Back to Home

Privacy Policy

Last Updated: March 22, 2026

---

1. Introduction

ATHENA Trading (“we,” “our,” or “the Platform”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our trading platform.

ATHENA Trading is a web-based trading interface that connects to the Bybit cryptocurrency exchange. We do not have access to your funds. All trading occurs directly on Bybit infrastructure using your API keys.

---

2. Information We Collect

2.1 Information You Provide

API Credentials (session-only — never permanently stored, deleted immediately upon logout):

• Bybit API Key
• Bybit API Secret (encrypted with AES-256-GCM)
• Environment selection (mainnet/testnet)
• Account UID (retrieved from Bybit upon login)

Preferences:

• Language selection
• Chart interval preference
• Selected trading pair and market category (Spot/Futures)

2.2 Automatically Collected Information

Usage Data:

• IP address
• Browser type and version
• Device information and operating system
• Pages visited and features used
• Time and date of access

Trading Activity:

• Orders placed (symbol, price, quantity, type, side)
• Positions opened, modified, and closed
• Leverage and margin mode changes
• GPT analysis requests and responses
• WebSocket connection logs

Technical Data:

• Session IDs
• CSRF tokens
• WebSocket connection state
• Error logs and stack traces

2.3 Information We Do Not Collect

• Your Bybit account password
• Credit card or payment information
• Private keys or wallet seeds
• Personal identification documents
• Social security numbers or tax IDs
• Withdrawal-related data (the Platform does not support withdrawals)

---

3. How We Use Your Information

3.1 Primary Uses

To Provide Service:

• Authenticate your identity via Bybit API credentials
• Execute trading operations via the Bybit API
• Display real-time market data, charts, and order book
• Manage your orders, positions, and margin settings
• Process AI analysis requests via OpenAI GPT
• Maintain your session and restore preferences

To Improve Service:

• Analyze usage patterns to enhance the user experience
• Identify and fix bugs
• Optimize performance
• Develop new features

For Security:

• Detect and prevent fraud
• Monitor for suspicious activity
• Enforce rate limits
• Validate sessions
• Protect against attacks (CSRF, XSS, etc.)

3.2 Legal Compliance

We may use your information to:

• Comply with legal obligations
• Respond to lawful requests from authorities
• Enforce our Terms of Service
• Protect our rights and safety
• Resolve disputes

---

4. How We Protect Your Information

4.1 Encryption

API Credentials:

• Encrypted using AES-256-GCM algorithm
• Unique encryption key per environment
• Never stored in plain text
• Never logged or transmitted unencrypted
• Deleted immediately upon logout

Sessions:

• Encrypted with 256-bit session secret
• Stored in a secure database
• Automatic expiration after inactivity
• Periodic revalidation via heartbeat

4.2 Security Measures

Network Security:

• HTTPS encryption for all connections
• TLS 1.2 or higher required
• Secure WebSocket connections (WSS) for real-time data
• Content Security Policy (CSP)
• HTTP Strict Transport Security (HSTS)

Access Control:

• API key-based authentication (no passwords stored)
• CSRF protection on all state-changing requests
• Rate limiting to prevent brute force attacks
• IP-based rate limiting
• Automatic session expiration

Security Headers:

• X-Frame-Options (clickjacking prevention)
• X-Content-Type-Options (MIME sniffing prevention)
• X-XSS-Protection
• Referrer-Policy
• Permissions-Policy

Content Security:

• DOMPurify sanitization of all AI-generated HTML content
• Input validation on all user-submitted data

4.3 Data Storage

Database:

• Database with encrypted connections
• Regular backups
• Access restricted to application server only
• No public internet access to database

Logs:

• Stored on server filesystem
• Automatically rotated
• API secrets are redacted from all logs
• Access restricted to administrators

---

5. Data Sharing and Disclosure

5.1 Third-Party Services

Bybit Exchange:

• Your API requests are sent directly to the Bybit API
• Bybit Privacy Policy applies to their data handling
• We do not permanently store full API responses
• Trading data flows through our server but is not retained beyond logging periods

OpenAI (GPT Features):

• Market analysis requests sent to OpenAI API when you use GPT features
• Only market data (candlestick data, current price, symbol) and language preference are sent
• No personal information, API credentials, or account data is included in AI requests
• OpenAI’s Privacy Policy applies to their data handling

5.2 When We May Disclose Information

Legal Requirements:

• Subpoena or court order
• Government investigation
• Law enforcement request
• Compliance with applicable laws

Business Protection:

• Fraud investigation
• Security incidents
• Terms of Service violations
• Protection of our rights or property

With Your Consent:

• When you explicitly authorize disclosure
• For specific purposes you approve

5.3 What We Do Not Do

• We do not sell your data to third parties
• We do not share data with advertisers
• We do not use your data for marketing purposes
• We do not provide data to data brokers

---

6. Data Retention

6.1 Active Accounts

While You Use the Platform:

• API credentials: Encrypted in your session only — deleted upon logout
• Session data: Stored until expiration
• Trading and error logs: Retained for as long as necessary for security and debugging purposes, or as required by law

6.2 Account Deletion

When You Stop Using the Platform:

• API credentials: Deleted immediately upon logout
• Session data: Expires automatically
• Trading and error logs: Retained for as long as necessary for security and debugging purposes, or as required by law

6.3 Legal Requirements

We may retain certain data longer if:

• Required by law
• Needed for legal proceedings
• Necessary for dispute resolution
• Required for regulatory compliance

---

7. Your Rights and Choices

7.1 Access and Control

You have the right to:

• Access: View your account settings and preferences
• Update: Modify your API keys by logging in with new credentials
• Delete: Remove your API credentials by logging out
• Revoke: Disconnect from the Platform at any time

7.2 How to Exercise Rights

To Delete Your API Credentials:

• Click “Logout” in the application header or mobile menu
• Your encrypted API credentials are deleted immediately

To Revoke API Access:

• Login to your Bybit account
• Navigate to API Management
• Delete the API key used with ATHENA

7.3 Do Not Track

Currently, we do not respond to “Do Not Track” browser signals. We collect minimal analytics for service improvement only.

---

8. Cookies and Tracking

8.1 Cookies We Use

Essential Cookies:

• Session Cookie: Maintains your login session
  • Name: connect.sid
  • Type: HTTP-only, Secure
  • Expiration: Session or configured duration
  • Purpose: Authentication and session management

No Tracking Cookies:

• We do not use advertising cookies
• We do not use third-party tracking cookies
• We do not use analytics cookies from external services

8.2 Local Storage

We use browser local storage for:

• Language preference
• Chart interval preference
• Selected symbol and market category
• Non-sensitive UI state

Not Stored in Local Storage:

• API credentials
• Session tokens
• Personal information
• Trading history

---

9. International Data Transfers

9.1 Data Location

Server Location:

• Our servers are hosted on secure infrastructure
• Session data stored in a secure database on same server

Bybit API:

• Bybit servers are located globally
• Subject to Bybit Privacy Policy
• Trading data sent directly from our server to Bybit

OpenAI API:

• AI analysis requests are sent to OpenAI’s servers
• Subject to OpenAI’s Privacy Policy
• Only market data is transmitted (no personal information)

9.2 Data Protection

When data crosses borders:

• All connections encrypted with TLS 1.2+
• API credentials never transmitted unencrypted
• Compliance with applicable data protection laws

---

10. Children’s Privacy

ATHENA Trading is not intended for individuals under 18 years of age.

• We do not knowingly collect information from children
• If we discover we have collected data from a child, we will delete it
• Parents/guardians who believe we have collected child data should contact us

Age Verification: By using the Platform, you represent that you are at least 18 years old or the age of majority in your jurisdiction.

---

11. Data Security Incidents

11.1 Our Response

In the event of a data breach:

1. We will investigate immediately
2. Contain and remediate the breach
3. Report to authorities if required by law
4. Implement measures to prevent recurrence

11.2 What You Should Do

If you suspect unauthorized access:

1. Logout from ATHENA immediately
2. Revoke your Bybit API keys via the Bybit API management page
3. Change your Bybit account password
4. Enable 2FA on your Bybit account
5. Email us at support@athenatrading.io

---

12. Changes to This Privacy Policy

12.1 Updates

We may update this Privacy Policy to reflect:

• Changes in our practices or features
• Legal or regulatory requirements
• New features or services
• User feedback

12.2 Notification

When we make changes:

• We will update the “Last Updated” date
• Continued use after changes constitutes acceptance

12.3 Material Changes

For significant changes affecting your rights:

• We may require explicit consent
• You may choose to stop using the Platform

---

13. Third-Party Links

The Platform may contain links to third-party websites (e.g., Bybit).

• We are not responsible for third-party privacy practices
• Third-party sites have their own privacy policies
• We encourage you to read their policies
• Links do not imply endorsement

---

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

• Right to Know: You can review what data we collect in Section 2 of this policy
• Right to Delete: You can delete your API credentials by logging out; trading logs are retained as described in Section 6
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate for exercising your rights

For questions about your CCPA rights, email us at support@athenatrading.io.

---

15. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

15.1 Legal Basis for Processing

We process your data based on:

• Consent: You provide API credentials voluntarily
• Contract Performance: Necessary to provide trading services
• Legitimate Interests: Security, fraud prevention, service improvement

15.2 Your GDPR Rights

• Right to Erasure: You can delete your API credentials by logging out
• Right to Withdraw Consent: You can stop using the Platform at any time
• Right to Object: You can object to processing by discontinuing use of the Platform

For GDPR inquiries, email us at support@athenatrading.io.

---

16. Security Best Practices

16.1 Recommendations for Users

Protect Your API Keys:

• Use API keys with only the required permissions (Contract Trading, Spot Trading, Wallet Transfer)
• Never enable withdrawal permissions on API keys used with ATHENA
• Set IP whitelist on Bybit if you have a static IP
• Regularly rotate your API keys
• Never share your API Secret with anyone

Account Security:

• Enable 2FA on your Bybit account
• Use a strong, unique password for Bybit
• Use a secure, updated browser
• Avoid public WiFi when trading
• Logout from ATHENA when finished

Monitor Activity:

• Regularly check your Bybit trading history
• Review API key permissions on Bybit
• Monitor for unauthorized orders
• Report suspicious activity immediately

---

17. Contact Information

For privacy-related questions or concerns:

• Email: support@athenatrading.io

Security Issues:

• For vulnerabilities or breach reports, please indicate urgency in your message

---

18. Definitions

Personal Information: Information that identifies, relates to, or could reasonably be linked to you.

API Credentials: Bybit API Key and API Secret used to access trading functions.

Session Data: Information stored to maintain your logged-in state.

Trading Data: Information about your orders, positions, and trading activity.

Usage Data: Information about how you interact with the Platform.

AI Analysis Data: Market data (candlesticks, prices) sent to OpenAI for GPT-powered analysis.

---

19. Compliance

ATHENA Trading strives to comply with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable privacy laws

We are committed to:

• Transparency in data practices
• User control over personal information
• Secure data handling
• Minimal data collection
• Lawful data processing

---

20. Acknowledgment

By using ATHENA Trading, you acknowledge that:

• You have read this Privacy Policy
• You understand how we collect and use information
• You consent to the data practices described
• You are aware of your rights
• You understand the security measures in place
• You accept the risks of online trading
• You are responsible for protecting your API credentials

---

Last Updated: March 22, 2026 Version: 1.0 Effective Date: March 22, 2026