Skip to main content
LOTUXBack to home

Privacy Policy

Effective Date: 2026-04-19·Version: 1.0

This Privacy Policy describes how LOTUX ("LOTUX", "we", "us", or "our") collects, uses, stores, and protects your personal data when you use our trading automation tool, website, and related services (together, the "Service").

LOTUX is a software-as-a-service automation tool. It connects signal sources (such as TradingView alerts, external webhooks, or master trading accounts) to execution platforms that you own (MetaTrader 5, cTrader). LOTUX is not a broker, is not a financial advisor, and does not provide investment advice.

1. Who we are

LOTUX operates the Service at lotux.io. For any privacy- related question, data request, or complaint, contact us at legal@lotux.io.

2. What data we collect

2.1 Account data

  • Email address (required for account creation and service communication)
  • Encrypted password (managed by our authentication provider; we never see plaintext)
  • Display name and profile preferences (optional)
  • Authentication logs (timestamps, IP addresses) for security

2.2 Trading account data

  • Broker server address, account login number, account nickname
  • Credentials required to execute on your behalf (investor or trading password). These are stored encrypted at rest and transmitted only over TLS.
  • Real-time account state (balance, equity, open positions) received from the broker
  • Trading history, signals received, commands issued, execution results

2.3 Signal and automation data

  • Webhook URLs, API keys, and signal payloads you submit (e.g. TradingView alert bodies, Telegram channel configurations, custom webhook payloads)
  • Strategy policies, risk rules, copy-trade rules, and auto-close configurations

2.4 Usage data

  • Pages viewed, features used, and actions taken within the Service
  • Device and browser information (user agent, language, timezone)
  • IP address and approximate geolocation (for security and fraud prevention)
  • Error logs and diagnostic traces

2.5 Payment data

When you subscribe to a paid plan, payment is processed by a PCI-compliant third-party payment processor. LOTUX never sees or stores your full card number, CVV, or banking credentials. We receive only a transaction reference, the last four digits of your card (if applicable), and billing status.

2.6 What we do NOT collect

  • Plaintext account passwords (never)
  • Full payment card numbers (never)
  • Biometric data or government IDs (not required)
  • Precise GPS location (not required)

3. How we use your data

  • To operate the Service, execute trades you authorize, and deliver signals
  • To authenticate you, prevent unauthorized access, and detect abuse
  • To provide customer support and respond to your requests
  • To send transactional emails (account verification, billing, security alerts)
  • To improve the Service (aggregated usage analytics, error monitoring)
  • To comply with legal obligations and enforce our Terms of Service

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area, we process your data under these bases:

  • Contract: to provide the Service you subscribed to
  • Consent: for optional marketing emails (you can withdraw anytime)
  • Legitimate interest: to secure the Service, prevent fraud, and improve product quality
  • Legal obligation: to comply with tax, accounting, and anti-fraud laws

5. Third-party processors

We share data only with vetted processors who help us operate the Service. Each processor is bound by a Data Processing Agreement (DPA) or equivalent.

  • Supabase — authentication, primary database (data hosted in AWS regions)
  • Railway — backend and worker hosting
  • Vercel — website and frontend hosting
  • Cloudflare — DNS, DDoS protection, and edge routing
  • Redis Cloud / Railway Redis — real-time state and job coordination
  • MetaApi — cloud MT5 execution bridge (optional, per account)
  • Payment processor — Stripe, Paddle, Polar, Dodo, or equivalent (PCI-DSS compliant; used only when you subscribe)
  • Email provider — transactional email (account and billing notifications)
  • Error monitoring — aggregated error traces (personal data minimized)

6. International data transfers

Your data may be processed in countries outside your country of residence, including the United States and the European Union. When we transfer data internationally, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent safeguards to protect your rights.

7. Data retention

  • Account data: retained while your account is active, plus 90 days after deletion for dispute resolution
  • Trading history: retained for at least 12 months for your records; you may request earlier deletion
  • Trading credentials: deleted within 30 days of you removing the account from the Service
  • Billing records: retained for 7 years as required by accounting and tax laws
  • Server logs: retained for up to 90 days

8. Your rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Export your data in a portable format
  • Restrict or object to certain processing
  • Withdraw consent for marketing at any time
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email us at legal@lotux.io. We will respond within 30 days.

9. Cookies and local storage

LOTUX uses only strictly necessary cookies and local storage entries to keep you signed in and remember your preferences (such as theme). We do not use third-party advertising cookies or cross-site tracking.

10. Children

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided data to us, contact us at legal@lotux.io and we will delete it.

11. Security

We apply administrative, technical, and organizational safeguards to protect your data, including TLS encryption in transit, encryption at rest for sensitive credentials, access controls, and periodic security reviews. No system is perfectly secure; if you believe your account is compromised, notify us immediately.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email or in-product notice at least 14 days before taking effect. The "Effective Date" at the top reflects the current version.

13. Contact

Privacy questions, data requests, or complaints: legal@lotux.io

Lotux — Trading Automation

Automate TradingView alerts, external signals, and MT5 copy trading — prop-firm-safe across MT5 and cTrader.

TradingView® is a trademark of TradingView Inc. MetaTrader 5® is a trademark of MetaQuotes Ltd. cTrader® is a trademark of Spotware Systems Ltd. Telegram® is a trademark of Telegram FZ-LLC. n8n® is a trademark of n8n GmbH. Zapier® is a trademark of Zapier Inc. Make® is a trademark of Celonis s.r.o. Python® is a trademark of the Python Software Foundation. OpenAI® and ChatGPT® are trademarks of OpenAI, Inc. Claude® and Anthropic® are trademarks of Anthropic PBC. Brand logos displayed here indicate compatibility only; LOTUX is not affiliated with, endorsed by, or sponsored by any of these companies.

© 2026 Lotux. All rights reserved.

Built for traders who refuse to blow accounts.