest (Supabase)
Row Level Security (RLS) on all database tables
Server-side credential access only — no frontend reads
Rate limiting on all sensitive API endpoints
Input validation and injection-pattern filtering
JWT-based authentication with short expiry windows
No plain-text secrets stored anywhere in the codebase

Despite these measures, no system is 100% secure. If you discover a security vulnerability, please report it responsibly via our Contact page.

10. Children's Privacy

CAJDA Bot is not directed at children under the age of 18. We do not knowingly collect personal data from anyone under 18.

If you believe a minor has provided us with personal data, please contact us immediately via the Contact page and we will delete the data promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify registered users via email.

Your continued use of CAJDA Bot after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

12. Contact Us

For any privacy-related questions, data requests, or to report a security concern, please reach out through our official channels:

Contact Pageblaquegirldev.com

We aim to respond to all privacy requests within 30 business days.

Your data is in safe hands

We built CAJDA Bot with privacy-first principles. Your broker credentials never touch the browser after saving, your data is never sold, and you can delete everything at any time.

Back to HomeRead Terms of Use