Privacy Policy

Last updated: April 13, 2025

This Privacy Policy describes how FuturesPilot ("we", "us", or "our") handles the limited data it processes when you use the FuturesPilot Chrome Extension and associated web services. We are committed to your privacy by architectural design.

1. DATA WE DO NOT COLLECT

We want to be explicit about what we do not collect:

• Binance API Keys & Secret Keys — These are encrypted locally on your device using AES-256-GCM with a passkey only you control. They are never transmitted to our servers.
• Trade History or Portfolio Data — Your trading positions, balances, and transaction history remain entirely local to your browser and Binance account. We have no visibility into them.
• Personal Identifiable Information (PII) — We do not collect your name, email address, phone number, or any other PII.

2. DATA WE DO PROCESS

To operate the subscription verification and AI proxy services, our Cloudflare Edge Worker processes the following minimal data:

• Device Fingerprint Hash — A privacy-preserving hashed identifier derived from your browser. This is used to bind your subscription session to your device and prevent token sharing. It is not reversible to identify you personally.
• Subscription Token / Transaction Hash — The blockchain transaction hash you provide for payment verification. This is used solely to confirm payment on-chain.
• Chrome Extension ID — Used as a security measure to verify that requests originate from a legitimate FuturesPilot extension installation.
• AI Chat Messages — When you use the Neural Link AI chat, your chat messages are proxied through our Cloudflare Worker to Google Gemini for processing. We do not store these messages. They transit our worker and are immediately forwarded. Google's privacy policy applies to content processed by Gemini.
• Anonymized Rate Limiting Counters — We store anonymous per-device request counters in Cloudflare KV to enforce API rate limits. These cannot be traced back to an individual.

3. HOW WE STORE DATA

All data processed by our infrastructure is stored in Cloudflare KV Namespaces on globally distributed Cloudflare edge nodes. Session tokens are stored with a Time-To-Live (TTL) and are automatically deleted upon expiry. We do not maintain long-term databases of user data.

4. THIRD PARTY SERVICES

FuturesPilot integrates with the following third-party services whose own privacy policies apply:

• Binance — For futures trading API access.
• Google (Gemini API) — For AI chat and trade explanation generation.
• Cloudflare — For edge computing, hosting, and DDoS protection.

5. DATA RETENTION

Subscription session tokens are retained for up to 365 days, after which they expire and are automatically deleted from Cloudflare KV. Rate limiting counters expire within 60 seconds of their last update. We have no other persistent data retention.

6. YOUR RIGHTS

Because we do not collect personally identifiable information, traditional GDPR-style data access or deletion requests do not apply to identifiable data. If you believe we have inadvertently processed data about you, please contact us and we will investigate promptly.

7. SECURITY

Your API keys are protected by client-side AES-256-GCM encryption, which is the same standard used by financial institutions and governments. Sessions are authenticated using cryptographically signed tokens. All API traffic is transmitted over HTTPS/TLS.

8. CONTACT

For privacy-related inquiries: privacy@futurespilot.app