Privacy Policy

Last updated: April 2026

1. Introduction

PSL OmniTrade is a Trade Terminal Client developed by Kripto Pusulası that provides automated cryptocurrency trading tools for the WEEX exchange. The extension includes features such as OmniBot automated trading, Trailing Stop Loss, Backtest, Dashboard, Trade Panel and PNL Card capabilities.

This Privacy Policy explains how we collect, use, handle, store, share, and protect your information when you use the PSL OmniTrade Chrome extension and associated website (pslomni.com). This policy applies to all users of our extension and website.

2. Data Collection

We collect and process the following types of data:

2.1 Account Data (Stored on Firebase servers)

• Email address — Used for account authentication and communication
• Password hash — Securely hashed by Firebase Authentication; we never store or have access to your plain-text password
• WEEX UID — Your WEEX exchange user ID, used to verify referral membership
• Account metadata — Creation date, last login timestamp, active session ID, account status

2.2 Trading Data (Stored locally in your browser only)

• WEEX API Key and Secret Key — Stored exclusively in Chrome's local storage on your device
• Trading preferences and settings — Bot configurations, leverage, margin, risk parameters, selected trading pairs
• Cached market data — Temporarily cached price and chart data for performance

2.3 Automatically Collected Data

• IP address — Collected temporarily by our Cloud Functions for rate limiting purposes only. IP addresses are stored in server memory for a maximum of 10 minutes and are never written to any database or log file.
• Authentication tokens — Firebase generates temporary authentication tokens (ID tokens) that expire after 1 hour and are refreshed automatically. These are used solely for verifying your identity.
• Session identifiers — A random session ID is generated at each login to ensure single-device access. This is stored in your Firestore user document and updated on each new login.

2.4 Data We Do NOT Collect

• We do not collect browsing history or web activity
• We do not collect keystrokes or form data outside of our extension
• We do not collect device fingerprints or hardware identifiers
• We do not use cookies, analytics, or tracking pixels
• We do not collect or access data from any other extensions or websites

3. Data Usage

We use collected data strictly for the following purposes:

• Account authentication — Your email and password hash are used to verify your identity when you log in
• Referral verification — Your WEEX UID is used to verify that your WEEX account is registered through our referral link
• Session management — Session IDs ensure that your account is active on only one device at a time for security
• Rate limiting — IP addresses are used temporarily to prevent abuse of our authentication services
• Trade execution — Your locally stored API credentials are used to execute trades directly on the WEEX exchange from your browser
• Market data display — Cached market data is used to show prices, charts, and indicators on the extension dashboard

We do not use any collected data for advertising, profiling, marketing, analytics, or any purpose unrelated to providing the PSL OmniTrade trading service.

4. Data Handling and Transmission

All data transmitted between your browser and external servers is protected using industry-standard security measures:

• HTTPS/TLS encryption — All network communications (Firebase, WEEX API, Cloud Functions) use HTTPS with TLS encryption. No data is ever transmitted over unencrypted HTTP connections.
• HMAC-SHA256 signing — All WEEX API requests are signed using HMAC-SHA256 cryptographic signatures to prevent tampering and ensure authenticity.
• Direct API communication — Trade-related API calls are made directly from your browser to WEEX servers. Your API credentials never pass through our servers.
• Firebase security — Firebase Authentication and Firestore employ Google's enterprise-grade encryption at rest (AES-256) and in transit (TLS 1.2+).
• Firestore security rules — Database access is restricted by security rules that ensure users can only read and write their own data.

5. Data Storage

5.1 Server-side Storage (Firebase — Google LLC)

Your email, hashed password, WEEX UID, session ID, and account metadata are stored on Firebase servers operated by Google LLC in the United States (us-central1 region). Firebase employs industry-standard security measures including AES-256 encryption at rest and TLS encryption in transit.

5.2 Client-side Storage (Your Browser)

Your WEEX API credentials, trading configurations, bot settings, and cached market data are stored exclusively in Chrome's local storage (chrome.storage.local) on your device. This data:

• Never leaves your browser
• Is never transmitted to our servers or any third party
• Is permanently deleted if you uninstall the extension or clear Chrome's storage
• Can be manually deleted at any time from the extension settings

6. Data Retention

• Account data (email, WEEX UID, metadata) — Retained on Firebase servers for as long as your account remains active. Upon account deletion request, all server-side data is permanently deleted within 30 days.
• Session identifiers — Overwritten on each new login. Only the most recent session ID is stored.
• IP addresses (rate limiting) — Stored in server memory only. Automatically purged every 10 minutes. Never written to persistent storage.
• Authentication tokens — Expire automatically after 1 hour. Refresh tokens remain valid until the user logs out or the account is deleted.
• Local trading data — Retained in your browser until you manually delete it, uninstall the extension, or clear Chrome's storage data.

7. Data Sharing

We do not sell, rent, trade, or share your personal data with third parties for marketing, advertising, or any commercial purpose.

Your data is shared only with the following parties, strictly for the purposes described:

• Google LLC (Firebase) — Your email, password hash, WEEX UID, and account metadata are processed by Firebase Authentication and Firestore for account management. Google's privacy policy applies: policies.google.com/privacy
• WEEX Exchange — Your WEEX UID is sent to the WEEX Affiliate API (via our secure Cloud Function) to verify referral status and trading volume. Trade API calls are made directly from your browser to WEEX using your locally stored credentials. WEEX's privacy policy applies: weex.com/privacy
• Alternative.me — The Fear & Greed Index is fetched from this public API. No personal data is sent in these requests.

Beyond the above, data may only be disclosed in the following circumstances:

• When required by applicable law, regulation, or legal process
• To protect the rights, safety, or property of our users or the public
• To investigate or prevent fraud, security threats, or abuse of our services

8. Chrome Extension Permissions

PSL OmniTrade requests the following Chrome permissions, each necessary for core functionality:

• sidePanel — Required to display the trading interface as a Chrome side panel
• storage — Required to store your API credentials, trading settings, and session data locally in your browser
• Host permissions (WEEX APIs) — Required to make authenticated API calls to WEEX exchange endpoints for trading, market data, and referral verification
• Host permissions (Firebase) — Required for user authentication, session validation, and account data retrieval
• Host permissions (Alternative.me) — Required to fetch the Fear & Greed Index for the dashboard

We do not request permissions beyond what is necessary for the extension's stated functionality. We do not access your browsing history, tabs, bookmarks, or any data outside of the extension.

9. API Credentials Security

Your WEEX API Key and Secret Key are critical credentials. We take the following measures to protect them:

• API credentials are stored only in your browser's local storage (chrome.storage.local)
• They are never transmitted to our servers or any server other than WEEX's official API endpoints
• API calls to WEEX are made directly from your browser to WEEX servers
• All API requests are signed with HMAC-SHA256 cryptographic signatures
• We recommend using API keys with trade-only permissions (no withdrawal access) for maximum security
• You can delete your API credentials at any time from the extension settings

10. Chrome Web Store User Data Policy Compliance

Specifically:

• We only request permissions necessary for the extension's core functionality as a cryptocurrency trading terminal
• We do not use or transfer user data for purposes unrelated to the extension's single purpose of cryptocurrency trading on WEEX
• We do not use or transfer user data for serving advertisements
• We do not use or transfer user data for creditworthiness or lending purposes
• We do not sell user data to third parties or data brokers
• Human access to user data is limited to debugging and responding to user support requests, with user consent
• All data use is limited to providing and improving the PSL OmniTrade trading service

11. Automated Trading Disclosure

PSL OmniTrade includes the following automated trading feature:

• OmniBot — An automated trading bot that analyzes market conditions using technical indicators, opens and manages positions with an intelligent trailing stop loss system.

Important details about automated trading:

• All trades are executed directly between your browser and the WEEX exchange using your locally stored API credentials
• No trade data or trading activity is transmitted to or recorded on our servers
• You have full control to start, stop, and configure the bot at any time
• The bot operates only while the extension is open in your browser

12. Cookies and Tracking

PSL OmniTrade and pslomni.com do not use cookies for tracking or advertising purposes. We do not use any third-party analytics, tracking services, or advertising networks.

Firebase Authentication uses local storage (not cookies) to maintain your login session. This is strictly necessary for the authentication functionality and is not used for tracking or profiling.

13. Children's Privacy

PSL OmniTrade is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. Cryptocurrency trading involves significant financial risk and is not suitable for minors. If we become aware that we have collected data from a user under 18, we will take steps to delete that information promptly.

14. Risk Disclaimer

15. User Rights

You have the following rights regarding your data:

• Access — You can request a copy of the personal data we hold about you
• Correction — You can request correction of inaccurate data
• Deletion — You can request deletion of your account and all associated data from our servers. Deletion will be completed within 30 days of your request.
• Data Portability — You can request your data in a portable format
• Withdraw Consent — You can stop using the extension at any time and request deletion of your data
• Local Data — You can delete all locally stored data at any time by uninstalling the extension or clearing Chrome's storage for the extension

To exercise any of these rights, please contact us at: bilgi@kriptopusulasi.com

16. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of PSL OmniTrade after changes constitutes acceptance of the updated policy.

17. Turkce Ozet

Bu bolum, gizlilik politikamizin Turkce ozetidir. Yasal baglayicilik icin lutfen yukaridaki Ingilizce metni esas alin.

• Toplanan veriler: Email adresiniz, sifre hash'i ve WEEX UID'niz Firebase sunucularinda saklanir. API anahtarlariniz yalnizca kendi tarayicinizda saklanir ve asla sunucularimuza gonderilmez.
• Otomatik toplanan veriler: IP adresiniz yalnizca hiz sinirlamasi icin gecici olarak sunucu belleginde tutulur (en fazla 10 dakika), hicbir veritabanina kaydedilmez.
• Veri kullanimi: Verileriniz yalnizca hesap dogrulama, oturum yonetimi ve ticaret islemleri icin kullanilir. Reklam, profilleme veya pazarlama amacli kullanilmaz.
• Veri isleme: Tum veri aktarimlari HTTPS/TLS sifreleme ile korunur. WEEX API istekleri HMAC-SHA256 ile imzalanir.
• Veri saklama suresi: Hesap verileri hesabiniz aktif oldugu surece saklanir. Silme talep ederseniz 30 gun icinde kalici olarak silinir.
• Ucuncu taraf hizmetler: Firebase Authentication, Firebase Firestore, WEEX API'leri ve Alternative.me API kullanilmaktadir.
• Veri paylasimi: Verilerinizi hicbir ucuncu tarafa satmaz, kiralamaz veya ticari amacla paylasmayiz. Yalnizca Firebase ve WEEX ile hizmet icin zorunlu paylasim yapilir.
• Uzanti izinleri: Yalnizca yan panel, yerel depolama ve gerekli API baglantilari icin izin istenir. Tarama gecmisinize veya diger verilerinize erisim yapilmaz.
• API guvenligi: WEEX API anahtarlariniz yalnizca tarayicinizin yerel deposunda saklanir. Sunucularimuza asla iletilmez.
• Otomatik ticaret: OmniBot, API anahtarlarinizi kullanarak dogrudan tarayicinizdan WEEX borsasina islem emri gonderir.
• Cerezler: Takip veya reklam amacli cerez kullanilmamaktadir.
• Yas siniri: Hizmetimiz 18 yasindan kucuk bireyler icin uygun degildir.
• Risk uyarisi: Kripto para ticareti onemli finansal risk icerir. PSL OmniTrade finansal danismanlik hizmeti vermemektedir.
• Haklariniz: Verilerinize erisim, duzeltme ve silme talebinde bulunabilirsiniz.
• Iletisim: bilgi@kriptopusulasi.com

18. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

• Email: bilgi@kriptopusulasi.com
• Website: pslomni.com