Last updated: 28 April 2026 · Interim — full counsel-reviewed policy issued before paid launch.
When you use SENTINEL via Telegram, we collect your Telegram chat ID and display name so we can deliver alerts and route commands back to you. If you opt in to the /coach feature, you provide a read-only Bybit API key + secret which is encrypted at rest with AES-256-GCM before storage. We do not collect your real name, email, payment details, or KYC information during the current beta.
Telegram identifiers are used solely to send signals, manage subscription state, and provide per-user features (portfolio, journal, settings, /coach summaries). We do not sell or rent personal data to third parties.
Bybit API credentials submitted to /coach are stored encrypted using a master key held in environment configuration that is never written to the database. The keys are only ever decrypted in-memory for the duration of a single API call to Bybit's read-only endpoints. You can revoke access at any time by deleting the key in your Bybit account or by issuing the bot's /coach disconnect command.
We retain logs of signals fired (symbol, tier, entry/exit prices, hold duration, outcome) for up to 18 months for model training, walk-forward validation, and live performance reporting. These logs do not personally identify you.
Subscriber records are retained while your subscription is active. Encrypted Bybit credentials are removed within 30 days of /coach disconnection or subscription cancellation. Aggregate analytics (no personal data) may be retained indefinitely.
Depending on your jurisdiction (EU/UK GDPR, Singapore PDPA, etc.) you may have rights of access, rectification, erasure, restriction, portability, and objection. To exercise these rights, contact the operator via the Telegram bot's /admin contact command or the email address listed on /about.
We use TLS for all client-server communication, encrypted storage for sensitive credentials, and continuous monitoring for unauthorised access. No system is perfectly secure; you use the service at your own risk.
We use Bybit, Binance, Coinglass, and CoinGecko APIs to fetch market data; we use Telegram to deliver the bot interface. We do not share your personal identifiers with these services beyond what is required to fulfil API requests you initiate (e.g. forwarding your own Bybit key to Bybit when you use /coach).
We may update this policy from time to time. The current version will always be available at this URL. Material changes will be communicated to active users through the service.