Your Privacy.
Engineered, Not Promised.
Storm Bot is built on military-grade encryption and zero-trust architecture. This policy explains exactly what we collect, how it's protected, and the rights you have over your data.
Overview
This Privacy Policy describes the information practices of LR21 Systems ("LR21", "we", "us", or "our") for the Storm Bot automated trading and mining platform — including the LR21 web application at lr21.org, our mobile apps, and the associated trading bot APIs (collectively, the "Service").
By using the Service you agree to the collection and use of information in accordance with this Policy. If you do not agree with any part of it, do not use the Service.
We collect the minimum data required to operate Storm Bot. We do not sell or rent personal data to third parties — ever.
Information We Collect
To operate Storm Bot securely we collect only the data necessary for authentication, trade execution, and account recovery.
Email Address
Your email is collected during sign-up (via Google OAuth or direct registration). It is used to authenticate your account, send transactional messages (security alerts, password resets, trade confirmations) and, if you opt in, occasional product updates.
Encrypted Exchange API Keys
To execute trades on your behalf, Storm Bot requires read & trade permissions on your exchange (e.g., Binance) API keys. We never request, store, or accept withdrawal permissions. Your API keys are encrypted on-device before transit and are stored only in encrypted form on our servers — see Data Security below.
Trading & Mining Activity
We log trade events (entries, exits, P&L), bot configuration changes, and mining session metadata so that we can render your dashboard, calculate statistics, and provide audit trails. This data is tied to your account ID, not shared externally, and is required for the Service to function.
Technical & Device Data
Standard request metadata (IP address, user-agent, timestamps, app version) is recorded for security, fraud detection, and rate limiting. Crash logs and aggregated app analytics help us improve stability — these do not include API keys, passwords, or trade secrets.
Cookies & Local Storage
We use cookies and browser local storage strictly to keep you signed in and to remember UI preferences. We do not use third-party advertising cookies.
Data Security
Storm Bot was designed with the assumption that any system can be probed. We layer multiple defences so that even an internal breach cannot reveal your trading credentials.
AES-256 Encryption at Rest
Every API key, secret, and sensitive credential is encrypted with AES-256-GCM using keys held in a hardware-isolated secrets store. Encryption keys are rotated on a defined schedule and are never embedded in source code or container images.
Hardened VPS Infrastructure (Contabo)
Storm Bot runs on dedicated, hardened virtual servers hosted by Contabo in EU/Asia regions. Servers are firewalled at the network edge, expose only required ports, and are accessed exclusively over key-based SSH with multi-factor authentication. The platform runs behind an NGINX reverse proxy with TLS 1.3 (Let's Encrypt), HSTS, and strict CSP headers.
Operational Controls
Access to production data is restricted to a minimal set of operators on a need-to-know basis, gated by 2FA. All privileged actions are logged. Backups are encrypted, integrity-checked, and stored in a separate region.
No system is impenetrable. While we apply industry-best practices, you are also responsible for protecting your own login credentials and enabling two-factor authentication on your account.
How We Use Data
We use the information we collect strictly to:
- Authenticate you and keep your account secure.
- Execute trades and run mining sessions on your behalf, exactly within the parameters you configure.
- Render dashboards, performance reports, P&L history, and mining statistics.
- Detect fraud, abuse, and unauthorized access (e.g., login from new devices).
- Send transactional notifications: security alerts, password resets, trade confirmations.
- Comply with legal obligations and lawful requests from regulators.
- Improve the Service through aggregated, non-identifying usage analytics.
We do not use your data to train third-party AI models, sell it to data brokers, or share trade history with marketing partners.
Your Rights
You retain full ownership of your data. Under GDPR, CCPA, and equivalent regulations, you may exercise the following rights at any time:
Right to Access
Request a copy of all personal data we hold about you, in machine-readable format.
Right to Rectify
Correct any inaccurate or outdated personal data on your account.
Right to Delete
Permanently delete your account and all associated data, including encrypted API keys.
Right to Restrict
Pause processing of your data while we resolve a dispute or correction request.
Deleting Your Account & Data
To delete your account, sign in and visit your profile, or email sociodesk.help@gmail.com from the email address tied to your account. Within 30 days of a verified request we will permanently erase: your profile, encrypted API keys, bot configuration, trade and mining history, and authentication tokens. Limited records may be retained where required by law (e.g., anti-fraud, tax records).
Data Retention
We retain personal data only for as long as necessary to provide the Service or to satisfy legal obligations.
- Account data: while your account is active.
- Trade & mining logs: up to 24 months for performance reporting and dispute resolution.
- Security & access logs: up to 12 months for fraud prevention.
- Backups: encrypted, expired automatically per our retention schedule.
On account deletion, primary records are erased within 30 days; backups are purged on their next rotation cycle.
Third-Party Services
Storm Bot integrates with a small set of trusted third parties that are each governed by their own privacy policies:
- Google (Sign-in with Google) — for OAuth authentication.
- Binance / supported exchanges — for executing trades you initiate.
- Contabo — VPS infrastructure provider.
- Cloudflare / Let's Encrypt — TLS, DNS, and edge security.
We share with these providers only the minimum data required for the integration to function. We do not authorize them to use your data for independent purposes.
Children's Privacy
Storm Bot is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we learn that we have collected data from a minor, we will delete it promptly. If you believe a minor has provided us with personal data, contact us at sociodesk.help@gmail.com.
Policy Changes
We may update this Policy from time to time to reflect changes in the Service, applicable laws, or operational practices. Material changes will be announced via in-app notification or email at least 14 days before they take effect.
The "Last updated" date at the top of this page always reflects the most recent revision.
Contact Us
Questions about this Policy, a privacy concern, or a data request? We take every message seriously and respond within 5 business days.