Our privacy principles.

To run the service we collect: your email address, an encrypted password hash, and minimal product telemetry (page views, errors). If you enable Telegram or email alerts you provide those identifiers directly. Nothing else is collected by default.

We do not store your exchange API keys on our servers. The desktop app encrypts them client-side with AES-256-GCM and keeps them on your disk. The web app encrypts per-user in the browser and only the ciphertext ever reaches our database — we can't decrypt it without your user-specific key.

Your trade history is stored so you can review it across devices. It is never sold, never shared, and never used to train any model. You can export all of it as CSV or delete it from the settings page at any time.

We use AWS for hosting and infrastructure, and (optionally, if you enable it) Telegram and your own SMTP provider for alerts. That's it. No ad networks, no analytics SaaS trackers, no data brokers.

You can request a full export or deletion of your account by emailing us. We will respond within 30 days. Account deletion purges every row associated with your user ID.

Privacy questions: privacy@cryptoroute.io. This policy was last updated on April 18, 2026.