Legal

Privacy Policy

This policy explains what information PipAI collects, how we use it, and the choices you have. It applies to every surface we operate: the web app, APIs, and related support channels.

Last updated · January 9, 2025

Overview

Who we are, and what this covers.

XBlade Studio Quant Technology Limited (“PipAI”, “we”) is the operator of the PipAI trading layer and associated tooling. This policy covers every product we ship — the web app, hosted APIs, and the integrations that connect to your exchange or wallet.

By using PipAI you agree to the practices described here. If you disagree with any part of the policy, please stop using the service and reach out so we can address your concerns or delete your account.

What We Collect

Only the data we need to run the platform.

We collect three categories of information — account, trading, and technical — each with a narrow operational purpose.

Account information

  • Username, email address, and contact details
  • Account preferences and interface settings
  • Authentication material, stored as salted hashes

Trading information

  • Exchange API keys, encrypted at rest
  • Strategy configuration and risk parameters
  • Trade history, fills, and performance statistics

Technical information

  • Device metadata (OS, browser, viewport)
  • IP address and coarse geolocation
  • Access logs, error reports, and performance traces
How We Use It

Running the service, improving it, keeping it safe.

Service provision

  • Run the trading platform and related services
  • Execute strategies and enforce risk envelopes
  • Generate reports, analytics, and notifications
  • Deliver technical support and account assistance

Service improvement

  • Understand usage to improve product features
  • Refine execution quality and backtest accuracy
  • Monitor system health and performance
  • Personalize dashboards where you opt in

Security and compliance

  • Detect and block fraud or automated abuse
  • Meet legal, tax, and regulatory obligations
  • Preserve integrity of markets we connect to
  • Investigate disputes and security incidents
How We Protect It

Defense at every layer.

Technical controls

  • AES-256 encryption for sensitive data at rest
  • HTTPS everywhere for data in transit
  • Regular security audits and vulnerability scans
  • Layered firewalls and intrusion detection

Operational controls

  • Least-privilege access for employees
  • Mandatory security training across engineering
  • Continuous backups with restore drills
  • On-call response for security incidents
Sharing

We don’t sell your data. Here’s when we share it.

PipAI does not sell, rent, or trade your personal information. We share it only in the narrow circumstances listed below.

Legal requirements

We disclose information when compelled by law, a valid court order, or a lawful request from an authority with jurisdiction.

Service providers

We share limited data with vetted processors — cloud, analytics, support — under contractual data-protection obligations.

With your consent

We share with specific third parties only when you explicitly authorize it, for example when connecting a new exchange.

Your Rights

Control over your information.

Right of access

Request a copy of the personal data we hold about you.

Right of rectification

Ask us to correct data that is inaccurate or incomplete.

Right of erasure

Request deletion of your personal data where permitted by law.

Right of portability

Receive your data in a structured, machine-readable format.

Cookies

Small files, precise purpose.

We use cookies and similar storage to keep you signed in, remember preferences, and understand how the product is used.

  • Essential: Required for the site to function (auth, session state).
  • Functional: Remember preferences like language and interface layout.
  • Analytics: Help us understand which features are used and how often.
  • Marketing: Measure the reach of campaigns; used only where you opt in.
Retention

Kept only as long as useful — or required.

  • Account records — for the life of the account, then up to 3 years after closure
  • Trading data — up to 7 years, as required by financial record-keeping rules
  • Technical and access logs — up to 12 months
  • Marketing preferences — removed immediately when you unsubscribe
Contact

Questions about your data?

Reach the privacy team for access, rectification, deletion, or any other request covered by this policy.

Email
[email protected]
Address
1 Finance Street, Central, Hong Kong SAR
Phone
+852 1234-5678
Learn more about PipAI

We may update this policy as the product evolves. When changes are material, we'll notify you by email or through a prominent notice in the app. Continued use after an update counts as acceptance of the revised policy.