Privacy
Last updated: 9 July 2026
What is collected
Only what the site needs to work: your username, your email address, a bcrypt hash of your password (never the password itself), your copy-trading settings, and — if you choose to connect Kraken — your API key and private key.
The site also records the IP address of sign-up, sign-in and resend attempts. This exists purely to rate-limit automated abuse and is deleted after 24 hours.
How Kraken keys are stored
Your Kraken credentials are encrypted at rest with authenticated encryption (Fernet: AES-CBC plus HMAC). The encryption key is held in a file readable only by the account that runs this service. Keys are decrypted in memory only at the moment an order is placed, and are never displayed back to you, logged, or transmitted off this server.
They are used for exactly one purpose: placing the orders you asked to have mirrored. They are never sold, shared, or given to any third party.
Third parties
There is no analytics, no advertising, no tracking pixel, and no third-party script on this site. Fonts are served from this server, not a CDN. Two external services are contacted: Kraken, to place and check your orders; and an email provider, to send you a confirmation link.
Cookies
One cookie, holding a signed session identifier so you stay logged in. It is HttpOnly, SameSite=Lax, and sent only over HTTPS. No cookie is used for tracking.
Deleting your data
Removing your Kraken keys on the account page erases them from the database immediately. To delete your whole account, reply to any email RideAlong has sent you and ask; it will be removed.