Privacy Policy
We respect your privacy and are committed to protecting your personal data.
This Privacy Policy explains how Automation Arts & Technologies Limited ("BitBotster", "we", "us") collects, uses, stores and shares your personal data when you use our website and platform. It applies to users in the European Union (EU) under the General Data Protection Regulation (GDPR, Regulation 2016/679) and to users in Hong Kong under the Personal Data (Privacy) Ordinance (Cap. 486, as amended 2021).
1. Data Controller
Automation Arts & Technologies Limited
1801 Easey Commercial Building, 253-261 Hennessy Road, Wanchai, Hong Kong SAR
Email: contact
2. Data We Collect
Account Data
When you register, we collect your name, email address, and password (hashed). If you subscribe to a paid plan, we collect billing address and payment method details (processed securely via our payment provider — we do not store card numbers).
Usage Data
We collect log data, IP addresses, browser type, pages visited, and feature interactions to operate and improve the platform.
Trading Data
API keys you connect to the platform, trade history, bot configurations, and strategy data are stored to provide the service.
Communication Data
If you contact support, we retain the correspondence. With your consent, we may send product updates and marketing communications.
Cookies and Tracking
We use strictly necessary cookies (theme preference, language, session) only.
3. Legal Basis for Processing (GDPR)
- Contract performance — to provide the platform services you sign up for
- Legitimate interests — security, fraud prevention, service improvement
- Consent — marketing communications
- Legal obligation — compliance with applicable financial and data protection laws
4. How We Use Your Data
- To create and maintain your account
- To execute and monitor automated trading strategies on your behalf
- To process payments and prevent fraud
- To send service notifications and, where consented, marketing emails
- To comply with legal and regulatory obligations
- To improve the platform through anonymised analytics
- To display anonymised bot trading activity in the public showcase on our homepage (see below)
Anonymised Public Showcase
Our homepage features a small, rotating selection of bots running on the platform, displayed in read-only form to demonstrate the service. Before display, this data is anonymised: bot and strategy names, user and account identifiers, account balances and absolute position sizes are removed, and featured bots are labelled with neutral placeholder names only. The remaining display data (trading pair, exchange, leverage, relative performance and order history) cannot reasonably be linked to an identified or identifiable person and therefore does not constitute personal data under GDPR Recital 26 or the PDPO. Bots are selected automatically based on trading activity — never on performance — and the selection rotates continuously.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Service providers acting as data processors (hosting, payment processing, email delivery) under contractual data processing agreements
- Regulators and law enforcement where required by law
- Acquirers in the event of a merger or acquisition, subject to equivalent privacy protections
6. International Transfers
Your data may be processed outside the EEA. Where this occurs, we use EU Standard Contractual Clauses (SCCs) or other appropriate safeguards. For transfers to or from Hong Kong, we comply with PDPO requirements for cross-border data transfer.
7. Data Retention
We retain account data for as long as your account is active plus 7 years for legal and tax purposes. Trading logs are retained for up to 5 years. You may request deletion at any time (subject to legal retention requirements).
8. Your Rights
Under GDPR (EU/EEA users)
You have the right to: access, rectify, erase, restrict processing of, and port your personal data; withdraw consent at any time; and lodge a complaint with your local supervisory authority.
Under PDPO (Hong Kong users)
You have the right to request access to and correction of your personal data held by us. Requests will be handled within 40 days as required by the PDPO.
To exercise any rights, contact us.
9. Security
We implement industry-standard technical and organisational measures including AES-256 encryption at rest, TLS 1.3 in transit, regular penetration testing, and access controls. No system is completely secure; please use a strong password and enable two-factor authentication.
10. Children
Our services are not directed at individuals under 18. We do not knowingly collect data from minors.
11. Changes to This Policy
We will notify you of material changes by email or prominent notice on the platform. The updated policy will show the revision date at the top of this page.
12. Contact
For any privacy-related questions or to exercise your rights:
Email us here
Post: Data Protection Officer, Automation Arts & Technologies Limited, 1801 Easey Commercial Building, 253-261 Hennessy Road, Wanchai, Hong Kong SAR