Privacy Policy

Last updated: January 29, 2026

title: "Privacy Policy" lastUpdated: "2026-01-29" version: "1.0"

Privacy Policy

Effective Date: January 29, 2026

1. Introduction

Larofits ("we," "us," or "our") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Name (optional)
  • Account creation date

2.2 API Credentials

To provide our service, we collect:

  • Exchange API keys (encrypted at rest)
  • API secrets (encrypted at rest)
  • Exchange account identifiers
  • API permission scopes

Important: API keys are encrypted using AES-256 encryption and stored securely. We never see or store your exchange passwords.

2.3 Usage Information

We automatically collect:

  • Platform usage patterns
  • Automation configurations (non-personal)
  • Execution logs
  • Error logs
  • Performance metrics

2.4 Technical Information

We collect:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Access times

2.5 Communication Information

If you contact us:

  • Support ticket content
  • Email correspondence
  • Feedback and suggestions

3. How We Use Your Information

3.1 Service Provision

We use your information to:

  • Provide platform access and functionality
  • Execute your automation configurations
  • Connect to exchange APIs
  • Monitor system performance
  • Provide customer support

3.2 Service Improvement

We analyze aggregated, non-personal data to:

  • Improve platform performance
  • Develop new features
  • Identify and fix bugs
  • Optimize user experience

3.3 Communication

We may contact you for:

  • Account notifications
  • Service updates
  • Security alerts
  • Support responses
  • Legal notices

We do NOT send marketing emails unless you explicitly opt in.

3.4 Security and Fraud Prevention

We use information to:

  • Detect and prevent unauthorized access
  • Monitor for suspicious activity
  • Investigate potential violations
  • Comply with legal obligations

4. How We Share Your Information

4.1 No Sale of Data

We do not sell, rent, or trade your personal information to third parties.

4.2 Service Providers

We may share information with trusted service providers who assist us:

  • Cloud infrastructure (encrypted data hosting)
  • Payment processors (subscription billing)
  • Analytics providers (aggregated data only)
  • Email service providers (transactional emails only)

All service providers are bound by confidentiality agreements.

4.3 Legal Requirements

We may disclose information if required by:

  • Valid legal process (court orders, subpoenas)
  • Law enforcement requests
  • Protection of our legal rights
  • Prevention of fraud or security threats

4.4 Business Transfers

In the event of a merger, acquisition, or sale:

  • User data may be transferred to successor entity
  • We will notify users via email before transfer
  • The Privacy Policy will continue to apply

5. API Credential Security

5.1 Encryption

  • API keys are encrypted at rest using AES-256
  • Data in transit uses TLS 1.3 encryption
  • Encryption keys are stored separately
  • Keys are rotated regularly

5.2 Access Controls

  • Strict access controls limit who can access encrypted data
  • All access is logged and monitored
  • Multi-factor authentication required for admin access
  • Regular security audits conducted

5.3 Permission Scope

  • We only request read and trade API permissions
  • We NEVER request withdrawal permissions
  • You can revoke API access anytime from your exchange
  • Revocation immediately terminates our access

6. Data Retention

6.1 Active Accounts

While your account is active:

  • Account information is retained
  • Recent execution logs are maintained
  • Configuration history is preserved

6.2 Account Deletion

Upon account deletion:

  • Personal information is removed within 30 days
  • API credentials are immediately deleted
  • Logs are anonymized or deleted
  • Some data may be retained for legal compliance

6.3 Legal Retention

We may retain certain data longer if required by:

  • Regulatory obligations
  • Tax requirements
  • Legal proceedings
  • Legitimate business interests

7. Your Rights

7.1 Access

You have the right to:

  • Access your personal information
  • Request a copy of your data
  • View your automation logs
  • Review your account history

7.2 Correction

You can:

  • Update your account information
  • Correct inaccurate data
  • Modify your preferences
  • Update contact information

7.3 Deletion

You can:

  • Delete your account at any time
  • Request removal of personal information
  • Revoke API access
  • Opt out of communications

7.4 Portability

You can:

  • Export your automation configurations
  • Download your execution logs
  • Transfer data to another service

7.5 Objection

You can:

  • Object to certain data processing
  • Opt out of analytics tracking
  • Disable non-essential cookies
  • Restrict data usage

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies for:

  • Authentication and security
  • Session management
  • Platform functionality
  • Preference storage

These cookies are necessary for the platform to function.

8.2 Analytics Cookies

With your consent, we use analytics cookies to:

  • Understand usage patterns
  • Improve user experience
  • Identify technical issues

You can opt out of analytics tracking.

8.3 Cookie Management

You can:

  • Adjust cookie settings in your browser
  • Opt out via our cookie banner
  • Delete existing cookies
  • Block future cookies

For more information, see our Cookie Policy.

9. Third-Party Links

Our platform may contain links to third-party websites:

  • We are not responsible for their privacy practices
  • Their privacy policies apply to their sites
  • Review their policies before providing information
  • Third-party integrations have separate terms

10. Children's Privacy

Larofits is not intended for users under 18:

  • We do not knowingly collect data from minors
  • If we learn of underage users, accounts will be terminated
  • Parents can contact us to request data deletion

11. International Data Transfers

  • Data may be processed in different countries
  • We use appropriate safeguards for transfers
  • Data protection standards are maintained
  • Users in the EU have specific rights under GDPR

12. Security Measures

We implement robust security measures:

  • Encryption at rest and in transit
  • Regular security audits
  • Access controls and monitoring
  • Incident response procedures
  • Employee security training

However, no system is 100% secure. You should:

  • Use strong, unique passwords
  • Enable two-factor authentication
  • Monitor your account regularly
  • Report suspicious activity immediately

13. Changes to Privacy Policy

We may update this Privacy Policy:

  • Updates will be posted with a new effective date
  • Material changes will be notified via email
  • Continued use constitutes acceptance
  • Previous versions available upon request

14. Contact Us

For privacy-related questions or requests:

Email: [email protected]

Subject Line: Privacy Inquiry

Response Time: We aim to respond within 7 business days

15. Data Protection Officer

For EU users, you can contact our Data Protection Officer at:

16. Supervisory Authority

EU users have the right to lodge a complaint with their local data protection authority if they believe their rights have been violated.

By using Larofits, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.