Privacy Policy
THEBOT – www.the-bot.io
Pursuant to Art. 13 / 14 GDPR (EU) 2016/679 · Version: 27.06.2026
1. Controller within the meaning of the GDPR
Company:
DIGITARGET LTD
Legal form
Private Company Limited by Shares / Ltd.
Address
JASMINE GARDENS, VILLAS, 8036, Paphos, Republic of Cyprus
Registration number
HE-488535
Website
Data protection contact
If you have questions about data protection or wish to exercise your rights, please contact us by e-mail at: info@the-bot.io. We will respond to your request within 30 days.
2. Principles of Data Processing
We process personal data only within the framework of the statutory requirements of the General Data Protection Regulation (GDPR), the Cypriot Data Protection Law, and other applicable EU data protection provisions. Personal data is all information relating to an identified or identifiable natural person.
We process your data only if one of the following legal bases pursuant to Art. 6 (1) GDPR applies:
Art. 6 (1) lit. a GDPR – Consent of the data subject
Art. 6 (1) lit. b GDPR – Performance of a contract or pre-contractual measures
Art. 6 (1) lit. c GDPR – Compliance with a legal obligation
Art. 6 (1) lit. f GDPR – Protection of legitimate interests of the provider or a third party
3. Data Collection when Visiting the Website
3.1 Server Log Files
When you access our website www.the-bot.io, the hosting provider automatically collects and stores information in so-called server log files, which your browser transmits automatically. These include in particular:
IP address of the requesting device (possibly truncated)
Date and time of access
Name and URL of the retrieved file
Referrer URL (previously visited website)
Browser and operating system used
HTTP status code
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the security and operation of the website). The log files are generally deleted automatically after 7 to 30 days.
3.2 Cookies
Our website uses cookies, i.e. small text files that are stored on your end device. There are:
Technically necessary cookies (e.g. session cookies for login): Without these cookies, the website cannot function properly. Legal basis: Art. 6 (1) lit. b and f GDPR. No consent required.
Optional cookies (e.g. analytics): Only set with your consent. Legal basis: Art. 6 (1) lit. a GDPR.
You can deactivate or delete cookies in your browser at any time. Please note that certain functions of the website may no longer be fully available as a result.
4. Registration and Use of the Dashboard
4.1 Creation and Management of Your User Account
Registration is required to use the THEBOT dashboard. We process the following data:
E-mail address (for identification and communication)
Username or display name (if provided)
Encrypted password (we do not store passwords in plain text)
Date and time of registration
Technical account data (e.g. subscription status, account access times)
Legal basis: Art. 6 (1) lit. b GDPR (performance of contract). Storage period: for the duration of the contractual relationship plus the statutory retention periods (generally 7 years after the end of the contract for accountancy-relevant data).
Linking of data for granting access: To provide the service, the username, e-mail address and the individual exchange profile ID (UID, cf. Section 4.4) are linked to each other in our system. This linking is technically mandatory, as access to the THEBOT software can only be granted and maintained through this combination. Legal basis: Art. 6 (1) lit. b GDPR.
4.2 API Key Connection to the Exchange
To connect THEBOT with your exchange account, API key data (API key, API secret and, depending on the exchange, API passphrase) are required from you. The following applies:
API keys are required exclusively with the permissions “Read” and “Trade”. Withdrawal or deposit permissions must NOT and should NOT be granted.
The API keys are stored in encrypted form and are used exclusively for the technical connection to the exchange.
We do not have access to your exchange capital, your account balance or the ability to move funds at any time.
API keys are deleted from our systems upon cancellation of the subscription.
Legal basis: Art. 6 (1) lit. b GDPR (performance of contract).
4.3 Trading Data and Activity Logs
In the course of operating the bot, technical log data is collected, in particular:
Timestamps of trading actions (buy/sell)
Instruments executed and position sizes
Bot status logs (start, stop, errors)
This data serves for error diagnosis, the technical improvement of the product and the provision of your trading history in the dashboard. Legal basis: Art. 6 (1) lit. b and f GDPR.
4.4 Profile ID (UID) – Partner Exchange Linking and Referral Verification
The use of THEBOT requires that the customer has opened their exchange account via the partner exchange link provided by THEBOT. Before activation of the subscription, an automatic real-time check is carried out to determine whether the customer’s exchange account, based on their individual profile ID (UID – the individual profile number of the user at the respective exchange), is assigned to the referral link of THEBOT.
Data processed: Profile ID (UID) of the customer at the respective exchange. Purpose: Performance of contract, technical linking of the customer account with the THEBOT service, verification of the referral assignment. Legal basis: Art. 6 (1) lit. b GDPR (performance of contract). Storage: The UID is stored on the servers of DIGITARGET LTD and in the user profile of the customer at THEBOT. Storage also takes place on the part of the respective exchange within the framework of the referral program. Storage period: For the duration of the subscription; after cancellation in accordance with the statutory retention periods.
5. Payment Processing – Whop
Payment processing for THEBOT subscriptions is carried out exclusively via Whop Marketplace Inc. (hereinafter “Whop”). When you click on “Subscribe to THEBOT”, you will be redirected to Whop.
DIGITARGET LTD does not process, store or have access to your payment data (in particular credit card numbers, bank account numbers or other payment information) at any time. These are processed entirely and exclusively by Whop.
Service:
Whop Marketplace Inc.
Purpose:
Payment processing, subscription management
Data:
Payment data, name/e-mail for invoicing if applicable
Legal basis:
Art. 6 (1) lit. b GDPR
Data protection Whop:
https://whop.com/privacy
Registered office:
USA (with EU protection mechanisms, SCCs if applicable)
Where Whop transfers data to the USA or other third countries, this is done on the basis of EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) lit. c GDPR. Further information can be found in Whop’s privacy policy.
6. Hosting and Technical Infrastructure
6.1 Hosting Provider
Our website, the THEBOT dashboard and the associated backend infrastructure are operated on a dedicated server with a hosting provider. The hosting provider processes technical data (in particular IP addresses, access times, volumes of data transferred) as part of the operation of the infrastructure as a data processor pursuant to Art. 28 GDPR.
Provider
Hetzner Online GmbH
Registered office
Sigmund street 135, 90431 Nürnberg-West, Germany
Purpose
Provision of technical infrastructure for website and dashboard
Data processed
IP addresses, server log files, technical connection data
Legal basis
Art. 6 (1) lit. f GDPR (legitimate interest in secure operation)
Storage period
Duration of use of the software offering (server log files, automatic)
Basis
Data Processing Agreement (DPA) pursuant to Art. 28 GDPR
Note: A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider. If the hoster is domiciled outside the EU/EEA, data transfer is carried out on the basis of appropriate guarantees pursuant to Art. 46 GDPR.
6.2 Data Transfer to Exchange Platforms
In the course of the technical connection between THEBOT and the customer’s exchange account, data (in particular API keys and UID) is transferred to the respective exchange platform. Many supported exchanges are domiciled outside the EU/EEA:
The transfer of this data is technically mandatory for the performance of the contract (Art. 6 (1) lit. b GDPR). The specific protection mechanisms are to be enquired with the respective exchanges. We recommend reading the privacy policies of the exchange you use.
7. Contact by E-Mail
If you contact us by e-mail (info@the-bot.io), we process the data you have communicated (in particular your e-mail address, your name and the content of your message) to handle your enquiry.
Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual or contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in customer service). The data is deleted as soon as it is no longer required for the processing of your enquiry, unless statutory retention obligations preclude this.
8. Disclosure of Personal Data to Third Parties
Your personal data is only disclosed to third parties in the following cases:
Whop Marketplace Inc. – for payment processing (cf. Section 5)
Hosting provider – within the framework of the technical infrastructure (cf. Section 6)
Exchange platforms – for the technical connection of the trading bot (cf. Section 6.2)
Authorities – where we are legally obliged to do so or for the enforcement of our rights
Legal successors – in the event of a corporate transaction, to the extent permitted by law
We do not sell your personal data and do not pass it on to third parties for advertising purposes.
9. Transfer of Data to Third Countries
Where we pass on data to services domiciled outside the EU/EEA (in particular Whop Marketplace Inc. domiciled in the USA), this is done on the basis of appropriate guarantees pursuant to Art. 46 GDPR, in particular the EU Standard Contractual Clauses (SCCs). We ensure that the level of protection of your data corresponds to that of the GDPR.
10. Storage Period
Account data:
Duration of subscription + 3 years (limitation periods)
Accounting data:
7 years from creation (statutory retention)
API keys:
Deletion upon cancellation of subscription
Profile ID (UID):
Duration of subscription; after cancellation in accordance with statutory retention periods
Trading logs:
Duration of subscription + 1 year
Server log files:
7–30 days (automatic)
E-mail communication:
2 years after completion of the process
Cookies (techn. nec.):
End of session or max. 12 months
After expiry of the respective storage period, your data will be deleted or anonymized, unless a statutory retention obligation precludes deletion.
11. Your Rights as a Data Subject
You have the following rights against the controller pursuant to the GDPR:
Right of access (Art. 15 GDPR): You can request information about the personal data we process.
Right to rectification (Art. 16 GDPR): You can request the rectification of inaccurate or the completion of incomplete data.
Right to erasure (Art. 17 GDPR): You can request the erasure of your data, provided no statutory retention obligations preclude this.
Right to restriction of processing (Art. 18 GDPR): Under certain conditions you can request a restriction of processing.
Right to data portability (Art. 20 GDPR): You have the right to receive your data in a common, machine-readable format, to the extent that the processing is based on Art. 6 (1) lit. b GDPR.
Right to object (Art. 21 GDPR): You can object to the processing of your data on the basis of legitimate interests (Art. 6 (1) lit. f GDPR) at any time. We will then no longer process your data unless we can demonstrate compelling legitimate grounds.
Withdrawal of consent (Art. 7 (3) GDPR): To the extent that processing is based on consent, you can withdraw this at any time with effect for the future, without affecting the lawfulness of the processing carried out until the withdrawal.
12. Competent Data Protection Supervisory Authority
As the provider is domiciled in the Republic of Cyprus, the competent data protection supervisory authority is:
Authority:
Commissioner for Personal Data Protection (CPDP)
Address:
1 Iasonos Street, 1082 Nicosia, Cyprus
Website:
https://www.dataprotection.gov.cy
E-Mail:
commissioner@dataprotection.gov.cy
Telephone:
+357 22 818 456
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the above supervisory authority if you consider that the processing of your personal data infringes the GDPR.
If you are habitually resident in another EU Member State, you may alternatively contact the data protection authority of your country of residence.
13. Data Security
We use technical and organizational measures to protect your personal data against accidental or deliberate manipulation, loss, destruction or unauthorized access. These include:
Encryption of data transmission via TLS/HTTPS
Encrypted storage of sensitive data (in particular API keys and passwords)
Access restrictions within our systems (need-to-know principle)
Regular security audits
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay and in accordance with Art. 34 GDPR.
14. Minors
THEBOT is addressed exclusively to people who have reached the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted data, we will delete it without undue delay.
15. Amendments to this Privacy Policy
We reserve the right to amend this privacy policy at any time with effect for the future, in order to adapt it to changed legal situations, technical developments or new processing activities. The current version is always available at www.the-bot.io/datenschutz. We will notify you of material changes by e-mail or by a clear notice on the website.
Version: 27.06.2026Complaint Procedure
THEBOT – Complaint Procedure
Pursuant to EU ADR Directive 2013/11/EU · EU ODR Regulation No. 524/2013 · As of: 21.04.2026
1. Scope and Purpose
This complaint procedure describes how customers of DIGITARGET LTD (hereinafter “Provider”) can submit a complaint and how the Provider handles it. It applies to all users of the THEBOT SaaS subscription, regardless of their country of residence within the European Union.
The aim of this procedure is a transparent, fair and efficient handling of complaints, without customers having to immediately resort to external legal remedies. The Provider undertakes to examine every complaint seriously and to provide a reasoned response.
2. What constitutes a complaint?
A complaint is any expression of dissatisfaction by a customer regarding:
The functionality or availability of the THEBOT platform or dashboard
The quality or scope of the services provided
Subscription management, cancellation or pricing matters
The Provider’s communication or support
Data protection or security concerns
Possible contractual breaches by the Provider
Refund requests that have not been satisfied
Trading losses are not subject to this complaint procedure, as the Provider is not a financial service provider and assumes no liability for trading results (cf. T&C § 9).
3. How and where can a complaint be submitted?
3.1 Primary Channel – Discord Support Ticket (preferred)
The preferred method for complaints is a support ticket in our Discord server. Discord enables fast, direct and traceable communication.
3.2 Alternative Channel – E-Mail
If Discord is not possible, a complaint can also be submitted by e-mail:
E-Mail: info@the-bot.io
Subject: Complaint – [brief description]
Response time: within 14 business days at the latest.
3.3 Required information upon submission
For prompt processing, we request the following information:
Full name and e-mail address of the account
Subscription ID or Discord username
Precise description of the problem or complaint
Time period and, if applicable, screenshots or other evidence
Desired solution or measure
4. Complaint Handling Process
Receipt
Complaint via Discord or e-mail
Initial Review
5 business days
Content review and, if necessary, follow-up questions to the customer
Processing
14 business days
In-depth analysis, technical investigation if necessary
Response
approx. 15 business days
Written, reasoned response with decision / proposed solution
The Provider undertakes to respond to every complaint within approximately 15 business days of receipt with a reasoned statement. In complex cases, this deadline may be extended to a maximum of 35 business days; the customer will in this case be informed of the delay and the expected completion date.
5. Internal Escalation
If the customer is not satisfied with the initial response, they may request escalation to management. The request must contain:
Reference to the original complaint (ticket number / e-mail date)
Explanation of why the response is considered insufficient
Desired solution
Management reviews the matter independently and issues a final statement within 15 business days.
6. External Dispute Resolution
6.1 EU Online Dispute Resolution Platform (ODR Platform)
If complaints cannot be resolved internally, consumers have access to the European Online Dispute Resolution Platform:
EU ODR Platform
URL: https://ec.europa.eu/consumers/odr/
Provider e-mail for ODR proceedings: info@the-bot.io
The ODR platform provides an out-of-court procedure for resolving disputes between consumers and online traders.
6.2 Data Protection Complaints
For complaints relating to data protection, customers may contact the competent data protection supervisory authority directly:
Data Protection Supervisory Authority Cyprus
Commissioner for Personal Data Protection (CPDP)
1 Iasonos Street, 1082 Nicosia, Cyprus
Website: https://www.dataprotection.gov.cy
E-Mail: commissioner@dataprotection.gov.cy
6.3 Note on participation in arbitration proceedings
The Provider is neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board, unless the Provider decides to do so voluntarily in an individual case. The use of the EU ODR Platform and the right to legal action remain unaffected.
7. Publication and Accessibility
This complaint procedure is available at:
Website: www.the-bot.io/beschwerde (or equivalent URL)
Linked in the Legal Notice and in the T&Cs
Linked in the Privacy Policy
The ODR Platform link is published in the Legal Notice at www.the-bot.io.
8. Amendments to this Procedure
The Provider reserves the right to amend this complaint procedure at any time. The current version is available on the website. Customers will be informed of any material changes.
16. Supplementary technical notes (as of 30.06.2026)
This supplement describes actual processing on the homepage and dashboard.
16.1 Marketing visit statistics (homepage)
On the first page view per browser session, the homepage sends once (without session cookies) to our API:
- Referrer host (if present)
- Landing path (URL path on the-bot.io)
We store a day-based SHA256 hash of the IP (no raw IP), optionally an ISO country code from the Cloudflare CF-IPCountry header (no external geo service). Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Retention: 90 days. Objection: info@the-bot.io.
16.2 Cookies and local storage
- Session cookie (dashboard/login): strictly necessary for authentication and security.
- thebot_cookie_notice_ack (homepage): stores that the cookie notice was acknowledged (365 days).
- localStorage thebot_lang: language preference DE/EN.
No third-party advertising or analytics cookies are used.
16.3 External content
- TradingView ticker (homepage): loaded only after your active consent. TradingView may set its own cookies — see TradingView Privacy Policy.
- Fonts: self-hosted (no Google Fonts CDN requests).
16.4 Data subject rights in the dashboard
- Access/export: logged-in users can request a JSON export under Settings → “Export my data” (
GET /api/account/data-export). - Erasure: self-service under Settings → delete account.
16.5 Consent logging
Registration (terms/privacy/disclaimer), age confirmation (18+), waiver on bot activation, and leverage confirmation are logged with timestamp and document version (Art. 7 GDPR).