plasso
Sign inGet started →
LEGAL
Draft · counsel-pending

Privacy policy.

Last updated 2026-04-28
Working draft. The text below summarises Plasso's position in plain language while the formal document is being prepared with counsel. The final version replaces this page in full. Until then, treat the draft as a description, not a contract.

1. What we store

  • Account info: the email and (optional) name you sign up with.
  • Exchange API keys: encrypted at rest with AES-256-GCM. We never see plaintext keys after they're saved; we cannot recover them if you lose access.
  • Trade history: every signal, fill, position, and P&L entry on your account. This drives the dashboard.
  • Billing records: subscription periods, charge IDs, payment status. Card data and crypto wallet addresses live with our billing rails (Paystack, NOWPayments). Not on Plasso.
  • Operational logs: which pages you loaded, when you signed in, errors. Retained for 30 days then deleted.

2. What we don't store

  • Your card number, CVV, or expiry. Those go to Paystack directly.
  • Your crypto private keys, seed phrases, or wallet passwords.
  • Your broker / exchange password (we use API keys with trade-only permissions).
  • Your IP address beyond the immediate session for security purposes.
  • Browsing analytics (no Google Analytics, no Mixpanel, no third-party trackers).

3. Who else sees your data

We use a small number of vendors to operate Plasso. Each receives only what they need:

  • Clerk. Authentication. Sees email + auth tokens.
  • Paystack. Fiat billing rail. Sees email + amount.
  • NOWPayments. Crypto billing rail. Sees email + amount.
  • Resend. Transactional email. Sees email + message body.
  • Google Cloud Platform. Server hosting. Sees encrypted database contents.
  • Vercel. Frontend hosting. Sees request URLs and IP addresses (transient).

We do not sell your data. We do not share it with anyone outside the operational vendors above.

4. Your rights

You can, at any time:

  • Export your trade history as CSV from the dashboard.
  • Delete your exchange API keys via the API-keys settings page.
  • Cancel your subscription and delete your account by emailing legal@plasso.xyz. We process within 7 days.
  • Request a full data export in machine-readable form. Same email; same SLA.

5. Cookies

We use one essential cookie: the Clerk session cookie that keeps you signed in. There are no analytics cookies, advertising cookies, or tracking pixels.

6. Security incidents

If we discover a breach affecting your data, we email every affected user within 72 hours of confirmation, with a plain description of what happened, what data was exposed, and what we're doing about it.

7. Changes

Material changes to this policy are emailed to the address on your account 14 days before they take effect.

Questions or concerns? Email legal@plasso.xyz. We answer everything within two business days.