This Privacy Policy was updated on April 13, 2021.


3Commas Technologies OÜ provides software as a service, which allows you to utilize several functionalities for managing their cryptocurrency holding across different accounts, including SmartTrade Terminal and automated Trading Bots. This Privacy Policy explains the principles on how 3Commas Technologies OÜ, registry code 14125515, address Laeva tn 2, Kesklinna linnaosa, Tallinn, Harju maakond, 10111, e-mail [email protected] (“3Commas”, „our“, “we” or “us”) as the personal data controller collects and processes your (“you”) personal data when you visit the website https://3commas.io/ (“Website”) and in relation to the provision of the Software. In case you act as the Signals Provider, please see our privacy notice for signals providers.

Capitalised terms used in this Privacy Policy are used in the meaning given to them in the Terms of Use unless otherwise expressly set out herein.


We have set out in the table below the categories of personal data we collect and use about you:

Category of personal data
Data collected

When you visit our Website or contact with us

Technical Data

Upon visiting our Website, we process technical data related to your usage of the Website, including but not limited to IP address, location data (down to city level), access-provider, referring URL, date, time, access tokens, session key, browser type and version, browser language, operating system, amount and state of transferred data. This information can be related to you, therefore, Personal Identification Information can be processed as well. These data may also be processed as anonymized statistical data.

Cookie Data

We apply cookies on the Website, for optimising the Website and its functionalities. The cookies may collect your personal data. To learn more about the cookies we use, please read our Cookie Policy

Communication Data

In case you interact with us via our Website live chat, e-mails and sign-up forms, 3Commas Facebook page, Youtube channel, Twitter page or Telegram or any other official social media account, we process, in addition to Personal Identification Information (limited in case of contacting via social media), also the contents of your message.

When you use the Software

Personal Identification Information

Name, e-mail address, 2FA key, IP address, KYC token, language, Google Analytics client ID, Gravatar image, if you choose to sign up via Facebook, we collect your Facebook UID, Facebook profile name, Facebook e-mail

Financial and Transaction Data

Exchange Account username, API key, API secret, passphrase, transaction data (date/time/amount of transaction), transaction request/response, Referral status, billing information (country, phone number, address, city, postal code; in case of an entity: business name, registry code and VAT ID)

The personal data we process is collected from one of the following sources:

  • the data is disclosed by you directly to us;
  • we receive the data from your Exchange Account provider due to you connecting your Exchange Accounts to the Client Account;
  • we receive the data from social media service provider due to you registering or contacting with us via your existing social media account;
  • we receive the data from the payment service provider due to you concluding the Purchase Agreement and paying for the Subscription;
  • we receive Technical Data automatically from your browser, our servers and systems;

3. What we use your personal data for

We have set out in the table below the reasons why we process your personal data:

Purpose for processing
Category of personal data processed
Legal basis

Client authentication

Personal Identification Information

Performance of the Terms of Use

Client identity verification (KYC) for recovery

Personal Identification Information

Performance of the Terms of Use

Client’s transaction history

Financial and Transaction data

Performance of the Terms of Use

Responding to your enquiries and requests submitted via the website, sign-up forms, live chat or e-mail or any social media platforms

Communication Data, however, depending on the nature of your enquiry we can process all the data indicated in Section 2 above

In case your question clearly relates to matters connected to the Terms of Use, Client Agreement or Purchase Agreement we process the data for the performance of the Contract. In other cases, we rely on our legitimate interests in ensuring effective relations management with all the interested parties in our Software and services

Client invoicing for the Purchase Agreement or for mediating your payments to Signals Providers (no personal data are shared with Signals Providers)

Personal Identification Information, Financial and Transaction Data

Performance of the Purchase Agreement or our legitimate interest in performing the Signaller Agreement concluded with the Signals Provider

Transfer of funds from a payment service provider to your Client Account and making out payments upon your withdrawal request via payment service provider

Financial and Transaction Data, Personal Identification Information

Performance of the Terms of Use

Determining your location for designating applicable VAT rate

Personal Identification Information

Performance of the Purchase Agreement

Handling the refunds related to Purchase Agreement

Personal Identification Information, Financial and Transaction Data, Communication Data

Performance of the Purchase Agreement or in certain situations performance of our legal obligation

Enabling your use of the Trial

Personal Identification Information

Performance of the Trial Terms

Enabling the Software and its functionalities

Personal Identification Information, Financial and Transaction Data

Performance of the Terms of Use and if relevant performance of the Purchase Agreement

Sending newsletters to your e-mail

Personal Identification Information


Providing you with notifications via your chosen channel (for example, mobile app, e-mail, Website, Telegram Bot)

Personal Identification Information

Consent given for the specific notification channel

Direct marketing campaigns - Client marketing campaigns in relation to the Software, its functionalities and products already provided to you

Personal Identification Information, Financial and Transaction Data (mainly the transaction activity)

Our legitimate interest in providing you with information relating to the services and products you have previously sourced from us

Processing data for predictive analytics and insights, improvement and development of the Software

All of the data categories indicated in Section 2 above

Our legitimate interest in improving and developing the Website and the Software within the course of our business activities or performance of the Terms of Use

Diagnosing and repairing technical issues related to the Software and the Website

Technical Data

Our legitimate interest in providing data security and preventing fraudulent actions related to the Software and the Website; ensuring the functioning of the Software and the Website

Storing information containing personal data in backup systems

All of the data categories indicated in Section 2 above

Our legitimate interest in ensuring the security of data processing operations

Data disclosures to potential acquirers of 3Commas business, including legal advisors, auditing service providers in case of a merger, acquisition or selling the whole or part of our business

All of the data categories indicated in Section 2 above

Our legitimate interest in ensuring proper due diligence process and business continuity

Data disclosures to our service providers

All of the data categories indicated in Section 2 above

Our legitimate interest in utilising the information technology infrastructure and services provided by our co-operation partners

Mandatory disclosures to law enforcement and data protection authorities

All of the data categories indicated in Section 2 above

Performance of our legal obligation

We may process your personal data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the personal data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.


Any data you provide will not be publicly displayed or shared to other Website visitors or clients. Certain employees of 3Commas have access to personal data to the extent necessary for the performance of their work duties.

We use third party processors and separate data controllers to help provide our service. They will have access to your personal data as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

We have set out in the table below the reasons why and with whom we share your personal data:

In addition to the information provided in the table above, in some cases, we may transfer your personal data outside the European Union or European Economic Area, if the recipient is located outside the European Union or European Economic Area. We shall opt to use special personal data protection safeguards, in order to ensure the safety of your personal data. For obtaining further information on the processors and recipients engaged by us or if you wish to get acquainted with or obtain information on the transferring of your personal data outside the European Union or European Economic Area and the safeguards implied thereof by contacting us using the contact information specified in this Privacy Policy.


We have taken necessary technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against the unauthorized disclosure, abuse or other processing in violation of applicable law.


Your personal data (all data categories mentioned in Section 2) shall be stored insofar as reasonably necessary to attain the objectives stated in Section 3 above, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the personal data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.

In case you are Client, as a general rule we will retain all your data for 7 days after the termination of the Client Agreement in a manner that would allow you to re-activate the Client Account. Otherwise, please see the following non-exhaustive summary on storing your personal data:

  • For accounting purposes, we retain Financial Data and Transaction Data and Personal Identification Information connected to it for a period of 7 years from the end of the financial year when the respective business transaction took place;
  • Data connected to the Client Agreement or the Purchase Agreement, which is first and foremost Personal Identification Information, is retained for the whole period when the respective agreement is in force and at least 3 years from the moment of termination of the respective agreement under our legitimate interests to protection ourselves against potential disputes or enforce claims. In case we have a reasonable doubt that a party has acted in bad faith, has breached any obligations intentionally or has threatened us with a dispute, we may prolong such retention period for a maximum of 10 years.
  • Technical Data will be retained for 30 days as of the collection of such data;
  • Communication Data, unless clearly connected to the Client Agreement or the Purchase Agreement, will be retained for a period of 3 years from the moment the respective communication-flow has been closed.

In case any of the data stipulated in Section 2 above is needed for purposes of protection against ongoing or threatened disputes, we shall retain the related data as long as the dispute is solved.

After the expiry of the retention period determined above or the termination of the legal basis for processing purpose, we may retain the materials containing the personal data in the backup systems, from which the respective materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond use.


Under data protection law, you have rights including:

  1. Right to be informed and to access. You may get information regarding your personal data processed by us.
  2. Right to data portability. You have the right to receive your personal data from us in a structured, commonly used and machine-readable format. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible.
  3. Right to erasure. You the right to have personal data we process about you erased from our systems if the personal data are no longer necessary for the related purposes.
  4. Right to object and restrict. You have the right to object to the processing of your personal data and restrict it in certain cases.
  5. Right to rectification. You have the right to make corrections to your personal data.
  6. Right to withdraw consent. When you have given us consent to process your personal data, you may withdraw said consent at any time.
  7. Right to contact the supervisory authority. If you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at [email protected] (https://www.aki.ee/).

To exercise any of the abovementioned rights, please contact our customer support team via e-mail indicated in Section 8 below.


Newsletter, notifications and direct marketing campaigns

With your explicit consent, you may be subject to direct marketing campaigns, we may send you our newsletter or provide you with notifications. You may opt out of the direct marketing campaigns, newsletters and notifications on your account settings. We may also provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.

Please note that email marketing messages include an opt-out mechanism within the message itself (e.g. an unsubscribe link in the emails we send to you). Clicking on the link in an email will opt you out of further messages of that category. You can use the Account Settings page to exercise choices about all categories of email and push marketing communication.

Dispute resolution

If you have questions, please feel free to contact us at [email protected] Disputes relating to the processing of personal data are settled through our customer support. We may amend or modify this Privacy Policy from time to time to reflect changes in the way we process personal data. In case of material changes, we will notify you, as required under applicable laws.

Age limitations

We do not knowingly collect any information from individuals under 18 years of age. If we discover a user of being younger than 18 years old we will require the user to close their account and we will take steps to delete any collected information as soon as possible.


This section describes how we collect, use and share Personal Information of California residents in our capacity as a "business" under the California Consumer Privacy Act of 2018 ("CCPA"), and their rights under the CCPA.

This section applies only if you are a California resident. For purposes of this section, "Personal Information" has the meaning given in the California Consumer Privacy Act ("CCPA").

This section does not apply to:

  • information exempted from the scope of the CCPA;
  • information collected in a business-to-business context, namely, where the information reflects our communications or transactions with you in the context of performing due diligence on, providing services to, or receiving services from, a company, partnership, sole proprietorship, non-profit or government agency where you are an employee, controlling owner, director, officer or contractor of that organization;
  • activities governed by a different privacy notice, such as notices we give to California personnel or job candidates; or

Personal Information we collect, use, and share on behalf of our customers as a "service provider" under the CCPA. You have the following rights:

- Right to Know – Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:

• The categories of Personal Information we have collected.

• The categories of sources from which we collected the Personal Information.

• The business or commercial purpose for collecting and/or selling Personal Information.

• The categories of third parties with whom we share the Personal Information.

• The categories of Personal Information that we sold or disclosed for a business purpose.

• The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.

- Right to Know – Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.

- Right to Deletion. You can ask us to delete the Personal Information that we have collected from you.

- Right to Opt-Out. You have the right to opt-out of any "sale" of your Personal Information as defined in the CCPA.

- Right to Nondiscrimination. You are entitled to exercise the rights described above free from discrimination prohibited by the CCPA.

How to exercise your rights

We will need to verify your identity to process your information, access, and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require you to log into an 3Commas online account (if applicable), provide government identification, give a declaration as to your identity under penalty of perjury, and/or provide additional information. These rights are not absolute, and in some instances, we may decline your request as permitted by law.

Your authorized agent may make a request on your behalf upon our verification of the agent's identity and our receipt of a copy of the valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity and provide us with written confirmation that you have given the authorized agent permission to submit the request.

Personal information that we collect, use and disclose

The categories of Personal Information we collect are described below by reference to the statutory categories of Personal Information specified in the CCPA (California Civil Code section 1798.140):

  • Identifiers (excluding online identifiers), such as first and last names, email addresses, phone numbers,2FA key, social media account information (such as Facebook UID, Facebook profile name, Facebook email), in case on an entity: business name, business registry code and VAT ID.
  • Commercial information, such as records of your transactions with us; content of messages; and services considered.
  • Financial information, such as billing and mailing address, exchange account username, API key, API secret, passphrase, transaction data (date/time/amount of transaction), transaction request/response, referral status, billing information (country, phone number, address, city, postal code; and other payment-related information.
  • Online identifiers, such as operating system type and version number, manufacturer and model; browser type; screen resolution; IP address; unique device identifiers; and 3Commas user ID.
  • Geographical data, such as city of your location identified by your IP address.
  • Internet or network information, such as what 3Commas web pages you’ve seen and how long you spent on them; your access-provider; referring URL; navigation paths between pages; session date and time; access tokens; session key; amount and state of transferred data; and other information about your interaction with our sites and services, including the information described in our Cookie Policy.
  • Professional or employment information, such as your organizational affiliation.
  • California Customer Records (listed in California Civil Code section 1798.80), such as the Professional or employment information, Financial information, Commercial information and Identifiers listed above.
  • Inferences drawn from any of the above information to create a profile reflecting your preferences, characteristics, and behavior.

The sources from which we collect these categories of Personal Information are described in Section 2 of this Privacy Policy. The business/commercial purposes for which we use these categories of Personal Information are described in Section 3. The categories of third parties with which we share these categories of Personal Information, are described in Section 4 above.

We do not sell your personal information in the conventional sense. However, like many companies, we use advertising services that try to tailor online ads to your interests based on information collected via cookies and similar technologies about your activity on ours and other online services. This is called interest-based advertising. The CCPA’s statutory definition of the term "sale" is broad and may include use of interest-based advertising services. You can get more information and opt-out of the use of cookies on our sites for interest-based advertising purposes by turning advertising cookies off in our Cookie Management Banner. You will need to set that preference from each device and each web browser from which you wish to opt-out. Some of these features use cookies to apply your preferences, so if you clear all cookies from your browser, you will need to re-set your settings.

The above summary of how we collect, use and share Personal Information describes our practices currently and for the 12 months preceding the effective date of this Privacy Policy.

Previous version before 13 April 2021