Privacy Policy

Last updated: October 10, 2025

1. Overview

This Privacy Policy explains how Trabicon LLC ("Trabicon", "we", "us", "our") collects, uses, discloses, and protects your personal data when you visit or use trabicon.app and our related services (collectively, the "Service"). This policy describes the categories of personal data we process, the purposes and legal bases for processing, how we share data, our retention practices, your rights, and the security measures we implement to protect your information.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Data Controller

Trabicon LLC

2 Park Plaza, Suite 680

Irvine, CA 92614

United States

Privacy Contact: info@trabicon.app

Trabicon LLC is the data controller responsible for your personal information. If you have questions about how we handle your data or wish to exercise your privacy rights, please contact us at the email address above.

3. Categories of Data We Collect

We collect and process the following categories of personal data when you use our Service:

3.1 Account & Identity Data

  • Full name
  • Email address
  • Username
  • Billing address
  • Phone number (if provided)
  • Company name (if registering as a business)
  • Account preferences and settings

3.2 Authentication & Credentials

  • Password (stored as a salted hash only; we never store plaintext passwords)
  • Two-factor authentication backup codes (if enabled)
  • OAuth tokens (if you use social login or third-party authentication)
  • Session tokens and authentication cookies

3.3 Payment & Billing Data

  • Billing name and address
  • Payment transaction metadata (transaction ID, amount, date, status)
  • Subscription plan and billing cycle information
  • Invoice history

Important: We do NOT store full payment card numbers, CVV codes, or complete banking information. All payment processing is handled securely by our third-party payment processor, Stripe, which is PCI DSS compliant. Stripe's privacy policy is available at stripe.com/privacy.

3.4 Exchange API Credentials & Trading Data

Critical Information: If you connect your Binance exchange account to enable automated trading, we collect and store:

  • Binance API keys (encrypted and stored securely)
  • API key metadata (permissions, creation date, status)
  • Trading activity logs (trades executed through our Service)
  • Portfolio balances and positions
  • Trading bot configurations and parameters
  • Transaction history accessed via API

Security Recommendation: We strongly recommend that you ONLY provide API keys with trading-only permissions and NEVER enable withdrawal, transfer, or internal transfer permissions. API keys are encrypted using industry-standard encryption (AES-256) and stored in a dedicated key management service (KMS).

3.5 Usage Data & Logs

We automatically collect certain information when you access or use the Service:

  • IP address and geolocation data (country/region level)
  • Device information (type, operating system, browser type and version)
  • Connection logs and timestamps
  • Pages visited and features used
  • API calls made and response times
  • Error logs and diagnostic information
  • Performance metrics and analytics data
  • Referral source (how you found our Service)

3.6 Communications Data

  • Support ticket content and correspondence
  • Chat messages with customer support
  • Email communications with us
  • Feedback and survey responses
  • Marketing communication preferences (if you opt in)

3.7 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information about your browsing activities. See Section 10 for detailed information about our use of cookies.

4. How We Use Your Data (Purposes & Legal Basis)

We process personal data for the following purposes and rely on the following legal bases:

4.1 Provide and Deliver the Service

Legal Basis: Contractual necessity (performance of our contract with you)

  • Create and manage your account
  • Execute trades on your behalf through connected exchange APIs
  • Provide trading signals and market analysis
  • Operate automated trading bots based on your configurations
  • Display portfolio tracking and performance metrics
  • Authenticate and authorize access to your account
  • Provide customer support and respond to inquiries

4.2 Process Payments and Billing

Legal Basis: Contractual necessity and legal obligation

  • Process subscription payments
  • Generate invoices and receipts
  • Manage billing cycles and renewals
  • Handle refunds and chargebacks
  • Comply with tax reporting obligations
  • Prevent payment fraud

4.3 Improve and Personalize the Service

Legal Basis: Legitimate interest (improving our Service and user experience)

  • Analyze usage patterns and user behavior
  • Conduct product research and development
  • Test new features and improvements
  • Personalize content and recommendations
  • Optimize Service performance and reliability
  • Conduct analytics and generate aggregate statistics

4.4 Security, Fraud Prevention, and Compliance

Legal Basis: Legitimate interest and legal obligation

  • Detect and prevent fraud, abuse, and unauthorized access
  • Monitor for suspicious trading activity or market manipulation
  • Enforce our Terms of Service
  • Comply with legal obligations and regulatory requirements
  • Respond to law enforcement requests and court orders
  • Protect the rights, property, and safety of Trabicon, our users, and others
  • Maintain audit trails and compliance records

4.5 Communications

Transactional Communications - Legal Basis: Contractual necessity

  • Send account notifications and security alerts
  • Notify you of trades executed on your behalf
  • Send service updates and maintenance notices
  • Provide billing and payment confirmations
  • Respond to your support requests

Marketing Communications - Legal Basis: Consent

  • Send promotional emails about new features and offers (only if you opt in)
  • Share product updates and newsletters (only if you opt in)

You can opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at info@trabicon.app.

5. Sharing and Disclosures

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share personal data with the following categories of recipients:

5.1 Service Providers

We share data with third-party service providers who perform services on our behalf under contract:

  • Payment Processors: Stripe (for processing subscription payments)
  • Cloud Hosting: Infrastructure providers for hosting our Service and databases
  • Analytics Providers: Tools for analyzing Service usage and performance
  • Email Service Providers: For sending transactional and marketing emails
  • Customer Support Tools: Platforms for managing support tickets and communications
  • Security Services: Fraud detection and prevention services

These service providers are contractually obligated to protect your data, use it only for the purposes we specify, and comply with applicable data protection laws.

5.2 Cryptocurrency Exchanges

To execute trades on your behalf, we interact with Binance's API using the API keys you provide. We transmit trading instructions and retrieve account information through these APIs. We do NOT sell, share, or transfer your API credentials to any other party. Your relationship with Binance is governed by Binance's own Terms of Service and Privacy Policy.

5.3 Legal & Compliance Disclosures

We may disclose personal data when required or permitted by law:

  • In response to subpoenas, court orders, or other legal processes
  • To comply with applicable laws, regulations, or governmental requests
  • To law enforcement agencies investigating illegal activity
  • To regulatory authorities overseeing financial services
  • To protect our rights, property, or safety, or those of our users or the public
  • To enforce our Terms of Service or other agreements
  • To prevent fraud or other illegal activity

5.4 Business Transfers

In connection with any merger, acquisition, reorganization, sale of assets, bankruptcy, or similar business transaction, personal data may be transferred to the acquiring entity or successor. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.

5.5 With Your Consent

We may share personal data for other purposes with your explicit consent or at your direction.

5.6 Aggregate and Anonymized Data

We may share aggregate, anonymized, or de-identified data that cannot reasonably be used to identify you. This may include statistics, trends, or insights derived from user data.

6. International Transfers

Trabicon operates globally, and our Service infrastructure may be located in multiple jurisdictions. Personal data may be transferred to, stored in, and processed in countries other than your country of residence, including the United States and other jurisdictions where our service providers operate.

When we transfer personal data outside of your jurisdiction to countries that do not provide an equivalent level of data protection, we implement appropriate safeguards to protect your data, including:

  • Standard Contractual Clauses (SCCs) approved by regulatory authorities
  • Binding Corporate Rules
  • Data Processing Agreements with service providers
  • Other legally recognized transfer mechanisms

For more information about international data transfers and the safeguards we use, please contact us at info@trabicon.app.

7. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, provide the Service, and comply with legal, regulatory, or contractual obligations.

7.1 Retention Periods

  • Account Data: Retained while your account is active, plus up to 7 years after account deactivation or closure for fraud prevention, legal compliance, and dispute resolution
  • API Keys & Exchange Credentials: Retained while you maintain an active connection to your exchange account, plus up to 3 years after disconnection for security audits and fraud investigation purposes
  • Trading Logs & Transaction History: Retained for up to 7 years to comply with financial recordkeeping requirements and for audit purposes
  • Billing Records & Invoices: Retained for 7 years as required by tax and accounting laws
  • Usage Logs & Analytics Data: Retained for up to 2 years for Service improvement and security monitoring
  • Support Communications: Retained for up to 3 years after the last interaction for quality assurance and dispute resolution
  • Marketing Communications: Retained until you withdraw consent or for up to 2 years after your last engagement

7.2 Deletion

After the applicable retention period expires, we will securely delete or anonymize your personal data. In some cases, we may retain certain information in anonymized or aggregated form that cannot be used to identify you.

You may request deletion of your personal data at any time (subject to legal retention requirements) by contacting us at info@trabicon.app. See Section 9 for more information about your rights.

8. Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. Our security practices include:

8.1 Encryption

  • Data in Transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
  • Data at Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption or equivalent
  • API Keys: Exchange API keys are encrypted using a dedicated Key Management Service (KMS) with additional encryption layers

8.2 Access Controls

  • Role-based access control (RBAC) limiting employee access to personal data based on job function
  • Multi-factor authentication (MFA) for administrative access
  • Principle of least privilege for data access
  • Regular access reviews and audits

8.3 Infrastructure Security

  • Secure cloud hosting infrastructure with redundancy and backups
  • Network segmentation and firewalls
  • Intrusion detection and prevention systems
  • Regular security vulnerability assessments and penetration testing
  • Automated security monitoring and alerting

8.4 Application Security

  • Secure coding practices and code reviews
  • Input validation and sanitization
  • Protection against common vulnerabilities (SQL injection, XSS, CSRF)
  • Rate limiting and DDoS protection
  • Session management and timeout policies

8.5 Organizational Measures

  • Employee security training and awareness programs
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures
  • Regular security policy reviews and updates
  • Data protection impact assessments for high-risk processing

8.6 Limitations

While we take reasonable measures to protect your data, no security system is impenetrable. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and should immediately notify us at info@trabicon.app if you suspect any unauthorized access to your account.

9. Your Privacy Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data:

9.1 Access

You have the right to request access to the personal data we hold about you and obtain a copy of that data.

9.2 Correction

You have the right to request that we correct inaccurate or incomplete personal data. You can update most account information directly through your account settings.

9.3 Deletion

You have the right to request deletion of your personal data, subject to certain exceptions (such as legal retention requirements, pending transactions, or ongoing disputes).

9.4 Portability

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

9.5 Restriction of Processing

You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data or assess your objection to processing.

9.6 Objection

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

9.7 Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw consent at any time. This does not affect the lawfulness of processing before withdrawal.

9.8 Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority or data protection regulator in your jurisdiction if you believe we have violated your privacy rights.

9.9 How to Exercise Your Rights

To exercise any of these rights, please contact us at info@trabicon.app with:

  • Your full name and email address associated with your account
  • A description of the right you wish to exercise
  • Any relevant details or supporting information

We will respond to your request within 30 days (or as required by applicable law). We may need to verify your identity before fulfilling certain requests.

10. Cookies and Tracking Technologies

We use cookies, web beacons, pixels, and similar tracking technologies to collect information about your use of the Service and to provide, maintain, and improve our Service.

10.1 Types of Cookies We Use

Essential Cookies: Required for the Service to function properly

  • Authentication cookies (to keep you logged in)
  • Security cookies (to detect and prevent fraud)
  • Session management cookies

Performance Cookies: Help us understand how users interact with the Service

  • Analytics cookies (to measure traffic and usage patterns)
  • Error tracking cookies (to identify and fix technical issues)

Functional Cookies: Enable enhanced functionality and personalization

  • Preference cookies (to remember your settings)
  • Language cookies (to display content in your preferred language)

Marketing Cookies: Used to deliver relevant advertisements (only with your consent)

  • Tracking cookies for retargeting campaigns
  • Conversion tracking pixels

10.2 Third-Party Cookies

We may use third-party services that set cookies on your device, including:

  • Google Analytics (for usage analytics)
  • Stripe (for payment processing)
  • Customer support and chat tools

These third parties have their own privacy policies governing their use of cookies and data collection.

10.3 Cookie Management

Most web browsers automatically accept cookies, but you can modify your browser settings to decline cookies or alert you when cookies are being sent. Please note that disabling certain cookies may affect the functionality of the Service.

You can manage cookie preferences through:

  • Your browser settings (Chrome, Firefox, Safari, Edge, etc.)
  • Our cookie consent banner (when applicable)
  • Your account settings for functional preferences

11. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not operated by Trabicon (such as Binance, social media platforms, or partner services). This Privacy Policy does not apply to third-party services.

We are not responsible for the privacy practices or content of third-party services. We encourage you to review the privacy policies of any third-party services you access through our Service.

12. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@trabicon.app, and we will delete such information from our systems.

13. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

13.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.

13.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

13.3 Right to Opt-Out of Sale

We do NOT sell personal information. We do not sell, rent, or share personal information with third parties for their direct marketing purposes.

13.4 Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising your CCPA rights.

13.5 Shine the Light

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. As stated above, we do not share personal information with third parties for their direct marketing purposes.

13.6 Exercising CCPA Rights

To exercise your CCPA rights, contact us at info@trabicon.app. We will verify your identity before processing your request.

14. European Economic Area (EEA) and UK Rights (GDPR)

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent
  • Right to lodge a complaint with your local supervisory authority

For EEA and UK residents, our legal bases for processing are outlined in Section 4. To exercise your GDPR rights, contact us at info@trabicon.app.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify you via email (to the address associated with your account)
  • Display a prominent notice on our website or within the Service
  • Provide at least 30 days' notice before material changes take effect (where required by law)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Trabicon LLC

2 Park Plaza, Suite 680

Irvine, CA 92614

United States

Email: info@trabicon.app

Website: trabicon.app

We will respond to your inquiry as promptly as possible, typically within 30 days.

By using the Trabicon Service, you acknowledge that you have read and understood this Privacy Policy.

Effective Date: October 10, 2025