Privacy Policy
How we collect, use, store, share, and protect your personal data.
Effective: 8 May 2026
Estimated Reading Time: 9 minutes
Zeno JSC ("Zeno JSC", "AlphaSet", "we", "us", "our") operates the AlphaSet platform at alphaset.org. This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our Services.
By using AlphaSet, you agree to the practices described in this Privacy Policy.
1. Data We Collect
Account Data
- Full name, email address, phone number (if provided)
- Account credentials (handled via secure authentication — passwords are never stored in plain text)
- Country of residence
- Identity verification documents (if KYC is required)
Billing and Payment Data
- Payment method details (processed via our payment provider — Zeno JSC does not store full card numbers)
- Billing address, transaction history, subscription status
Exchange and Trading Data
- Exchange API keys (stored AES-256 encrypted — never exposed in plain text)
- Connected exchange accounts and selected Alphas
- Trade history and performance data generated through AlphaSet
- Token balance and consumption history
Usage Data
- Pages visited on alphaset.org, features used, actions taken within the platform
- Time and duration of sessions, click paths, error events
Technical Data
- IP address, device type, operating system, browser type and version
- Referring URL, geographic location (country/region level)
Communication Data
- Support requests, emails, and chat messages you send to us
- Feedback, survey responses, and other voluntary submissions
Cookie Data
See our Cookie Policy for full details.
2. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Provide and operate the Services (account, trading, subscriptions) | Contract performance |
| Process payments and manage billing | Contract performance |
| Verify your identity (KYC/AML compliance) | Legal obligation |
| Send service notifications (subscription renewal, trade alerts, system updates) | Contract performance / Legitimate interest |
| Respond to support requests and resolve disputes | Legitimate interest |
| Improve platform performance and fix bugs | Legitimate interest |
| Conduct analytics to understand platform usage | Legitimate interest |
| Send marketing communications (with your consent) | Consent |
| Detect fraud and maintain platform security | Legitimate interest / Legal obligation |
| Comply with legal requirements and respond to lawful requests | Legal obligation |
3. Data We Do Not Sell
We do not sell your personal data to third parties. We may share anonymized and/or aggregated data (which cannot identify you) for analytics, research, or industry reporting purposes.
4. Data Sharing
We share your data only in the following circumstances:
- Service providers — Third parties who assist in operating the platform: cloud hosting (e.g., AWS, Azure), payment processing, email delivery, analytics tools, customer support software. These providers are contractually bound to protect your data and use it only for the services they provide to us.
- Exchanges and brokers — Exchange platforms (Bybit, BingX, Bitget, Exness, FM) receive API commands for trade execution. Zeno JSC does not share your personal profile data with exchanges beyond what is required to establish API connectivity.
- Legal authorities — We may disclose data if required by applicable law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Zeno JSC, our users, or the public.
- Business transfers — In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. You will be notified in advance of any such transfer.
5. Exchange API Keys
Exchange API keys are stored using AES-256 encryption. Keys grant AlphaSet trade-execution permissions only — withdrawal permissions are never requested. API keys are:
- Never logged in plain text
- Never shared with third parties except the relevant exchange for trade execution
- Deleted from our systems upon account termination or API disconnection
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 6 years post-termination |
| Transaction and billing records | 5 years from transaction date |
| Support communications | 6 years from resolution |
| Usage and technical data | 90 days from collection |
| Marketing consent records | Until consent is withdrawn + 3 years |
| KYC/identity documents | As required by applicable AML law |
After the retention period expires, data is securely deleted or anonymized.
7. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
- Access — Request a copy of the personal data we hold about you.
- Correction — Request correction of inaccurate or incomplete data.
- Deletion — Request deletion of your personal data, subject to legal retention obligations.
- Portability — Request your data in a structured, machine-readable format.
- Restriction — Request that we limit how we process your data.
- Objection — Object to processing based on legitimate interest.
- Withdraw consent — Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at support@alphaset.org. We will respond within 30 days (extendable to 60 days for complex requests). We may request identity verification before processing your request.
8. Security
We implement technical and organizational measures to protect your personal data, including:
- AES-256 encryption for stored API keys
- TLS encryption for data in transit
- Role-based access controls for internal data access
- Regular security reviews and vulnerability assessments
No security measure is 100% effective. In the event of a data breach affecting your rights and freedoms, we will notify you as required by applicable law.
9. Cookies
We use cookies and similar tracking technologies on alphaset.org. See our Cookie Policy for full details on what we use and how to manage your preferences.
10. Children's Privacy
AlphaSet is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at support@alphaset.org and we will delete it promptly.
11. International Data Transfers
Your data may be processed and stored on servers located outside your country of residence. Where data is transferred internationally, we take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy and applicable law.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notice before taking effect. The current version is always available at alphaset.org/legal.
13. Contact
For privacy-related questions, requests, or complaints:
Email: support@alphaset.org
Subject line: Privacy Request — [Your Name]
Last updated: 8 May 2026