Candleweb Privacy Policy

Last updated: May 2025

At Candleweb, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and disclose your personal data when you use our AI product, CandleAI. This Privacy Policy is designed to comply with the Nigerian Data Protection Act 2023 and, where applicable, the General Data Protection Regulation (EU) 2016/679 (GDPR).

Data Controller

Candleweb Services Limited is the data controller responsible for the processing of your personal data under this Privacy Policy. For questions or concerns, contact us at support@candleweb.io.

Scope of Application

This Privacy Policy applies to users in Nigeria and, where applicable, to users in the European Economic Area (EEA) whose personal data we may process.

1. Data Collection

We collect the following categories of personal data:

  • Personal information: name, email address, date of birth; KYC IDs (where required by AML law), and other identifying information you provide.
  • Financial information: crypto wallet addresses and transaction data. Wallet addresses may be pseudonymous identifiers but may become personal data if linked to your identity.
  • Usage information: logs of your activity on our platform, including trades executed by our tool and API key usage.

Note: Candleweb is a non-custodial platform. We do not hold or store your funds. You authenticate using your crypto wallet, and connect your exchange accounts to Candleweb via secure API keys. Our AI executes trades through those exchange APIs; we do not control your wallet or funds.

2. Use of Personal Data

We use your personal data to:

  • Provide our AI crypto trading services and related customer support.
  • Execute trades via your connected wallet API.
  • Communicate with you regarding your account and services.
  • Improve our services and develop new features.
  • Fulfill legal or regulatory obligations.
  • Prevent, detect and investigate fraud, abuse or security incidents.
  • Analyze anonymized usage data to enhance system performance.

Our tool includes automated decision-making and profiling to execute trades based on market conditions and your strategy preferences. You have the right to object to certain types of automated processing and may disable trading automation from your dashboard.

3. Legal Basis for Processing

We process your data on the following legal bases:

  • Your consent (e.g., for marketing communications).
  • Performance of a contract (e.g., providing our AI trading services).
  • Compliance with legal obligations.
  • Our legitimate interests (e.g., improving our platform, preventing fraud).

4. Data Sharing

We may share your data with:

  • Service providers under contractual obligations (e.g., hosting, analytics, security providers).
  • Regulatory authorities, if legally required or to protect our rights or the rights of others.
  • Business partners involved in delivering the service (under strict data protection terms).

All third-party processors are bound by data processing agreements ensuring compliance with applicable data protection laws.

5. Data Security

We implement technical and organizational safeguards including:

  • TLS encryption
  • Database access control
  • Secure API gateways
  • Regular security audits
  • Breach response protocols

We reserve the right to implement third-party penetration tests and bug-bounty programs.

6. Data Retention

We retain data for as long as necessary to:

  • Maintain your account
  • Provide you with services
  • Comply with regulatory requirements

API tokens are retained for up to six years (five years statutory record-keeping + one-year contingency). User account data is deleted 90 days after you close your account unless legal retention applies.

7. Your Rights

You have the following rights regarding your personal data:

  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure of personal data
  • Restrict or object to processing
  • Request data portability in a machine-readable format

To exercise your rights, contact us at support@candleweb.io. We aim to respond within 30 days.

8. Transfers of Personal Data

Where we transfer data outside your country of residence, we use legally approved mechanisms and standard contractual clauses to ensure your data remains protected.

9. Cookies and Similar Technologies

We use cookies and similar technologies to collect technical and usage information. Non-essential cookies require your consent. A cookie banner and preferences panel will be provided.

10. Marketing Communications

We will only send you marketing communications with your consent. You may withdraw this consent at any time via unsubscribe links or by contacting us.

11. Children's Privacy

Our services are not intended for individuals under the age of 21. We do not knowingly collect data from children. KYC requirements are the responsibility of the exchanges connected to our service through the API keys.

12. Blockchain and Web3-Specific Disclosures

Candleweb does not control or modify blockchain-based data. Wallet addresses and transactions may be visible on public ledgers and cannot be altered or erased. We recommend users exercise caution when linking personal information to blockchain addresses. Smart-contract interactions are public and immutable; if you publicly associate your wallet with your identity, that linkage may be permanent.

13. Changes to this Privacy Policy

We may update this policy periodically. The latest version will always be available on our website. Last updated: May 2025

14. Contact Us

If you have any questions or concerns regarding our privacy policy or our handling of your personal data, please contact us at support@candleweb.io. We aim to respond within 30 days.