Privacy Policy

1. Introduction

This Privacy Policy ("Policy") explains how Jungle Rebounder ("we", "us", "our", "Company") collects, uses, discloses, and protects your personal information when you access or use our automated trading platform and services (collectively, the "Service"). This Policy applies to all users of the Service, including visitors to our website, registered users, and subscribers.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with our policies and practices, please do not use the Service.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This Policy describes our practices regarding the collection, use, and disclosure of your information, as well as your rights and choices regarding such information.

2. Information We Collect

We collect information that you provide directly to us, information we obtain automatically when you use the Service, and information from third-party sources. The types of information we collect depend on how you interact with the Service.

2.1 Information You Provide Directly

When you register for an account, use the Service, or communicate with us, you may provide:

• Account Information: Email address, password (hashed using industry-standard hashing algorithms), username, and account preferences when you register via our web dashboard
• Telegram User Data: Your Telegram user ID, username, and profile information when you interact with our Telegram bot or link your Telegram account to your web dashboard account
• API Keys and Credentials: Your Hyperliquid exchange API keys and API secrets (encrypted using AES-256 encryption and stored securely). We strongly recommend using API keys with trading-only permissions (no withdrawal or transfer capabilities)
• Trading Configuration: Your bot settings, risk presets, trading parameters, signal templates, position sizing preferences, stop-loss settings, and other configuration data
• Communication Data: Messages, support tickets, feedback, and other communications you send to us through the Service, email, or other channels
• Profile Information: Timezone preferences, notification preferences, and other user settings

2.2 Information Collected Automatically

When you use the Service, we automatically collect certain information about your device and usage:

• Usage Data: How you interact with the Service (web dashboard or Telegram), features you use, pages you visit, time spent on pages, click patterns, and navigation paths
• Device Information: IP address, browser type and version, device type, operating system, screen resolution, and device identifiers
• Log Data: Server logs, error logs, access logs, and system logs that may contain IP addresses, timestamps, and request details
• Trade Logs and Analytics: Records of trades executed by the bot, including entry/exit prices, timestamps, position sizes, PnL, sequence information, and performance metrics for analytics, debugging, and service improvement
• Performance Data: System performance metrics, response times, error rates, and service availability data

2.3 Information from Third Parties

We may receive information about you from third-party services:

• Payment Providers: Subscription status, payment provider customer IDs, billing history, payment method information (processed securely by third-party payment processors like Stripe and Whop.com). We do not store full credit card numbers or sensitive payment details
• Telegram: Information provided by Telegram when you interact with our bot, subject to Telegram's privacy policy
• Hyperliquid Exchange: Trading data, account information, and market data accessed through your API keys for the purpose of executing trades
• Analytics Services: Aggregated usage statistics and analytics data from third-party analytics providers (if used)

3. How We Use Your Information

We use the information we collect for various purposes, including:

3.1 Service Provision

• Execute trades on your behalf according to your configuration and trading parameters
• Provide and maintain the Service, including web dashboard and Telegram bot functionality
• Process transactions, manage subscriptions, and handle billing
• Authenticate your identity and manage your account
• Send you service-related communications, including account notifications, trade alerts, and system updates

3.2 Analytics and Improvement

• Provide analytics, performance tracking, and reporting features
• Analyze usage patterns to improve the Service, user experience, and functionality
• Develop new features and enhance existing ones
• Conduct research and analysis to optimize trading algorithms and strategies
• Debug issues, troubleshoot problems, and maintain system stability

3.3 Communication

• Respond to your inquiries, support requests, and feedback
• Send you important notices about the Service, including changes to terms, policies, or features
• Send marketing communications (with your consent, where required by law)
• Notify you about security alerts, account activity, and suspicious behavior

3.4 Security and Compliance

• Detect, prevent, and address fraud, abuse, security threats, and unauthorized access
• Enforce our Terms of Service and other policies
• Comply with legal obligations, court orders, and regulatory requirements
• Protect our rights, property, and safety, as well as that of our users and others
• Investigate potential violations and respond to legal requests

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

• Contract Performance: To perform our contract with you and provide the Service you have requested
• Legitimate Interests: To improve the Service, ensure security, prevent fraud, and conduct analytics (where our interests do not override your rights and freedoms)
• Consent: Where you have given clear consent for specific processing activities (e.g., marketing communications)
• Legal Obligation: To comply with applicable laws, regulations, and legal processes
• Vital Interests: To protect your or another person's vital interests in emergency situations

5. Data Security

We implement technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. However, no method of transmission over the Internet or electronic storage is 100% secure.

5.1 Security Measures

• Encryption: API keys and sensitive credentials are encrypted at rest using AES-256 encryption and in transit using TLS/SSL protocols
• Password Security: Passwords are hashed using industry-standard algorithms (bcrypt) and never stored in plain text
• Access Controls: We implement role-based access controls, authentication requirements, and least-privilege principles
• Secure Infrastructure: We use industry-standard security practices, secure hosting environments, and regular security assessments
• API Key Restrictions: We recommend and only require trading-only API permissions (no withdrawal or transfer capabilities) to minimize risk
• Monitoring: We monitor for suspicious activity, unauthorized access attempts, and security threats
• Regular Updates: We keep our systems, dependencies, and security measures up to date

5.2 Your Role in Security

While we implement security measures, you also play a crucial role in protecting your information:

• Use strong, unique passwords and enable two-factor authentication (2FA) when available
• Never share your account credentials or API keys with anyone
• Use API keys with trading-only permissions (no withdrawal access)
• Regularly review your account activity and trading logs
• Immediately revoke API keys if you suspect unauthorized access
• Keep your devices and software up to date
• Be cautious of phishing attempts and suspicious communications

Security Limitations: Despite our security measures, we cannot guarantee absolute security. You acknowledge that you provide information at your own risk and that no security system is impenetrable.

6. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following circumstances:

6.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, subject to confidentiality agreements:

• Payment Processors: Stripe, Whop.com, and other payment providers to handle subscription payments, billing, and payment processing
• Email Service Providers: To send verification emails, password resets, account notifications, and service communications
• Hosting and Infrastructure: Cloud hosting providers and infrastructure services that host our Service
• Analytics Providers: Third-party analytics services (if used) to analyze usage patterns and improve the Service
• Support Tools: Customer support platforms and tools to assist with user inquiries

6.2 Trading and Exchange Services

• Hyperliquid Exchange: We access your exchange account via your API keys to execute trades on your behalf. Your API keys are encrypted and stored securely. We do not share your API keys with third parties
• Telegram: Information shared with Telegram when you interact with our bot, subject to Telegram's privacy policy

6.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, including:

• Responding to court orders, subpoenas, or other legal processes
• Complying with applicable laws and regulations
• Protecting our rights, property, or safety, or that of our users or others
• Investigating potential violations of our Terms of Service
• Preventing fraud, abuse, or illegal activities

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

7. Data Retention

We retain your personal information for as long as necessary to provide the Service, fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

• Active Accounts: We retain your data while your account is active and for a reasonable period thereafter
• Deleted Accounts: Upon account deletion, we may retain certain information for legal, regulatory, or business purposes (e.g., transaction records, compliance requirements) for up to 7 years, or as required by applicable law
• Trade Logs: Trading data and logs may be retained for analytics, debugging, and compliance purposes, even after account deletion
• Legal Requirements: We may retain information longer if required by law, regulation, or legal process
• Anonymized Data: We may retain anonymized or aggregated data indefinitely for analytics and improvement purposes

You can request deletion of your data at any time by contacting us. We will honor your request subject to legal and regulatory requirements.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. We will honor these rights to the extent required by applicable law.

8.1 General Rights

• Access: Request access to your personal data and receive a copy of the information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal data (subject to legal and regulatory requirements)
• Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to processing of your data based on legitimate interests
• Restriction: Request restriction of processing in certain circumstances
• Withdraw Consent: Withdraw consent for processing based on consent at any time
• Export: Export your trade logs, configuration data, and account information

8.2 GDPR Rights (EEA/UK Users)

If you are located in the EEA or UK, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access, rectify, erase, restrict, and port your personal data
• Right to object to processing based on legitimate interests
• Right to withdraw consent at any time
• Right to lodge a complaint with your local data protection authority

8.3 CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect, use, and disclose
• Right to delete your personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising your privacy rights

To exercise your rights, please contact us via our contact page. We will respond to your request within 30 days (or as required by applicable law) and may require verification of your identity.

9. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect and store information about your use of the Service.

9.1 Types of Cookies

• Essential Cookies: Required for the Service to function properly (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings to enhance your experience
• Analytics Cookies: Help us understand how you use the Service to improve functionality
• Performance Cookies: Collect information about how you interact with the Service to optimize performance

9.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect the functionality of the Service. Most browsers allow you to refuse or delete cookies, but doing so may limit your ability to use certain features.

10. International Data Transfers

Your information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your jurisdiction.

When we transfer personal data from the EEA or UK to countries outside the EEA/UK, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by applicable law

By using the Service, you consent to the transfer of your information to countries outside your jurisdiction, including the United States, where our servers may be located.

11. Children's Privacy

The Service is not intended for individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

12. Automated Decision-Making and Profiling

The Service uses automated trading algorithms to execute trades based on your configuration and trading parameters. This involves automated decision-making that may affect your trading outcomes.

If you are located in the EEA or UK, you have the right not to be subject to automated decision-making, including profiling, that produces legal effects or similarly significantly affects you. However, automated trading execution is essential to the Service, and by using the Service, you consent to such automated processing.

You maintain control over trading parameters, risk settings, and can stop automated trading at any time. We do not use automated decision-making for purposes other than trade execution as configured by you.

13. Third-Party Links and Services

The Service may contain links to third-party websites, services, or applications that are not operated by us. We are not responsible for the privacy practices of third parties.

When you click on a third-party link or use a third-party service (such as Hyperliquid exchange or Telegram), you will be subject to that third party's privacy policy and terms of service. We encourage you to review the privacy policies of third parties before providing them with your information.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated Policy on this page with a new "Last updated" date
• Sending an email to the address associated with your account (for material changes)
• Displaying a prominent notice on the Service or through the Telegram bot
• Other methods as appropriate based on the nature of the change

Your continued use of the Service after changes become effective constitutes acceptance of the updated Policy. If you do not agree to the changes, you must stop using the Service and may delete your account.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Via our contact page
• Through the contact methods provided on our website
• Via our Telegram bot support channel

For data protection inquiries or to exercise your privacy rights, please clearly indicate your request in your communication. We will respond to your request within 30 days (or as required by applicable law) and may require verification of your identity to protect your privacy.