Overview
MagicTradeBot integrates with a carefully selected set of third-party services to deliver core platform functionality — trading execution, payment processing, security infrastructure, and anonymised analytics. This policy describes every active integration, what data each service accesses, and what your responsibilities are as a self-hosting user.
Because MagicTradeBot is a self-hosted binary, the majority of third-party interactions happen directly between your server and the exchange — MagicTradeBot infrastructure never sits in that data path for trading operations.
config.yaml or environment variables. They are used exclusively by the MagicTradeBot binary running on your own infrastructure — never transmitted to MagicTradeBot servers.
Cryptocurrency exchanges
MagicTradeBot supports the following exchanges via their official REST APIs. All API calls are authenticated using HMAC-SHA256 signed requests over TLS — the industry standard for secure exchange communication.
| Exchange | Integration | Data accessed | Auth method | Terms |
|---|---|---|---|---|
| Binance | REST API | Order placement, position data, account balance, market data | HMAC-SHA256 | binance.com/terms |
| OKX | REST API | Order placement, position data, account balance, market data | HMAC-SHA256 | okx.com/terms |
| Bybit | REST API | Order placement, position data, account balance, market data | HMAC-SHA256 | bybit.com/terms |
| Bitget | REST API | Order placement, position data, account balance, market data | HMAC-SHA256 | bitget.com/terms |
| MEXC | REST API | Order placement, position data, account balance, market data | HMAC-SHA256 | mexc.com/terms |
| Hyperliquid | REST + WebSocket | Whale wallet tracking, order mirroring (Whale Tracker module) | HMAC-SHA256 | hyperliquid docs |
Your responsibilities for exchange integrations
-
Minimum permissions. Create API keys with only the permissions required for trading — never enable withdrawal permissions on bot API keys.
-
IP whitelisting. Restrict API keys to your server's IP address wherever the exchange supports it.
-
Rate limit compliance. MagicTradeBot is built to respect exchange rate limits, but you are responsible for ensuring your configuration doesn't breach the exchange's documented API limits.
-
Exchange terms compliance. Use of the bot to trade on any exchange is subject to that exchange's terms of service — MagicTradeBot does not indemnify violations of exchange rules.
-
Secure storage. Store API keys in environment variables or encrypted secrets management — never in plain text files committed to version control.
Payment processing
MagicTradeBot accepts cryptocurrency payments exclusively, processed via NowPayments. We do not accept credit cards, bank transfers, PayPal, or any fiat payment method.
| Processor | Method | Supported currencies | Data MagicTradeBot receives | Data NowPayments holds |
|---|---|---|---|---|
| NowPayments | Crypto gateway | BTC, ETH, USDT (ERC20/TRC20), USDC, LTC, and 100+ others | Transaction reference (TxHash), payment status, amount, currency | Wallet address, transaction data — subject to their privacy policy |
Email delivery
| Provider | Purpose | Data shared | Privacy policy |
|---|---|---|---|
| Resend | Transactional email delivery — account activation, password reset, license confirmation, support replies | Recipient name, email address, email content | resend.com/privacy |
Analytics & monitoring
| Service | Purpose | Data collected | Anonymised? | Opt-out |
|---|---|---|---|---|
| Google Analytics | Website traffic analysis and performance improvement | Anonymised IP, browser type, device, pages visited, session duration | Yes | GA opt-out add-on or Cookie Preferences |
| Cloudflare | DDoS protection, bot mitigation, CDN | IP address, threat score, request metadata | Partial | N/A — essential security service |
Security & data handling
| Integration category | Our commitment | Your responsibility |
|---|---|---|
| Exchange API keys | We never request, receive, or store your API keys | Store in env variables; restrict to trade permissions only; IP-whitelist where supported |
| Payment data | We receive transaction reference only — no wallet seeds or credentials | Use reputable wallets; verify payment addresses on your exchange before sending |
| Email delivery (Resend) | DPA in place; content not shared beyond delivery | Keep your account email current for security notices |
| Analytics (Google Analytics) | IP anonymisation enabled; data not used for advertising | Opt out via Cookie Preferences if desired |
| Security (Cloudflare) | Essential service — mitigates DDoS and bot abuse | No action required |
Third-party terms compliance
By using MagicTradeBot to connect to any third-party service you agree to comply with that service's own terms of service, API usage policies, and applicable laws. MagicTradeBot is not responsible for:
- Changes to third-party APIs, rate limits, or authentication requirements that affect bot operation
- Service outages, maintenance windows, or data accuracy issues on third-party platforms
- Your violation of an exchange's terms of service when using MagicTradeBot — including but not limited to prohibited trading strategies or market manipulation
- Privacy practices of third-party providers beyond our direct contractual arrangements
Policy updates
This policy is updated when integrations are added or removed, when third-party providers change their terms, or when our data handling practices change. When material changes are made:
- The "Last Updated" date at the top of this page is updated
- Registered users are notified via email for significant changes
- A notice is displayed on the platform dashboard for 30 days
Contact
For questions about third-party integrations, data sharing, or compliance matters:
By using third-party integrations you agree to comply with their respective terms of service in addition to MagicTradeBot's own policies.