Privacy Policy

Last updated: June 2025

1. Overview

FlashLoanLab ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

By using the Service you agree to the collection and use of information as described in this policy.

2. Information We Collect

2.1 Account information

When you register, we collect your email address, a display name (optional), and a hashed version of your password. We never store your password in plain text.

2.2 Wallet addresses

When you connect a wallet or register a trading wallet, we store the public wallet address. Trading wallet private keys, if registered for Auto Trading, are stored encrypted with AES-256-GCM. The encryption key is held server-side and is not accessible via any API endpoint.

2.3 Usage data

We log API requests, simulation runs, execution attempts, and auto-trading activity associated with your account. This includes timestamps, opportunity IDs, transaction hashes, profit amounts, and error messages. This data is used to operate the Service, display your history, and diagnose issues.

2.4 Technical data

We may collect IP addresses, browser type, and access timestamps for security, fraud prevention, and rate limiting. This data is retained for a maximum of 90 days.

3. How We Use Your Information

  • To operate and maintain your account and the Service
  • To execute trades and track profit settlements on your behalf
  • To send transactional emails (password resets, security alerts)
  • To detect and prevent fraud, abuse, and unauthorised access
  • To comply with legal obligations
  • To improve the Service based on aggregate, anonymised usage patterns

We do not sell your personal data. We do not use your data for advertising.

4. Data Sharing

We do not share your personal information with third parties except:

  • Service providers: Infrastructure providers (cloud hosting, database) who process data on our behalf under data processing agreements.
  • Token safety APIs: Token contract addresses (not personal data) are sent to GoPlus API for risk scoring.
  • Legal requirements: We may disclose information if required by law, court order, or to protect the rights and safety of the platform and its users.

Blockchain transactions are public by nature. Transaction hashes, wallet addresses, and trade amounts are permanently visible on-chain and are outside our control.

5. Data Retention

We retain account data for as long as your account is active. Transaction history, simulation logs, and execution records are retained indefinitely to support auditing and dispute resolution.

Technical logs (IP addresses, access logs) are retained for 90 days and then deleted.

Upon account deletion, we will delete personal information within 30 days, except where retention is required by law or for fraud prevention purposes.

6. Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit (HTTPS)
  • AES-256-GCM encryption for stored private keys
  • Bcrypt password hashing (cost factor 12)
  • Rate limiting and brute-force protection on authentication endpoints
  • Session token rotation and expiry

No system is 100% secure. If you discover a security vulnerability, please report it to security@flashloanlab.com.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain types of processing

To exercise these rights, contact privacy@flashloanlab.com. We will respond within 30 days.

8. Cookies

We use only strictly necessary session tokens stored in localStorage. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a minor, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice in the Service. The "Last updated" date at the top of this page reflects when the policy was last revised.

11. Contact

Privacy questions or requests: privacy@flashloanlab.com