Back

Privacy Policy

Last updated: March 4, 2026

1. Introduction

Project Futures ("we", "us", "our") operates the project-futures.com website and related services. This Privacy Policy explains how we collect, use, and protect your information when you use our platform.

By using our services, you agree to the collection and use of information as described in this policy.

2. Information We Collect

Account Information:

  • Email address (for account registration and communication)
  • Username (chosen by you)
  • Hashed password (we never store plaintext passwords)
  • Telegram User ID (if linked via Telegram login)

Exchange API Keys (Optional):

  • API keys, secret keys, and passphrases for supported cryptocurrency exchanges
  • These are provided voluntarily by you to simplify position opening on exchanges
  • All API credentials are encrypted using AES-256-GCM encryption before storage
  • We strongly recommend providing keys with withdrawal permissions disabled

Usage Data:

  • Pages visited and features used
  • Browser type, device information, and IP address
  • Analytics data (only if you consent to cookies)

3. How We Use Your Information

  • To provide and maintain the spread scanner and trading tools
  • To open positions on exchanges on your behalf using your API keys (only when explicitly initiated by you)
  • To manage your account and subscription
  • To send service-related notifications via Telegram
  • To improve our services through anonymized usage analytics

4. API Key Security

Our approach to API key security:

  • AES-256-GCM encryption — all API credentials are encrypted at rest with a unique initialization vector per key
  • Non-custodial model — we never hold, transfer, or manage your cryptocurrency funds directly
  • Withdrawal-disabled keys only — we recommend and support API keys that cannot withdraw funds
  • No key logging — decrypted API keys are held in memory only during position opening and never written to logs
  • Key deletion — you can delete your stored API keys at any time from your dashboard

5. Cookies and Tracking

We use minimal cookies:

  • Essential cookies: Authentication tokens stored in localStorage for session management. These are required for the service to function.
  • Analytics cookies (opt-in): We use TikTok Pixel for advertising attribution — this is loaded only after you explicitly consent via our cookie banner. You can decline without any loss of functionality.

We do not use third-party tracking cookies, fingerprinting, or cross-site tracking beyond the optional analytics pixel.

6. Data Sharing

We do not sell, rent, or share your personal information with third parties, except:

  • Cryptocurrency exchanges — your API credentials are used to send position-opening requests directly to exchange APIs
  • Payment processors (OxaPay) — for processing cryptocurrency subscription payments
  • Law enforcement — if required by applicable law

7. Data Retention

  • Account data is retained while your account is active
  • API keys can be deleted by you at any time
  • Upon account deletion, all associated data including encrypted API keys is permanently removed
  • Anonymized analytics data may be retained for service improvement

8. Your Rights

  • Access, correct, or delete your personal data at any time from your dashboard
  • Withdraw cookie consent via browser settings or by clearing localStorage
  • Delete your API keys at any time
  • Request full account deletion by contacting us

9. Security Measures

  • HTTPS/TLS encryption for all data in transit
  • AES-256-GCM encryption for sensitive data at rest
  • Rate limiting and brute force protection on authentication endpoints
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Strict Transport Security (HSTS) headers
  • Regular security audits and dependency updates

10. Contact

For privacy-related inquiries, contact us via Telegram: @project_futures