Privacy Policy

We collect account information such as name, email address, hashed password or OAuth login identifiers, subscription state, support requests, and basic product usage needed to operate the service.

If you connect exchange API keys, DerivCC stores them encrypted at rest and uses them for read-only account visibility. Users should only provide API keys that have trading, transfer, and withdrawal permissions disabled.

Paid subscriptions are processed by Stripe. DerivCC stores Stripe customer and subscription identifiers, but card numbers and payment method details are handled by Stripe.

We use account and workspace data to authenticate users, operate dashboards, enforce plan access, deliver alerts, provide support, detect abuse, maintain security, and improve product reliability.

DerivCC does not sell personal information. We may share limited data with infrastructure providers, authentication providers, payment processors, email or alert delivery services, and legal or security reviewers when necessary to operate or protect the service.

Account, billing, audit, and workspace data may be retained while an account is active and for a reasonable period after closure where needed for security, accounting, dispute resolution, backups, or legal obligations.

Users can request account data export or deletion by contacting support. Some records may remain where retention is required for fraud prevention, financial records, or legal compliance.

DerivCC uses encrypted storage for exchange API keys, environment secret separation, production health checks, and read-only exchange access guidance. No internet service can guarantee absolute security, so users must keep account credentials and connected exchange permissions under their own control.