Privacy Policy

Last updated: April 27, 2026

What we collect

  • Account data — email address, name (optional), encrypted password hash, and 2FA secret. Stored by our auth provider Clerk.
  • Subscription data — billing email, last 4 digits of card, subscription status, and payment history. Stored by Stripe.
  • Bot API keys — randomly-generated tokens that link your desktop bot to your account. Stored hashed in our database.
  • Bot telemetry (optional) — if you enable cloud sync, your bot may upload portfolio value snapshots and trade summaries to your account. Disabled by default.
  • Site analytics — anonymous page views, referrers, and basic device info via Vercel Analytics. No cookies, no fingerprinting.

What we do NOT collect

  • Your brokerage account credentials. These live only on your computer in a local file. We never see or transmit them.
  • The contents of your trades for tax or compliance reporting (you handle that with your broker).
  • Personally-identifying tracking beyond what's required for billing.

How we use it

  • Authenticate you when you log in to the website or desktop bot.
  • Process your subscription via Stripe.
  • Decide whether your bot should unlock Pro features.
  • Send transactional emails (password reset, payment receipts, important account notices).
  • Diagnose bugs and improve the product (aggregate analytics only).

Third parties we share with

We use these services to operate DBOT. Each has its own privacy policy:
  • Clerk — authentication and 2FA (clerk.com/privacy)
  • Stripe — payment processing (stripe.com/privacy)
  • Vercel — website hosting and analytics (vercel.com/legal/privacy-policy)
  • Cloudflare — DNS and update file hosting (cloudflare.com/privacypolicy)
We do not sell your personal information to anyone, ever.

Data retention

Account data is kept while your account is active and for up to 30 days after deletion to handle billing reconciliation. Stripe retains payment records for as long as required by tax law. Site analytics data is anonymous and retained per Vercel's policy.

Your rights

You can:
  • View and update your account info at any time on the dashboard.
  • Cancel your subscription via the customer portal.
  • Delete your account by emailing us (we'll confirm via email before processing).
  • Request a copy of all data we hold about you.
For users in the EU/UK/California, you have additional rights under GDPR, UK-GDPR, and CCPA respectively. Contact us for access, correction, deletion, or portability requests.

Security

We use HTTPS for all traffic. Passwords are never stored in plaintext. Bot API keys are hashed before storage. We rely on Clerk and Stripe — both PCI/SOC2-certified — for the most sensitive data. No system is perfectly secure; if we discover a breach affecting your data we will notify you within 72 hours.

Children

DBOT is not intended for users under 18. We do not knowingly collect data from minors.

Changes to this policy

We may update this policy. Material changes will be communicated by email. The "last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about your data? Email us at support@d-bot.net.