Privacy Policy

Last updated: February 28, 2026

1. Introduction

Signal To Exchange, a service of Fapbric Technology Solutions, LLC ("we", "us", or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and safeguard your information when you use the Signal To Exchange service ("Service"), including our website, APIs, and related applications.

By creating an account or using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect the following categories of information:

2.1 Account Information

  • Email address
  • Password (stored as a cryptographic hash; we never store plaintext passwords)
  • Display name or username (if provided)
  • Billing information (processed by our payment provider; we do not store full payment card numbers)

2.2 Exchange API Credentials

  • Exchange API keys and secrets that you provide to connect your exchange accounts
  • These credentials are encrypted at rest using AES-256 with envelope encryption via a key management service (KMS)
  • We recommend providing API keys with trade-only permissions (no withdrawal access)

2.3 Trading and Signal Data

  • Incoming trading signals and webhook payloads
  • User-defined trading rules and configurations
  • Order submissions, execution results, and exchange acknowledgments
  • Signal processing timestamps and latency metrics

2.4 Usage and Technical Data

  • IP addresses and approximate geolocation
  • Browser type, operating system, and device information
  • Pages visited, features used, and interactions within the Service
  • Referral URLs and landing pages
  • Error logs and diagnostic data

2.5 Communications

  • Support requests and correspondence
  • Feedback and survey responses

3. How We Use Your Information

We use your information for the following purposes:

  • Provide, operate, and maintain the Service, including processing and relaying your trading signals
  • Authenticate your identity and manage your account
  • Process subscription payments and manage billing
  • Send service-related communications such as account confirmations, security alerts, and technical notices
  • Monitor and improve the performance, reliability, and security of the Service
  • Detect and prevent fraud, abuse, and security incidents
  • Respond to your support requests and communications
  • Comply with legal obligations and enforce our Terms of Service
  • Generate aggregated, anonymized analytics to improve the Service (individual users are not identified)

4. Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, our legal bases for processing your personal data include:

  • Contract performance: Processing necessary to provide the Service you have subscribed to
  • Legitimate interests: Processing for our legitimate business interests such as improving the Service, preventing fraud, and ensuring security, where those interests are not overridden by your rights
  • Legal obligation: Processing necessary to comply with applicable laws and regulations
  • Consent: Where you have given explicit consent for specific processing activities (e.g., marketing communications), which you may withdraw at any time

5. Data Security

We take the security of your data seriously and implement industry-standard technical and organizational measures, including:

  • AES-256 encryption for exchange API keys at rest, using envelope encryption with a cloud key management service (KMS)
  • TLS 1.2+ encryption for all data in transit
  • Cryptographic hashing (bcrypt) for passwords
  • HMAC-SHA256 webhook signature verification to prevent tampering
  • Regular security audits and vulnerability assessments
  • Role-based access controls and principle of least privilege for internal systems
  • Infrastructure hosted on secure, SOC 2-compliant cloud providers
  • Automated monitoring and alerting for anomalous activity

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we are committed to promptly addressing any security incidents in accordance with applicable breach notification laws.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may share your data only in the following circumstances:

  • Service providers: Trusted third-party vendors who assist us in operating the Service (e.g., payment processors, cloud hosting, email delivery, analytics). These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.
  • Cryptocurrency exchanges: Your API credentials are transmitted to exchanges solely to execute orders on your behalf. We do not share any other personal information with exchanges.
  • Legal requirements: When required by law, subpoena, court order, or government request, or to protect the rights, property, or safety of our Company, users, or the public.
  • Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your data may be transferred to the successor entity. We will notify you of any such transfer.
  • With your consent: When you have given explicit consent to share your data for a specific purpose.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled without impairing the Service.
  • Analytics cookies: Used to understand how visitors interact with our website and to improve the user experience. We use privacy-focused analytics tools and do not use invasive tracking pixels.
  • Preference cookies: Used to remember your settings and preferences (e.g., theme, language).

You can manage your cookie preferences through your browser settings. Disabling essential cookies may prevent you from using the Service. We do not use cookies for targeted advertising.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

  • Account data: Retained for the duration of your account and for up to 30 days after account closure to facilitate reactivation, then permanently deleted.
  • Exchange API keys: Permanently deleted immediately upon account closure or when you remove the connection.
  • Trading and signal data: Retained for up to 12 months for performance monitoring and your historical reference, then aggregated and anonymized or deleted.
  • Usage and log data: Retained for up to 90 days for operational and security purposes, then deleted or anonymized.
  • Billing records: Retained as required by applicable tax and accounting laws (typically 7 years).

9. Your Rights

Depending on your jurisdiction, you may have some or all of the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request restriction of processing under certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights, contact us at hello@signaltoexchange.com. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before fulfilling your request.

10. CCPA Rights (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information is collected, used, shared, or sold
  • The right to delete personal information held by us (subject to certain exceptions)
  • The right to opt-out of the sale of personal information (we do not sell personal information)
  • The right to non-discrimination for exercising your CCPA rights

To submit a CCPA request, email us at hello@signaltoexchange.com with the subject line "CCPA Request."

11. International Data Transfers

The Service is operated from the United States. If you are accessing the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where required by law, we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe we have inadvertently collected information from a minor, please contact us at hello@signaltoexchange.com.

13. Third-Party Services and Links

The Service may contain links to third-party websites or integrate with third-party services (such as cryptocurrency exchanges and signal providers). We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Service.

14. Automated Decision-Making

The Service processes trading signals and evaluates user-defined rules automatically in order to submit orders to exchanges. This automated processing is necessary for the performance of our contract with you (i.e., providing the signal relay service). The rules and parameters that govern this automation are configured by you and can be modified or disabled at any time through the Service.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days before they take effect via email to the address associated with your account or through a prominent notice within the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

16. Contact Us

For privacy-related inquiries, data requests, or concerns, contact us at:

Fapbric Technology Solutions, LLC
Email: hello@signaltoexchange.com

If you are located in the EEA or UK and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.