Privacy Policy

Last updated: April 2026

Article 1 (Purpose of Processing Personal Information)

AIQuantLab ("Company") processes personal information for the following purposes. Personal information collected shall not be used for any purpose other than those stated below. If the purpose of use changes, the Company will obtain separate consent and take all necessary measures in accordance with applicable law:

Account registration and management: Verification of intent to register, identity verification for membership service provision, maintenance and management of membership status, prevention of fraudulent or unauthorized use of the Service, delivery of various notices and notifications.
Service provision: Provision of the auto-trading program and quantitative trading signals, API integration with supported exchanges, processing and verification of cryptocurrency payments, response to service-related inquiries and support requests.
Complaint and dispute handling: Verification of the complainant's identity, confirmation of complaint details, fact-finding investigation, contact and notification regarding processing status and results.

Article 2 (Items of Personal Information Processed)

The Company processes the following categories of personal information in connection with the Service:

At registration: Telegram username, Telegram user ID
During service use (required): Cryptocurrency exchange API Key (Access Key, Secret Key, and Passphrase where applicable), automated trading logs and order history, access IP address, country of access (determined via IP geolocation)
For payment processing: Blockchain deposit wallet address (generated per transaction), transaction hash (txid), payment amount in USDT/USDC, blockchain network used (Solana), timestamp of payment confirmation and auto-transfer
Automatically collected: Browser User-Agent string, pages visited (via Google Analytics, anonymized), coupon codes used (if any)

API Secret Keys are stored in encrypted form within the Company's database and are used exclusively for the purpose of executing automated trades on behalf of the User. They are never shared with third parties, logged in plaintext, or used for any other purpose.

Article 3 (Processing and Retention Period of Personal Information)

The Company processes and retains personal information within the retention period consented to by the data subject or as required by applicable law. Specific retention periods are as follows:

Account and membership data: Retained until the User withdraws (terminates their account).
Exception — ongoing investigation: If an investigation related to a legal violation is in progress, data shall be retained until the conclusion of such investigation.
Exception — outstanding obligations: If debts, obligations, or unresolved disputes remain between the Company and the User, data shall be retained until such matters are fully settled.
Payment transaction records: Retained for a minimum of 5 years in accordance with applicable commercial and tax law requirements.

Article 4 (Destruction Procedures and Methods)

When personal information becomes unnecessary due to expiration of the retention period, achievement of the processing purpose, or other reasons, the Company shall destroy the information without delay:

Upon account termination: Immediate and permanent deletion of member information, API keys, and associated data from the production database.
Electronic files: Destroyed using technical methods that render the data irrecoverable and non-reproducible (secure deletion, cryptographic erasure).
Physical documents: Shredded or incinerated (if applicable).

Article 5 (Rights and Obligations of Data Subjects)

Users (data subjects) may exercise the following rights at any time:

Request to view, access, or receive a copy of their personal information held by the Company.
Request correction of inaccurate or incomplete personal information.
Request deletion of personal information (subject to legal retention requirements).
Withdraw consent for the collection and use of personal information by terminating their account.

To exercise any of these rights, Users may contact the Company via Telegram at @AIQuantLabBot.

Article 6 (Measures to Ensure the Security of Personal Information)

The Company takes the following measures to ensure the security and integrity of personal information:

Administrative measures: Establishment and implementation of internal management plans, periodic security awareness training for personnel with access to personal information, strict access control policies.
Technical measures: Role-based access control for personal information processing systems, installation and maintenance of access control and intrusion detection systems, encryption of sensitive data including API Secret Keys and passwords (AES-256 or equivalent), deployment of endpoint security software, regular security patching and vulnerability assessments, encrypted communication (HTTPS/TLS) for all data in transit.
Infrastructure measures: UFW firewall with strict port access rules, nginx reverse proxy with security headers (HSTS, CSP, X-Frame-Options), rate limiting on authentication endpoints.

Article 7 (Third-Party Services)

The Company uses the following third-party services in connection with the operation of the Service:

Solana Blockchain: Payment processing via USDT/USDC transfers on the Solana network. Unique deposit addresses are generated per transaction using HD wallet derivation.
Telegram: Signal delivery, customer communication, account registration, and payment notification platform.
Google Analytics: Anonymous, aggregated website usage analytics. No personally identifiable information is transmitted to Google Analytics.
Cryptocurrency Exchanges (Bybit, Bitget, Binance, Coinbase): The Company connects to these exchanges solely via User-provided API keys for the purpose of auto-trading execution. The Company does not access, store, or transmit any Exchange account credentials beyond the API keys voluntarily provided by the User.

Article 8 (Personal Information Protection Officer)

The Company designates the following officer to oversee personal information processing, handle data subject complaints, and address damage relief:

Personal Information Protection Officer: AIQuantLab Administrator
Contact: @AIQuantLabBot

Article 9 (Changes to the Privacy Policy)

This Privacy Policy is effective from the date of publication. If the Company makes any additions, deletions, or corrections to this policy due to changes in law or internal policy, the Company shall announce such changes at least 7 days prior to the effective date via the Service website or Telegram notification.