Privacy Policy

1. Introduction

ThothMind ("we," "our," or "us") operates a stock and cryptocurrency trading platform that provides backtesting, strategy optimization, automated trading tools, and educational trading games. This Privacy Policy explains how we collect, use, and protect your information when you use our services.

2. Information We Collect

2.1 Personal Information

• Google Account Data: Email address, display name, and profile image (via Google OAuth)
• Account Information: Registration date, last login, subscription status
• Usage Data: Trading strategies, backtesting results, game participation

2.2 Financial Information

• Trading API Keys: Binance API credentials (encrypted before storage)
• Payment Data: Processed securely through Stripe and cryptocurrency wallets
• Trading History: Bot performance, strategy results, and transaction logs

2.3 Technical Information

• Usage Analytics: IP addresses for rate limiting and security
• Session Data: Authentication tokens and user preferences
• Device Information: Browser type, operating system for compatibility

3. How We Use Your Information

• Platform Operation: User authentication, account management, and service delivery
• Trading Services: Execute automated trades, backtesting, and strategy optimization
• Educational Features: Provide trading games and learning experiences
• Payment Processing: Manage subscriptions and billing
• Security: Prevent fraud, abuse, and ensure platform integrity
• Improvement: Analyze usage patterns to enhance our services

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: API keys and sensitive data are encrypted before storage
• Secure Authentication: OAuth 2.0 and NextAuth.js for session management
• Access Controls: Role-based permissions and admin restrictions
• Data Isolation: User data is segregated and protected
• Regular Updates: Security patches and system maintenance

5. Third-Party Services

We integrate with the following third-party services:

• Google OAuth: For secure user authentication
• Stripe: For credit card payment processing
• Binance API: For cryptocurrency trading and market data
• MetaMask: For cryptocurrency payment processing
• MongoDB: For secure data storage

Each service has its own privacy policy. We do not share your personal information with these services beyond what is necessary for platform operation.

6. Data Sharing

We do not sell, trade, or share your personal information with third parties for marketing purposes. We may share information only in these circumstances:

• Legal Requirements: When required by law or court order
• Security: To protect against fraud or security threats
• Service Providers: With trusted partners who assist in platform operation
• Business Transfer: In case of merger, acquisition, or sale

7. Your Rights

You have the following rights regarding your data:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your data in a machine-readable format
• Withdrawal: Withdraw consent for data processing

To exercise these rights, please contact us through our support system.

8. Cookies and Tracking

We use minimal cookies for essential platform functionality:

• Authentication Cookies: To maintain your login session
• Preference Cookies: To remember your settings and theme
• Security Cookies: To prevent fraud and ensure platform security

We do not use third-party tracking cookies or analytics services that collect personal information.

9. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Account Data: Until account deletion
• Trading History: 7 years for regulatory compliance
• Payment Records: As required by financial regulations
• Support Communications: 3 years for service improvement

10. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable laws.

11. Children's Privacy

Our platform is not intended for children under 18. We do not knowingly collect personal information from minors. If we discover that a child has provided personal information, we will delete it immediately.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or for legal reasons. We will notify you of significant changes through the platform or email. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us: