Privacy Policy

Effective date: February 26, 2026

Last updated: February 26, 2026

AccBot ("the App") is a self-custody cryptocurrency DCA (Dollar Cost Averaging) tool developed by Crynners. This privacy policy explains how the App handles your data.

Data Collection

AccBot does not collect, transmit, or store any personal data on external servers. All data remains exclusively on your device.

Data Stored Locally

The following data is stored locally on your device only:

  • Exchange API credentials (encrypted with AES-256-GCM via Android Keystore)
  • DCA plan configurations (crypto pair, amount, frequency, strategy)
  • Transaction history (purchase records from your DCA executions)
  • App preferences and settings
  • Withdrawal history (records of crypto withdrawals to your wallets)
  • Exchange balance snapshots (cached account balances for portfolio display)
  • Cached market price data (cryptocurrency prices fetched from third-party APIs)
  • Notification history (records of app notifications and alerts)

Network Communication

The App communicates with the following external services via HTTPS. All connections are encrypted in transit. No personal data is intentionally sent; however, your device's IP address is exposed to these services as part of normal network communication.

Cryptocurrency Exchanges: The App connects directly to exchanges you configure (e.g. Coinmate, Binance, Kraken, KuCoin, Bitfinex, Huobi, Coinbase) to execute trades, retrieve balances, and fetch order data. Only your API credentials and trade parameters are sent.

Market Data Providers: The App fetches cryptocurrency prices and market data from CoinGecko (coingecko.com), CryptoCompare (cryptocompare.com), and Alternative.me (alternative.me) for the Fear & Greed Index. No personal data or API credentials are sent to these services — only standard HTTPS requests for public market data.

Google ML Kit (on-device): The App uses Google ML Kit for barcode scanning and text recognition. ML Kit processes data on-device, but the SDK may send diagnostic data to Google, including device information, app info, per-installation identifiers, and performance metrics. This data is not used for advertising or user profiling. This data collection is managed by Google and is described in Google's Privacy Policy.

Data Security

AccBot employs multiple layers of security to protect your data:

  • Exchange API credentials are encrypted using AES-256-GCM with keys stored in the hardware-backed Android Keystore
  • Sensitive app preferences are stored using EncryptedSharedPreferences
  • All network communication uses HTTPS encryption in transit
  • All app data is stored in app-private storage, inaccessible to other applications
  • Optional biometric authentication (fingerprint or face recognition) adds an additional layer of access protection
  • Exported backups are encrypted with a user-chosen password using AES-256-GCM

Permissions

  • Internet: Required to communicate with exchange APIs for executing trades and fetching market data
  • Camera: Used exclusively for scanning QR codes containing API keys or wallet addresses. Camera data is not stored or transmitted.
  • Battery optimization exemption: Required for reliable background execution of scheduled DCA purchases
  • Exact alarms: Required for precise scheduling of DCA purchase executions
  • Foreground service: Required to monitor and execute DCA plans in the background
  • Notifications: Used to inform you about DCA execution results, errors, and plan status updates
  • Network state: Used to check internet connectivity before attempting trade executions
  • Boot completed: Allows the App to reschedule DCA plans after device restart
  • Wake lock: Ensures the device stays awake long enough to complete trade executions

Third-Party Services

AccBot does not integrate any third-party analytics, advertising, or tracking services. The App communicates with the following third-party services:

  • Cryptocurrency exchanges (Coinmate, Binance, Kraken, KuCoin, Bitfinex, Huobi, Coinbase) — only those you explicitly connect, for trade execution and balance retrieval
  • CoinGecko — for cryptocurrency price data and market information
  • CryptoCompare — for cryptocurrency price data and all-time high tracking
  • Alternative.me — for the Fear & Greed Index used in the Fear & Greed DCA strategy
  • Google ML Kit — on-device barcode scanning and text recognition. ML Kit may collect diagnostic data as described in Google's Privacy Policy. This data is not used for advertising or user profiling.

Data Deletion

AccBot does not require user registration or user accounts. All data can be deleted by using the "Delete All Data" option in Settings, or by uninstalling the App. Since no data is stored externally, uninstallation removes all traces of your data.

Children's Privacy

AccBot is not intended for use by children under 18. The App facilitates cryptocurrency trading which is subject to age restrictions in most jurisdictions.

Biometric Authentication

AccBot offers an optional biometric lock (fingerprint or face recognition) to protect access to the App. Biometric data is handled entirely by the Android operating system and is never accessed, stored, or transmitted by AccBot. The App only receives a success/failure result from the system biometric prompt.

Backup and Export

AccBot allows you to export encrypted backups of your data, including DCA plans, transaction history, and optionally your exchange API credentials. Backup files are encrypted with a password you choose using AES-256-GCM encryption. Backup files are saved to your device's local storage and are never uploaded to any server by the App. You are responsible for the security of exported backup files.

Data Retention

All data is stored locally on your device for as long as the App is installed. There are no server-side retention policies because no data is stored on external servers. You can delete specific data (individual DCA plans, transaction history) within the App, or use "Delete All Data" in Settings to erase everything. Uninstalling the App permanently removes all locally stored data.

Your Rights

Because AccBot stores all data locally on your device and does not collect personal data on any server, you have full control over your data at all times. You can view, export, or delete any data through the App's interface. If you are in the EU (GDPR) or California (CCPA), please note that AccBot does not process personal data on external servers, so typical data subject access requests do not apply. For any privacy concerns, please contact us.

International Data Transfer

When AccBot communicates with cryptocurrency exchanges and market data providers, your requests are sent to servers that may be located in various countries worldwide. These connections are encrypted via HTTPS. AccBot does not control the location of third-party servers. Please review the privacy policies of the exchanges and services you use.

Changes to This Policy

Any changes to this privacy policy will be published in the app's source code repository and reflected on this page.

Contact

For questions about this privacy policy or the App, you can reach us at crynners@gmail.com or open an issue on our GitHub repository.

Back to AccBot