This website is a tool to automate portfolio management. You can only get an account by invitation.
This is a non-profit personal project, i.e. I don’t earn extra money from other users using my service. Making it available for fiends and family is just a friendly gesture.
However, the blather below is necessary to cover myself, but also to inform you about security and privacy measures and rights.
Your data and privacy
Data is sent over a secure (SSL) connection and is stored on secure servers of a third party located in The Netherlands. I do not combine this data with any other data I may have, and I do not share personal data with anyone except the required API keys with exchanges to authorize API requests.
All users can view, edit, or delete only their own personal information and API keys at any time (except they cannot change their username). Website administrators can also view and edit that information, except for API keys which are stored encrypted. This information is stored as long as your account exists.
Please know that as long as you have submitted any exchange API keys on this website, you are giving this service permission to trade on your behalf.
What rights you have over your data
Your data is your property. If you have an account on this website, you can request to receive an exported file of all the personal data I hold about you. You can also request that I erase any personal data I hold about you. This does not include any data I am obliged to keep for administrative, legal, or security purposes, if any.
Security measures
All API keys are stored encrypted using a secret key that is being stored outside the database. This way, a hacker would need to obtain access to both the database and the filesystem in order to decrypt any API key, which is very unlikely to happen. When making requests to exchange API’s, the required API key will be decrypted in memory and is send with that request in order to authorize the call. Users can only view decrypted API keys that belong to their account, i.e. only you can view your decrypted API keys, no one else can.
I don’t rely on third-party software for handling sensitive actions such as communicating with exchanges. For these purposes, I use only self-programmed code in combination with official libraries from external services that are necessary to carry out these purposes. All this logic is covered in an open-source plugin, the code can be viewed on Github: https://github.com/bvandevliet/trader-plugin
Liability
I exclude all liability for any direct or indirect damages of any kind resulting from the use of information and/or services through my website, or the temporary inability to consult my website. You are responsible for all your actions on- and everything you send from the website.
Cookies
If you visit the login page, a temporary cookie is set to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, several cookies are set to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
Embedded content from other websites
Articles on this website may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Changes
This disclaimer is tailored to the purpose and use of- and the possibilities on this website. Any adjustments and/or changes to this website may lead to changes in this privacy statement. It is therefore advisable to consult this privacy statement regularly.