Signup

Last updated: June 2, 2026

Privacy Policy

How PnL Mesh collects, uses, stores, and protects account and service data.

Controller and scope

This Privacy Policy explains how the PnL Mesh operator processes personal data and service data when you use PnL Mesh. The service is operated under the jurisdiction of Ukraine.

Contact support@pnlmesh.com for privacy requests, data access requests, correction requests, deletion requests, or security concerns.

GDPR and EU/EEA users

PnL Mesh may offer goods or services to users in the EU or EEA. Where the GDPR applies, this Privacy Policy provides GDPR transparency information in addition to the general privacy information for all users.

PnL Mesh has not appointed a separate EU representative or data protection officer unless required by applicable law. Privacy requests should be sent to support@pnlmesh.com.

This page is a draft compliance template and must be reviewed against the final production data map, providers, and EU legal advice before launch.

Data we process

PnL Mesh processes data needed to operate accounts, authentication, bot management, deposits, payments, admin workflows, and notifications.

  • Account data: email address, password hash, role, status, referral code, referral relationship, and account timestamps.
  • Telegram data: Telegram chat id, connection status, and notification preferences where supported.
  • Bot data: bot name, bot token, status, owner id, total PNL values, and timestamps.
  • Payment and balance data: account ids, transaction ids, amounts, idempotency keys, provider names, invoice URLs, sanitized provider callback metadata, and timestamps.
  • Technical data: session cookies, refresh cookies, access tokens in browser state, theme preference, request metadata, device/browser data, and security events.

Lawful bases

Where GDPR applies, PnL Mesh processes personal data only when a lawful basis applies. The main lawful bases are contract performance, legal obligation, legitimate interests, and consent where consent is required.

  • Contract: account creation, authentication, bot management, paid access, payment reconciliation, support, and service delivery.
  • Legal obligation: accounting, tax, sanctions screening where applicable, fraud prevention, regulatory requests, and dispute records.
  • Legitimate interests: service security, abuse prevention, platform integrity, debugging, aggregate operational analytics, and customer support, balanced against user rights.
  • Consent: optional analytics, marketing communications, non-essential cookies, or other optional processing if enabled later.

How we use data

We use data to authenticate users, protect accounts, provide app functionality, create and reconcile payments, maintain balances, send Telegram or email notifications, support admin operations, investigate abuse, and comply with legal obligations.

We do not need withdrawal-enabled exchange credentials to provide the current service. Users should keep exchange API permissions restricted to the minimum required for their chosen workflow.

Retention schedule

Retention periods depend on service operation, security, accounting, tax, dispute handling, fraud prevention, legal compliance, and backup cycles. We keep data only while it is needed for these purposes or while an account, integration, transaction, dispute, investigation, or legal obligation remains active.

  • Account and authentication data: retained while the account is active and then for a limited period needed for security, audit, and legal reasons.
  • Telegram and bot data: retained while integrations are active and then for support, dispute, and operational records.
  • Payment and balance data: retained for accounting, tax, chargeback, anti-fraud, and reconciliation obligations.
  • Technical and security data: retained for short operational periods unless needed for investigation, fraud prevention, legal claims, or platform integrity.

Processors, subprocessors, and international transfers

We may share limited data with infrastructure, database, email, Telegram, analytics if later enabled, payment, security, and support providers only as needed to operate PnL Mesh.

Because the PnL Mesh operator operates from Ukraine, EU and EEA personal data may be processed outside the EEA. Where GDPR transfer rules apply, transfers should rely on adequacy decisions, standard contractual clauses, transfer risk assessments, supplementary safeguards, or another lawful mechanism required for the specific provider and processing context.

Third-party providers have their own terms and privacy practices. PnL Mesh does not control exchange, wallet, blockchain, Telegram, or payment provider systems.

Children and special categories

PnL Mesh is not intended for children and does not knowingly collect personal data from children. Users must be legally able to use the service and at least the age of majority in their jurisdiction.

PnL Mesh does not request special category data such as health, biometric, religious, political, or trade union data. Users should not submit special category data through support, bot names, messages, or account fields.

Automated decision-making

PnL Mesh does not currently make solely automated decisions that produce legal effects or similarly significant effects for users. Bots and dashboards may automate trading operations configured by users, but users remain responsible for enabling, configuring, monitoring, and stopping automation.

If PnL Mesh later introduces automated decisions with legal or similarly significant effects, this policy must be updated before launch and users must receive required GDPR information and review options.

Retention and security

We retain data only for as long as needed for service operation, security, accounting, dispute handling, legal compliance, and backup retention under applicable law in Ukraine.

We use technical and organizational measures intended to protect data, but no internet service, exchange integration, blockchain system, or Telegram integration can be guaranteed fully secure.

Data subject rights

Where GDPR applies, users may have rights to access, rectification, erasure, restriction, portability, objection, withdrawal of consent, complaint to a supervisory authority, and human review for solely automated decisions where applicable.

EU and EEA users may complain to their local data protection authority where applicable. We encourage users to contact support@pnlmesh.com first so we can investigate quickly.

Request handling

Send GDPR rights requests to support@pnlmesh.com from your account email where possible. Include your account email, request type, relevant data category, and enough context to locate the data.

PnL Mesh may ask for additional information if there are reasonable doubts about identity or account ownership. Do not send passports, government IDs, private keys, seed phrases, or exchange withdrawal credentials unless specifically requested through a secure process.

PnL Mesh aims to respond without undue delay and within 1 month after receiving a valid request. Complex or multiple requests may be extended by up to 2 additional months where allowed by law, with notice within the first month.

If PnL Mesh rejects a request, the response will explain the reason where required and identify available complaint or appeal options.

Breach notifications and complaints

If a personal data breach creates a risk to user rights and freedoms, PnL Mesh will assess notification obligations and notify the competent supervisory authority within the legally required period where applicable.

Questions, privacy complaints, and breach concerns should be sent to support@pnlmesh.com. EU and EEA users may also contact their local data protection authority where applicable.

Your choices

You may request access, correction, export, deletion, restriction, portability, objection, withdrawal of consent, or human review where applicable by contacting support@pnlmesh.com. Some data may need to be retained where required for security, accounting, legal, fraud prevention, or dispute reasons.