← Back
Privacy Policy
Last updated: April 2026 — Private Beta v1.1
1. Controller
Zeus Terminal (zeus-terminal.com) is operated as a personal, non-commercial software project
by Mihut Ovidiu (natural person), Romania. There is no registered company entity behind
the platform during the private beta.
Contact: [email protected]
2. Scope
This policy describes how Zeus Terminal collects, processes, stores, and protects personal data in the
context of a private, invite-only beta platform. Zeus Terminal is not publicly accessible —
access requires administrator approval, which is currently not being granted to new applicants.
3. Data We Collect
| Category |
Data |
Purpose |
| Account data |
Email address, hashed password |
Authentication, account management, admin approval |
| Authentication & session |
JWT session token (httpOnly cookie), 2FA codes (temporary, email-based), optional secondary PIN (bcrypt-hashed) |
Secure login, session management, identity verification, secondary authorization for sensitive actions |
| Exchange credentials |
API keys (encrypted at rest with AES-256-GCM) |
Connecting to your exchange account per your configuration |
| Telegram alert config (optional) |
Telegram bot token (encrypted at rest with AES-256-GCM) and Telegram chat ID, only if you enable the alert feature |
Sending platform alerts to your private Telegram chat at your request. Disabled by default. |
| Security & auth telemetry |
Login attempts (timestamp, IP, outcome), recent password hash history (anti-reuse), audit log of sensitive actions, last-active timestamp |
Brute-force prevention, password reuse prevention, security forensics, abuse investigation |
| Consent record |
Timestamp and version of Terms / Privacy / Risk Disclaimer accepted at registration |
Demonstrating informed consent under GDPR Art. 7 (planned: persisted at next platform update) |
| Technical / device / log |
IP address, browser user-agent, request timestamps |
Security, rate limiting, abuse prevention, troubleshooting |
| Platform-generated data |
Demo trading positions and history, simulated PnL, signal history, configuration preferences, regime/state snapshots, optional user-authored notes on positions |
Platform operation, feature delivery, your personal review of platform behavior |
| Support communications |
Email content when you contact support |
Responding to your inquiry, troubleshooting |
Note: during the private beta the platform operates exclusively in DEMO mode. No real funds, real
balances, real trades, or real-money PnL are stored.
4. Legal Basis for Processing
- Contract performance: Processing necessary to provide you access to the platform and
its features (account data, session, exchange credentials, platform-generated data).
- Legitimate interest: Security logging, rate limiting, abuse prevention, and platform
improvement.
- Consent: Where separately obtained for any specific processing not covered above.
5. How We Use Your Data
- Authenticate your identity and manage your session
- Process account approval requests
- Connect to exchange APIs per your configuration
- Deliver platform features (analytics, signals, monitoring)
- Maintain security through audit logs and rate limiting
- Investigate and prevent abuse or unauthorized access
- Troubleshoot technical issues
- Respond to support requests
- Improve platform stability and performance
- Comply with applicable legal obligations
6. Data Sharing & Sub-Processors
Zeus Terminal does not sell, rent, share, or disclose your personal data to third parties
for marketing or any other commercial purpose.
Your data may be transmitted to the following categories of third parties only to the extent strictly
necessary to deliver a feature you have configured or under legal obligation:
- Exchange API endpoints: When you connect API keys, requests are made directly from the
platform to your configured exchange (currently Binance Futures; Bybit support is planned). Zeus Terminal
acts as an intermediary executing your instructions.
- Email delivery (SMTP) provider: Used to send 2FA login codes and operational
notifications to the email address you registered with. Email content is limited to authentication codes
and account-status messages.
- Telegram (Telegram Messenger Inc. / Telegram FZ-LLC): Used only if you
voluntarily configure a Telegram bot token + chat ID inside the platform. In that case alert messages
are transmitted to Telegram's API. You can disable this at any time by removing your bot token from
the platform.
- Infrastructure provider: The platform runs on a single hosted server located within
the European Union. The provider processes data solely as part of service delivery (storage, network).
- Legal obligation: Where required by applicable law, court order, or competent
regulatory authority.
7. Data Storage & Security
- Data is stored on secured European servers.
- Exchange API keys are encrypted at rest using AES-256.
- Passwords are hashed with bcrypt (never stored in plaintext).
- All connections use TLS encryption.
- Authentication uses httpOnly, secure, sameSite cookies.
- Rate limiting and brute-force protections are enforced on all authentication endpoints.
- Two-factor authentication (email-based) is required for login.
8. Data Retention
- Account data (email, hashed password, role, approval status): retained while your
account is active.
- Session token (zeus_token cookie): typically up to 7 days, refreshed on activity.
- 2FA codes: 5 minutes; deleted automatically after use or expiry.
- Login attempts log: approximately 90 days, for brute-force / abuse forensics.
- Password history: recent password hashes are retained to prevent reuse during
password change.
- Audit log of sensitive actions: approximately 12 months.
- Demo trading history: retained while account is active so you can review platform
behavior; may be pruned periodically beyond a reasonable rolling window.
- Encrypted exchange API keys / Telegram bot token: retained until you remove them or
close your account.
- You may request deletion of your account and associated data at any time by contacting support.
Backups may retain data for a short additional period before being overwritten by retention policy.
9. Cookies
Zeus Terminal uses a single cookie:
- zeus_token — a strictly necessary authentication cookie (httpOnly, secure,
sameSite:lax). It contains your encrypted session token and is required for the platform to function. It
is not used for tracking or analytics.
No third-party cookies, tracking pixels, analytics scripts, or advertising technologies are used. For
details, see our Cookie Policy.
10. Your Rights
Subject to applicable law, you may have the right to:
- Access your personal data and receive a copy
- Rectify inaccurate or incomplete data
- Erase your personal data ("right to be forgotten")
- Restrict processing in certain circumstances
- Object to processing based on legitimate interest
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact [email protected]. Requests will be handled in
accordance with applicable law.
11. International Transfers
Your data is processed and stored on European servers. If data is transferred outside the European Economic
Area in the future, appropriate safeguards will be implemented in accordance with applicable data protection
law.
12. Children
Zeus Terminal is not intended for individuals under the age of 18. We do not knowingly collect data from
minors.
13. Changes to This Policy
This Privacy Policy may be updated from time to time. Continued use of the platform after changes constitutes
acceptance. Material changes will be communicated where reasonably practicable.
14. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a
supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or
place of the alleged infringement.
15. Contact
For any privacy-related inquiries or requests: [email protected]