TheBot Logo
Home Legal Notice Terms
← Back
🇩🇪 🇺🇸
Version: 27.06.2026

Privacy Policy

THEBOT – www.the-bot.io
Pursuant to Art. 13 / 14 GDPR (EU) 2016/679 · Version: 27.06.2026

1. Controller within the meaning of the GDPR

Company:

DIGITARGET LTD

Legal form

Private Company Limited by Shares / Ltd.

Address

JASMINE GARDENS, VILLAS, 8036, Paphos, Republic of Cyprus

Registration number

HE-488535

E-Mail

info@the-bot.io

Website

www.the-bot.io

Data protection contact

info@the-bot.io

If you have questions about data protection or wish to exercise your rights, please contact us by e-mail at: info@the-bot.io. We will respond to your request within 30 days.

2. Principles of Data Processing

We process personal data only within the framework of the statutory requirements of the General Data Protection Regulation (GDPR), the Cypriot Data Protection Law, and other applicable EU data protection provisions. Personal data is all information relating to an identified or identifiable natural person.

We process your data only if one of the following legal bases pursuant to Art. 6 (1) GDPR applies:

Art. 6 (1) lit. a GDPR – Consent of the data subject

Art. 6 (1) lit. b GDPR – Performance of a contract or pre-contractual measures

Art. 6 (1) lit. c GDPR – Compliance with a legal obligation

Art. 6 (1) lit. f GDPR – Protection of legitimate interests of the provider or a third party

3. Data Collection when Visiting the Website

3.1 Server Log Files

When you access our website www.the-bot.io, the hosting provider automatically collects and stores information in so-called server log files, which your browser transmits automatically. These include in particular:

IP address of the requesting device (possibly truncated)

Date and time of access

Name and URL of the retrieved file

Referrer URL (previously visited website)

Browser and operating system used

HTTP status code

Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in the security and operation of the website). The log files are generally deleted automatically after 7 to 30 days.

3.2 Cookies

Our website uses cookies, i.e. small text files that are stored on your end device. There are:

Technically necessary cookies (e.g. session cookies for login): Without these cookies, the website cannot function properly. Legal basis: Art. 6 (1) lit. b and f GDPR. No consent required.

Optional cookies (e.g. analytics): Only set with your consent. Legal basis: Art. 6 (1) lit. a GDPR.

You can deactivate or delete cookies in your browser at any time. Please note that certain functions of the website may no longer be fully available as a result.

4. Registration and Use of the Dashboard

4.1 Creation and Management of Your User Account

Registration is required to use the THEBOT dashboard. We process the following data:

E-mail address (for identification and communication)

Username or display name (if provided)

Encrypted password (we do not store passwords in plain text)

Date and time of registration

Technical account data (e.g. subscription status, account access times)

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract). Storage period: for the duration of the contractual relationship plus the statutory retention periods (generally 7 years after the end of the contract for accountancy-relevant data).

Linking of data for granting access: To provide the service, the username, e-mail address and the individual exchange profile ID (UID, cf. Section 4.4) are linked to each other in our system. This linking is technically mandatory, as access to the THEBOT software can only be granted and maintained through this combination. Legal basis: Art. 6 (1) lit. b GDPR.

4.2 API Key Connection to the Exchange

To connect THEBOT with your exchange account, API key data (API key, API secret and, depending on the exchange, API passphrase) are required from you. The following applies:

API keys are required exclusively with the permissions “Read” and “Trade”. Withdrawal or deposit permissions must NOT and should NOT be granted.

The API keys are stored in encrypted form and are used exclusively for the technical connection to the exchange.

We do not have access to your exchange capital, your account balance or the ability to move funds at any time.

API keys are deleted from our systems upon cancellation of the subscription.

Legal basis: Art. 6 (1) lit. b GDPR (performance of contract).

4.3 Trading Data and Activity Logs

In the course of operating the bot, technical log data is collected, in particular:

Timestamps of trading actions (buy/sell)

Instruments executed and position sizes

Bot status logs (start, stop, errors)

This data serves for error diagnosis, the technical improvement of the product and the provision of your trading history in the dashboard. Legal basis: Art. 6 (1) lit. b and f GDPR.

4.4 Profile ID (UID) – Partner Exchange Linking and Referral Verification

The use of THEBOT requires that the customer has opened their exchange account via the partner exchange link provided by THEBOT. Before activation of the subscription, an automatic real-time check is carried out to determine whether the customer’s exchange account, based on their individual profile ID (UID – the individual profile number of the user at the respective exchange), is assigned to the referral link of THEBOT.

Data processed: Profile ID (UID) of the customer at the respective exchange. Purpose: Performance of contract, technical linking of the customer account with the THEBOT service, verification of the referral assignment. Legal basis: Art. 6 (1) lit. b GDPR (performance of contract). Storage: The UID is stored on the servers of DIGITARGET LTD and in the user profile of the customer at THEBOT. Storage also takes place on the part of the respective exchange within the framework of the referral program. Storage period: For the duration of the subscription; after cancellation in accordance with the statutory retention periods.

5. Payment Processing – Whop

Payment processing for THEBOT subscriptions is carried out exclusively via Whop Marketplace Inc. (hereinafter “Whop”). When you click on “Subscribe to THEBOT”, you will be redirected to Whop.

DIGITARGET LTD does not process, store or have access to your payment data (in particular credit card numbers, bank account numbers or other payment information) at any time. These are processed entirely and exclusively by Whop.

Service:

Whop Marketplace Inc.

Purpose:

Payment processing, subscription management

Data:

Payment data, name/e-mail for invoicing if applicable

Legal basis:

Art. 6 (1) lit. b GDPR

Data protection Whop:

https://whop.com/privacy

Registered office:

USA (with EU protection mechanisms, SCCs if applicable)

Where Whop transfers data to the USA or other third countries, this is done on the basis of EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 (2) lit. c GDPR. Further information can be found in Whop’s privacy policy.

6. Hosting and Technical Infrastructure

6.1 Hosting Provider

Our website, the THEBOT dashboard and the associated backend infrastructure are operated on a dedicated server with a hosting provider. The hosting provider processes technical data (in particular IP addresses, access times, volumes of data transferred) as part of the operation of the infrastructure as a data processor pursuant to Art. 28 GDPR.

Provider

Hetzner Online GmbH

Registered office

Sigmund street 135, 90431 Nürnberg-West, Germany

Purpose

Provision of technical infrastructure for website and dashboard

Data processed

IP addresses, server log files, technical connection data

Legal basis

Art. 6 (1) lit. f GDPR (legitimate interest in secure operation)

Storage period

Duration of use of the software offering (server log files, automatic)

Basis

Data Processing Agreement (DPA) pursuant to Art. 28 GDPR

Note: A Data Processing Agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider. If the hoster is domiciled outside the EU/EEA, data transfer is carried out on the basis of appropriate guarantees pursuant to Art. 46 GDPR.

6.2 Data Transfer to Exchange Platforms

In the course of the technical connection between THEBOT and the customer’s exchange account, data (in particular API keys and UID) is transferred to the respective exchange platform. Many supported exchanges are domiciled outside the EU/EEA:

The transfer of this data is technically mandatory for the performance of the contract (Art. 6 (1) lit. b GDPR). The specific protection mechanisms are to be enquired with the respective exchanges. We recommend reading the privacy policies of the exchange you use.

7. Contact by E-Mail

If you contact us by e-mail (info@the-bot.io), we process the data you have communicated (in particular your e-mail address, your name and the content of your message) to handle your enquiry.

Legal basis: Art. 6 (1) lit. b GDPR (pre-contractual or contractual measures) or Art. 6 (1) lit. f GDPR (legitimate interest in customer service). The data is deleted as soon as it is no longer required for the processing of your enquiry, unless statutory retention obligations preclude this.

8. Disclosure of Personal Data to Third Parties

Your personal data is only disclosed to third parties in the following cases:

Whop Marketplace Inc. – for payment processing (cf. Section 5)

Hosting provider – within the framework of the technical infrastructure (cf. Section 6)

Exchange platforms – for the technical connection of the trading bot (cf. Section 6.2)

Authorities – where we are legally obliged to do so or for the enforcement of our rights

Legal successors – in the event of a corporate transaction, to the extent permitted by law

We do not sell your personal data and do not pass it on to third parties for advertising purposes.

9. Transfer of Data to Third Countries

Where we pass on data to services domiciled outside the EU/EEA (in particular Whop Marketplace Inc. domiciled in the USA), this is done on the basis of appropriate guarantees pursuant to Art. 46 GDPR, in particular the EU Standard Contractual Clauses (SCCs). We ensure that the level of protection of your data corresponds to that of the GDPR.

10. Storage Period

Account data:

Duration of subscription + 3 years (limitation periods)

Accounting data:

7 years from creation (statutory retention)

API keys:

Deletion upon cancellation of subscription

Profile ID (UID):

Duration of subscription; after cancellation in accordance with statutory retention periods

Trading logs:

Duration of subscription + 1 year

Server log files:

7–30 days (automatic)

E-mail communication:

2 years after completion of the process

Cookies (techn. nec.):

End of session or max. 12 months

After expiry of the respective storage period, your data will be deleted or anonymized, unless a statutory retention obligation precludes deletion.

11. Your Rights as a Data Subject

You have the following rights against the controller pursuant to the GDPR:

Right of access (Art. 15 GDPR): You can request information about the personal data we process.

Right to rectification (Art. 16 GDPR): You can request the rectification of inaccurate or the completion of incomplete data.

Right to erasure (Art. 17 GDPR): You can request the erasure of your data, provided no statutory retention obligations preclude this.

Right to restriction of processing (Art. 18 GDPR): Under certain conditions you can request a restriction of processing.

Right to data portability (Art. 20 GDPR): You have the right to receive your data in a common, machine-readable format, to the extent that the processing is based on Art. 6 (1) lit. b GDPR.

Right to object (Art. 21 GDPR): You can object to the processing of your data on the basis of legitimate interests (Art. 6 (1) lit. f GDPR) at any time. We will then no longer process your data unless we can demonstrate compelling legitimate grounds.

Withdrawal of consent (Art. 7 (3) GDPR): To the extent that processing is based on consent, you can withdraw this at any time with effect for the future, without affecting the lawfulness of the processing carried out until the withdrawal.

12. Competent Data Protection Supervisory Authority

As the provider is domiciled in the Republic of Cyprus, the competent data protection supervisory authority is:

Authority:

Commissioner for Personal Data Protection (CPDP)

Address:

1 Iasonos Street, 1082 Nicosia, Cyprus

Website:

https://www.dataprotection.gov.cy

E-Mail:

commissioner@dataprotection.gov.cy

Telephone:

+357 22 818 456

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the above supervisory authority if you consider that the processing of your personal data infringes the GDPR.

If you are habitually resident in another EU Member State, you may alternatively contact the data protection authority of your country of residence.

13. Data Security

We use technical and organizational measures to protect your personal data against accidental or deliberate manipulation, loss, destruction or unauthorized access. These include:

Encryption of data transmission via TLS/HTTPS

Encrypted storage of sensitive data (in particular API keys and passwords)

Access restrictions within our systems (need-to-know principle)

Regular security audits

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will inform you without undue delay and in accordance with Art. 34 GDPR.

14. Minors

THEBOT is addressed exclusively to people who have reached the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted data, we will delete it without undue delay.

15. Amendments to this Privacy Policy

We reserve the right to amend this privacy policy at any time with effect for the future, in order to adapt it to changed legal situations, technical developments or new processing activities. The current version is always available at www.the-bot.io/datenschutz. We will notify you of material changes by e-mail or by a clear notice on the website.

Version: 27.06.2026

Complaint Procedure

THEBOT – Complaint Procedure
Pursuant to EU ADR Directive 2013/11/EU · EU ODR Regulation No. 524/2013 · As of: 21.04.2026

1. Scope and Purpose

This complaint procedure describes how customers of DIGITARGET LTD (hereinafter “Provider”) can submit a complaint and how the Provider handles it. It applies to all users of the THEBOT SaaS subscription, regardless of their country of residence within the European Union.

The aim of this procedure is a transparent, fair and efficient handling of complaints, without customers having to immediately resort to external legal remedies. The Provider undertakes to examine every complaint seriously and to provide a reasoned response.

2. What constitutes a complaint?

A complaint is any expression of dissatisfaction by a customer regarding:

The functionality or availability of the THEBOT platform or dashboard

The quality or scope of the services provided

Subscription management, cancellation or pricing matters

The Provider’s communication or support

Data protection or security concerns

Possible contractual breaches by the Provider

Refund requests that have not been satisfied

Trading losses are not subject to this complaint procedure, as the Provider is not a financial service provider and assumes no liability for trading results (cf. T&C § 9).

3. How and where can a complaint be submitted?

3.1 Primary Channel – Discord Support Ticket (preferred)

The preferred method for complaints is a support ticket in our Discord server. Discord enables fast, direct and traceable communication.

3.2 Alternative Channel – E-Mail

If Discord is not possible, a complaint can also be submitted by e-mail:

E-Mail: info@the-bot.io

Subject: Complaint – [brief description]

Response time: within 14 business days at the latest.

3.3 Required information upon submission

For prompt processing, we request the following information:

Full name and e-mail address of the account

Subscription ID or Discord username

Precise description of the problem or complaint

Time period and, if applicable, screenshots or other evidence

Desired solution or measure

4. Complaint Handling Process

Receipt

Complaint via Discord or e-mail

Initial Review

5 business days

Content review and, if necessary, follow-up questions to the customer

Processing

14 business days

In-depth analysis, technical investigation if necessary

Response

approx. 15 business days

Written, reasoned response with decision / proposed solution

The Provider undertakes to respond to every complaint within approximately 15 business days of receipt with a reasoned statement. In complex cases, this deadline may be extended to a maximum of 35 business days; the customer will in this case be informed of the delay and the expected completion date.

5. Internal Escalation

If the customer is not satisfied with the initial response, they may request escalation to management. The request must contain:

Reference to the original complaint (ticket number / e-mail date)

Explanation of why the response is considered insufficient

Desired solution

Management reviews the matter independently and issues a final statement within 15 business days.

6. External Dispute Resolution

6.1 EU Online Dispute Resolution Platform (ODR Platform)

If complaints cannot be resolved internally, consumers have access to the European Online Dispute Resolution Platform:

EU ODR Platform
URL: https://ec.europa.eu/consumers/odr/
Provider e-mail for ODR proceedings: info@the-bot.io

The ODR platform provides an out-of-court procedure for resolving disputes between consumers and online traders.

6.2 Data Protection Complaints

For complaints relating to data protection, customers may contact the competent data protection supervisory authority directly:

Data Protection Supervisory Authority Cyprus

Commissioner for Personal Data Protection (CPDP)

1 Iasonos Street, 1082 Nicosia, Cyprus

Website: https://www.dataprotection.gov.cy

E-Mail: commissioner@dataprotection.gov.cy

6.3 Note on participation in arbitration proceedings

The Provider is neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board, unless the Provider decides to do so voluntarily in an individual case. The use of the EU ODR Platform and the right to legal action remain unaffected.

7. Publication and Accessibility

This complaint procedure is available at:

Website: www.the-bot.io/beschwerde (or equivalent URL)

Linked in the Legal Notice and in the T&Cs

Linked in the Privacy Policy

The ODR Platform link is published in the Legal Notice at www.the-bot.io.

8. Amendments to this Procedure

The Provider reserves the right to amend this complaint procedure at any time. The current version is available on the website. Customers will be informed of any material changes.

16. Supplementary technical notes (as of 30.06.2026)

This supplement describes actual processing on the homepage and dashboard.

16.1 Marketing visit statistics (homepage)

On the first page view per browser session, the homepage sends once (without session cookies) to our API:

  • Referrer host (if present)
  • Landing path (URL path on the-bot.io)

We store a day-based SHA256 hash of the IP (no raw IP), optionally an ISO country code from the Cloudflare CF-IPCountry header (no external geo service). Legal basis: legitimate interest (Art. 6(1)(f) GDPR). Retention: 90 days. Objection: info@the-bot.io.

16.2 Cookies and local storage

  • Session cookie (dashboard/login): strictly necessary for authentication and security.
  • thebot_cookie_notice_ack (homepage): stores that the cookie notice was acknowledged (365 days).
  • localStorage thebot_lang: language preference DE/EN.

No third-party advertising or analytics cookies are used.

16.3 External content

  • TradingView ticker (homepage): loaded only after your active consent. TradingView may set its own cookies — see TradingView Privacy Policy.
  • Fonts: self-hosted (no Google Fonts CDN requests).

16.4 Data subject rights in the dashboard

  • Access/export: logged-in users can request a JSON export under Settings → “Export my data” (GET /api/account/data-export).
  • Erasure: self-service under Settings → delete account.

16.5 Consent logging

Registration (terms/privacy/disclaimer), age confirmation (18+), waiver on bot activation, and leverage confirmation are logged with timestamp and document version (Art. 7 GDPR).

Back