T.Bot

Effective June 15, 2026

Privacy Policy

T.Bot is an automated trading-signal platform. This policy explains what data we collect from you, why we collect it, who we share it with, and what control you have over it. It is written to be read.

Contents

  1. Who we are
  2. What we collect
  3. How we use it
  4. Who we share it with
  5. How long we keep it
  6. Your rights and choices
  7. Security
  8. Children
  9. International users
  10. Changes to this policy
  11. Contact

1. Who we are

T.Bot is operated by Atlas Digital Group. When this policy says “T.Bot”, “we”, “us”, or “our”, it means Atlas Digital Group. When it says “you” or “your”, it means the person using T.Bot — either a trader receiving signals or an administrator of a trading firm using T.Bot.

For any privacy question, email support@mytbot.com.

2. What we collect

We only collect what we need to run the service. Specifically:

2.1 Account information

  • Email address and a hashed password (we never see your plaintext password).
  • Display name and optional avatar URL.
  • Your timezone, so quiet hours for notifications fire in your local time.

2.2 Trading data

  • The trading firm and strategies you belong to, and your role within each (member, admin, owner).
  • Signals fired by your firm’s strategies — these belong to the firm, not to you personally.
  • Your actions on signals (take, skip, journal entries) and any emotional check-in you choose to fill in (mood, confidence rating, and an optional free-text note).
  • Encrypted credentials for any broker account you choose to connect (e.g. OANDA, TopstepX). We store these encrypted at the application layer; the plaintext is only decrypted in memory when sending an order on your behalf.

2.3 Notification settings

  • Whether push notifications are enabled overall.
  • Per-strategy and per-symbol mute toggles.
  • Quiet hours window (start and end hour in your timezone).
  • Your Expo push token and platform (iOS or Android) so we can deliver a notification to the right device.

2.4 Usage and diagnostics

  • Product analytics events (for example, that you opened a signal or tapped Subscribe) collected via PostHog. We use these to understand which features are useful and to debug crashes.
  • Standard server logs from our hosting provider (IP address, user agent, timestamps). These are kept short-term for security and debugging.

2.5 What we deliberately do not collect

  • We do not request your contacts, location, microphone, or health data.
  • We do not request access to your photo library or camera unless you choose to set a profile photo. If you do, we only access the single image you pick.
  • We do not sell your data to anyone, ever.
  • We do not run third-party advertising in T.Bot.

3. How we use it

We use the data above to:

  • Run the service — show you the right signals, accept your trade decisions, deliver the notifications you opt into, and (if you connect a broker) route orders.
  • Authenticate you and keep your account secure.
  • Improve the product. We look at aggregated usage patterns; we do not sell or rent personal data for marketing.
  • Provide support. If you email us, we look at the relevant slice of your data to help.
  • Comply with the law and respond to lawful requests where we are legally required to.

4. Who we share it with

We use a small set of third-party services to run T.Bot. They process data on our behalf under their own privacy policies; we do not share your data with anyone else.

  • Supabase — authentication, database hosting, and file storage. United States region.
  • Vercel — application hosting and edge functions (United States).
  • Expo — push notification delivery and over-the-air updates for the mobile app.
  • PostHog — product analytics (United States region).
  • SendGrid — transactional email (account confirmation, invites, password resets).
  • Slack — only if your trading firm has connected a Slack workspace to receive signal notifications.
  • Brokers (e.g. OANDA, TopstepX) — only when you choose to connect a broker account and place orders.
  • Apple App Store and Google Play — for app distribution and crash reporting.
  • TradingView — chart embeds inside the app. Loaded in an in-app browser; we do not transmit your account data to TradingView.

If we are legally compelled to disclose data — for example, by a valid court order — we will do so. We will notify you where the law permits us to.

5. How long we keep it

We keep your data for as long as you have an account with us. When you delete your account (Account → Delete account in the mobile app, or by emailing us), we remove your sign-in, profile, notification settings, connected broker credentials, and push token within 30 days.

Two things are deliberately retained even after deletion:

  • Signals received during your time on the platform — these belong to the trading firm you were a member of, not to you, and are kept for the firm’s historical performance records.
  • Trade journal entries and decisions you made on signals, for the same reason — they form part of the firm’s historical record. After deletion these are no longer linked to your name or email.

6. Your rights and choices

You can, at any time:

  • Access and correct the profile data we hold — open the mobile app, go to Account.
  • Delete your account in the app: Account → Delete account. This removes the data described in section 5 within 30 days.
  • Mute notifications for any strategy or instrument, or turn off pushes entirely, in Account → Notifications.
  • Export the data we hold about you by emailing support@mytbot.com. We will respond within 30 days.

Residents of California (CCPA / CPRA) and the European Economic Area and United Kingdom (GDPR) have additional rights, including the right to object to or restrict processing. Email us using the address above and we will honor those rights in line with the applicable law.

7. Security

Data in transit is encrypted with TLS. Data at rest in Supabase is encrypted by the provider. Broker credentials are additionally encrypted at the application layer before being written to the database, using a key we manage. Access to production data is restricted to the operators of T.Bot and is logged.

No system is perfectly secure. If we discover a security incident that affects your data, we will notify you as soon as we reasonably can.

8. Children

T.Bot is not directed to anyone under the age of 18. We do not knowingly collect data from anyone under 18. If you believe a child has created an account, email us and we will delete it.

9. International users

T.Bot is operated from the United States. If you use T.Bot from outside the United States, your data will be transferred to and processed in the United States. By using T.Bot you consent to that transfer. Where required by law (for example, for EU/UK residents), we rely on Standard Contractual Clauses or equivalent safeguards for the transfer.

10. Changes to this policy

We may update this policy as the product evolves. The “Effective” date at the top reflects the most recent change. If a change is material — for example, a new category of data we collect — we will notify you in the app or by email before the change takes effect.

11. Contact

Questions, requests, or complaints about how we handle your data: support@mytbot.com.

Atlas Digital Group is the data controller for the purposes of GDPR.