Privacy Policy
Effective date: May 18, 2026 Last updated: May 18, 2026
The short version
Shinobi Order ("the Order", "we") is a Telegram bot that shows you your Binance positions in one place. To do that, we need a few specific things — your Telegram identity and your read-only Binance API keys. We store these securely, never sell them, and let you remove them whenever you want.
This policy explains what we collect, why, how long we keep it, and what rights you have.
Who runs this
Shinobi Order is operated by an individual based in Moldova (the "operator"). We are not a registered company at this time. If that changes, this section will be updated.
For privacy questions, contact us at privacy@shinobiorder.com.
What we collect
From Telegram, when you use the bot
When you message the bot, Telegram passes us:
- Your Telegram user ID (a number — not your phone number)
- Your username (only if you've set one)
- Your first name and language code
We do not see your phone number, your contacts, or any of your other Telegram conversations.
From you, when you add API keys
When you run /add, you provide:
- Your Binance API key, secret, and passphrase (if applicable)
- A label you choose for the key
API secrets are encrypted at rest using AES-256-GCM before being written to our database. The encryption key lives outside the database, on the server filesystem. Even with full database access, the encrypted credentials are unreadable without the key.
Automatically, when you visit our website
Our web server (Caddy) writes standard access logs: IP address, user-agent string, requested URL, HTTP response code, and referrer. These logs are retained for up to 30 days and used for security monitoring and debugging.
We do not use cookies, tracking pixels, browser fingerprinting, or any third-party analytics on our website. If we add privacy-friendly analytics in the future, we will update this policy and announce it in our Telegram channel before the change takes effect.
From error tracking
We use Sentry to capture unhandled errors in the bot. Before any error event leaves our server, it passes through a scrubber that removes API keys, secrets, tokens, signatures, and similar sensitive values from messages, headers, and event context. We do not intentionally send personal data to Sentry, and the scrubber is our backstop in case something slips through.
Why we collect it (legal basis)
Under the GDPR, we rely on two grounds:
- Performance of a contract (Article 6(1)(b)) — We need your Telegram ID to know whose keys to use, and your API keys to query Binance on your behalf. Without these, the service cannot function.
- Legitimate interest (Article 6(1)(f)) — Web server logs and scrubbed error tracking are necessary to keep the service running and secure.
How long we keep it
| Data | Retention |
|---|---|
| Telegram identifiers and encrypted API keys | As long as you use the service |
Data removed via /remove | Deleted from the live database within minutes |
| Web server access logs | Up to 30 days, then rotated out |
| Sentry error events | 30 days (Sentry default) |
| Encrypted offsite backups | Rolling 30 days; older snapshots expire automatically |
When you ask us to delete your account, we remove your data from the live database immediately. Older backup copies expire on the 30-day rotation; we do not separately purge them, but they are encrypted and only ever restored in a disaster-recovery scenario.
Who we share it with (subprocessors)
We do not sell your data. We do not share it for marketing. We do rely on a small set of infrastructure providers to run the service:
| Provider | Purpose | Location |
|---|---|---|
| Telegram | Bot platform — your messages reach us through them | Global |
| Binance | We use your keys to query your Binance account | Global |
| Hetzner Cloud | Server hosting | Helsinki, Finland (EU) |
| Cloudflare | DNS and inbound email routing | Global |
| Sentry | Error tracking (events scrubbed of secrets before sending) | US-hosted |
| Backblaze B2 | Encrypted offsite backups | US-hosted |
Sentry and Backblaze are US-hosted. Data sent to Backblaze is encrypted client-side (age encryption) before upload, so US-side staff cannot read it. Data sent to Sentry has secrets removed by our scrubber before sending.
How we protect your data
- API secrets are encrypted with AES-256-GCM before storage.
- We refuse to register API keys with trading or withdrawal permissions. At
/add, we verify your key is read-only and reject it otherwise. - The encryption key is not in the database. Even with a database leak, encrypted credentials are unreadable.
- Our server is firewalled. SSH is key-only. The database is not exposed to the public internet.
- Error reports are scrubbed of secrets before leaving the server.
- Backups are encrypted with
agebefore being uploaded offsite.
No system is perfectly secure, and we will not pretend otherwise. If a personal data breach happens, we will notify affected users via Telegram within 72 hours, in line with GDPR Article 33.
Your rights
Under the GDPR, you have the right to:
- Access the data we hold about you
- Correct inaccurate data
- Delete your data (the "right to be forgotten")
- Restrict how we process your data
- Port your data to another service in a machine-readable format
- Object to processing based on legitimate interest
- Withdraw consent at any time (where consent is the legal basis)
To exercise any of these rights, email privacy@shinobiorder.com and reference your Telegram username or ID. We will respond within 30 days.
You also have the right to lodge a complaint with your local data protection authority. For EU residents, that is your country's DPA. For Moldovan residents, that is the National Center for Personal Data Protection (CNPDCP, datepersonale.md).
Children
Shinobi Order is not available to people under 18. We do not knowingly collect data from minors. If we discover that we have collected data from someone under 18, we will delete it immediately.
International transfers
Some of our subprocessors (Sentry, Backblaze) are based in the United States. Data transferred to these providers is either encrypted before transfer (Backblaze) or scrubbed of sensitive content (Sentry). We rely on the providers' Standard Contractual Clauses where applicable.
Changes to this policy
We may update this policy from time to time. When we do, we will change the "Last updated" date at the top. For material changes (e.g. a new subprocessor that handles personal data, a change in retention), we will post a notice in our Telegram channel (@shinobiorder) at least 14 days before changes take effect.
Continuing to use the service after the effective date of a new version means you accept the updated policy.
Contact
- Privacy questions: privacy@shinobiorder.com
- General questions: support@shinobiorder.com
- Telegram: @shinobiorder_chat