mt5bot.io
enit
Get started

Last updated: 2026-04-19

Privacy Policy

This Privacy Policy explains how mt5bot.io processes your personal data under the EU General Data Protection Regulation (GDPR).

The data controller is an Italian company with VAT number IT10940231219. For any privacy-related request you can contact us at privacy@mt5bot.io.

01Data we process

  • account data: email address and argon2id password hash;
  • billing data: handled by our payment processors (Stripe, PayPal);
  • usage data: prompts you submit, generated code, action costs and timestamps;
  • technical logs: IP address, user agent, error traces;
  • session cookies strictly necessary for authentication.

02Legal basis

  • performance of the service contract (Art. 6(1)(b) GDPR) for account, billing and generated output;
  • legal obligation (Art. 6(1)(c) GDPR) for invoicing and tax retention;
  • legitimate interest (Art. 6(1)(f) GDPR) for abuse prevention, security logs, and anonymised service improvement.

03Data location

All personal data is stored within the European Union (database region: Frankfurt, Germany). Payment data is processed by Stripe and PayPal under their own EU-compliant terms.

04Sub-processors

The Company uses the following sub-processors under signed Data Processing Agreements:

  • Anthropic PBC — large-language-model processing;
  • Stripe Payments Europe — payment processing;
  • PayPal (Europe) — payment processing;
  • Vercel Inc. — application hosting;
  • Neon Inc. — managed Postgres database;
  • Resend — transactional email.

05Retention

  • account and session data: until account deletion;
  • invoices and fiscal records: 10 years, as required by Italian tax law;
  • technical logs: 90 days;
  • prompts and generated code: until account deletion (opt-out available for anonymised quality improvement).

06Your rights

Under the GDPR you have the right to:

  • access your personal data;
  • rectify inaccurate data;
  • erase your data, subject to legal retention obligations;
  • port your data to another provider;
  • restrict or object to processing;
  • lodge a complaint with a supervisory authority (in Italy: Garante per la Protezione dei Dati Personali).

07Account deletion

When you delete your account, personal data is removed within 30 days. Fiscal records (invoices) are pseudonymised and retained for the legally required period (10 years).

08Cookies

mt5bot.io uses only cookies strictly necessary for authentication and session management. Analytics and advertising cookies are not used in v1. See the Cookie Policy for details.

09Contact

Data Controller: Italian company with VAT number IT10940231219. Email: privacy@mt5bot.io.