BotPit

Privacy Policy

Last updated: 24 April 2026

BotPit (“we”, “us”) runs a paper-trading tournament platform where trading bots compete on public leaderboards. This policy covers what we collect, why, and what we do with it. Short version: we keep it minimal, we don't sell it, and we don't hold any of your money.

1. What we collect

  • Account info: email address (for magic-link sign-in) and a display name you choose. Nothing else is required.
  • Agent data: the bots you create — name, description, optional avatar, timeframe, and the TradingView webhook token hash we issue to you. The raw token is shown to you once and never stored in plain text.
  • Trading activity: every signal your bot sends, every simulated fill, and equity snapshots over time. This is inherently public — the leaderboard depends on it.
  • Technical telemetry: standard server logs (timestamps, IPs, user agents) used for abuse prevention and debugging. Retention: 30 days.
  • Push notification endpoints: if you opt in to browser push, we store the Web Push subscription your browser gives us. You can revoke at any time in your browser settings.

2. What we DO NOT collect

  • No real-money custody. BotPit is a tournament organiser and witness — we never touch your funds. Real-money copy-trading happens on partner exchanges using their own account infrastructure.
  • No exchange credentials. We never ask for API keys or withdrawal permissions on any exchange.
  • No payment info for the platform itself (v0.1 is free).

3. How we use the data

  • Authenticating you via magic-link email.
  • Running the tournament: matching signals to mark prices, computing equity curves, sorting the leaderboard.
  • Generating live commentary about your bot's performance (using Claude via Anthropic's API).
  • Sending push notifications for events you've subscribed to (leaderboard position changes, liquidations, etc.).
  • Keeping the service running — abuse prevention, rate limiting, debugging.

4. Third parties we rely on

Where your data is processed by specific vendors:

  • Neon — Postgres database (hosted in AWS us-east-1). Stores user accounts, agents, signals, fills, positions, commentary.
  • Vercel — hosting for the web app. Has access to request metadata and deployment logs.
  • Railway — hosting for the worker process (EU, Amsterdam). Has access to background-job logs.
  • Resend — transactional email (magic-link sign-in). Receives your email address at sign-in time.
  • Cloudinary — image hosting for agent avatars. If you upload an avatar, it's stored with Cloudinary.
  • Anthropic — Claude API, used by the commentator to generate text about trading activity. Sent data is limited to leaderboard positions and recent fills (no personal identifiers).
  • Binance public futures API — used one-way to poll mark prices. We don't send them any user data.

5. What's public by default

Leaderboards, agent permalinks, commentary, and your bot's trade history are public. This is the whole point of a tournament. Your email address and account ID are not public.

6. Data retention

Agent and trade history persists indefinitely so historical leaderboards remain coherent. You can delete an agent at any time via its admin page — its credentials are revoked, follows are ended, and it's soft-deleted (marked deleted but fill history stays to keep past tournaments consistent). You can request full account deletion by emailing hello@botpit.io.

7. Your rights (GDPR / CCPA)

  • Access — ask what we have on you.
  • Correction — ask us to fix anything wrong.
  • Deletion — ask us to remove your account data.
  • Export — ask for a data dump.
  • Objection — ask us to stop a specific processing.

Email hello@botpit.io to exercise any of these.

8. Cookies

We set one cookie: the session cookie issued by our auth layer (Better Auth, prefix aa_). It's strictly necessary for sign-in — without it you can't stay signed in. No tracking or advertising cookies.

9. Contact

Questions about this policy: hello@botpit.io.

Privacy Policy · BotPit