Arbweb

Privacy Policy — Arbweb Trading Platform

Last updated: May 14, 2026

This Privacy Policy describes what data Arbweb Trading Platform ("Arbweb", the "Service", "we") collects when you use the website at https://arbweb.pro, how the data is processed and stored, and what rights you have regarding that data.

By using the Service, you confirm that you have read this Policy and consent to the processing described herein.

1. Data Controller

The data controller is a private individual who owns and operates Arbweb Trading Platform. Contact: support@arbweb.pro.

2. Data We Collect

2.1. Registration data

• Email address provided at registration.
• Password hash (scrypt algorithm with a unique salt). We never see your plaintext password.
• Account creation and last login timestamps.

2.2. Technical data

• IP addresses of logins.
• Browser User-Agent.
• Session identifier (HTTP-only cookie) used for authentication.
• Account activity logs (login, settings changes, start/stop of trading sessions, etc.).

2.3. Exchange data

• Exchange API keys (Binance, Gate.io, Bybit, Asterdex, etc.) that the User connects to the account. Keys are stored encrypted with AES-256-GCM. The master encryption key is stored separately from the database.
• Metadata about trading operations executed through the Service: exchange pair, symbol, volume, timestamp, status. This data is used to display history in the UI and for audit purposes.
• The Service does not have plaintext access to keys, except for the moment a trading command is being executed in protected process memory.

2.4. Payment data

Payments are processed by Cryptomus. We do not receive or store cryptocurrency wallet addresses, private keys, or other payment credentials of the User. From Cryptomus we receive only the fact of payment, transaction ID, and amount.

2.5. Support data

When you contact support by email, we retain correspondence to ensure continuity of service and to improve support quality.

3. Purposes of Processing

We process data only for purposes directly related to providing the Service:

• account registration and authentication;
• execution of trading operations using the User's API keys;
• billing and subscription renewals;
• security: detection of suspicious activity and protection against abuse;
• technical support;
• compliance with applicable legal obligations.

We do not use User data for advertising, marketing profiling, resale, or any other purpose unrelated to providing the Service.

4. Sharing of Data

We share data with third parties only in strictly limited cases:

• Exchanges (Binance, Gate.io, Bybit, Asterdex, etc.) — when executing trading operations initiated by the User. API keys (decrypted in process memory at request time) and order parameters are transmitted.
• Cryptomus — for subscription payment processing. Cryptomus maintains its own privacy policy.
• Infrastructure providers (hosting, servers) — to the extent technically necessary for the Service to function.
• Competent authorities — upon a lawful request under applicable law.

We do not share your data with third parties for advertising, marketing, or resale.

5. Cookies

The Service uses only functional cookies required for authentication:

• Session cookie — HTTP-only, Secure, SameSite. Contains a session identifier and does not store personal data in plaintext.

We do not use tracking cookies, advertising pixels, or third-party analytics that send data outside the Service infrastructure.

6. Data Retention

• Registration and account data are retained while the account is active.
• After account deletion, we retain a limited subset of data (account identifier, operation logs, payment confirmations) for a reasonable period (typically no longer than 12 months) needed for audit, dispute resolution, and legal compliance.
• Encrypted API keys are deleted upon account deletion or when explicitly revoked by the User through the Service interface.

7. Security

We apply technical and organizational measures including:

• AES-256-GCM encryption of API keys;
• master key stored separately from the database in a hardened environment;
• HTTPS (TLS) for all connections between the User and the Service;
• scrypt password hashing with a per-user salt;
• parameterized SQL queries to mitigate injection;
• least-privilege access controls on production infrastructure;
• operation logging and audit of suspicious events.

Despite these measures, no online service can be guaranteed perfectly secure. The User is responsible for using a strong password and for restricting the permissions of exchange API keys.

8. User Rights

You have the right to:

• access the data we store about you;
• request correction of inaccurate data;
• request deletion of your account and associated data (subject to Section 6);
• request a machine-readable export of your data;
• revoke API keys at any time.

Send requests to support@arbweb.pro. We aim to respond within 30 calendar days.

9. Age Restrictions

The Service is intended for individuals aged 18 or older (or the age of majority in their jurisdiction, whichever is higher). We do not knowingly collect data from minors. If you believe a minor has provided us with data, contact us and we will take action to delete it.

10. International Transfers

The Service's servers may be located outside the User's country of residence. By using the Service, the User agrees that data may be processed and stored in another jurisdiction, subject to protections comparable to those described in this Policy.

11. Changes to the Policy

We may update this Policy. The User will be notified of material changes via email and/or the Service interface at least 7 days before the changes take effect. The last-updated date is shown at the top of the document.

12. Contact

• Email: support@arbweb.pro
• Website: https://arbweb.pro