← Back
Privacy Policy
Last Updated: 04/06/2026
This Privacy Policy describes how Harvest Automations LLC ("Harvest", "we", "us") collects, uses, and protects information when you use the trading signal automation services ("the Service") in connection with The Pad.
Important — Self-Hosted Architecture. The bot software runs on a server you own in your own DigitalOcean account. Your Tastytrade credentials, account balances, trade history, and positions live on your server only. We never see, transmit, or store your Tastytrade login or financial data.
1. Information We Collect
1.1 Information you provide
- Email address — used to send you your setup link and important notifications.
- Discord User ID — used to grant access to signal channels and tier permissions.
- Terms of Service acknowledgment — recorded with timestamp, IP address, and user-agent for compliance purposes.
1.2 Information from DigitalOcean
When you sign in with DigitalOcean, we receive (via DigitalOcean's OAuth flow):
- Your DigitalOcean account email
- A short-lived OAuth access token used to create exactly one droplet (server) in your account
- Confirmation that you have a valid payment method on file
The OAuth token is held only for the duration of your deploy session and is not persisted long-term.
1.3 Information collected automatically
- IP address — collected at the time of Terms acknowledgment and during web sessions.
- Browser user-agent — collected at acknowledgment.
- Session cookies — used to keep you signed in during the deploy flow.
2. Information We Do Not Collect
- Tastytrade username, password, or remember-token. These are entered directly on your own server and never transmitted to us.
- Your trade history, positions, or account balances. These remain in your Tastytrade account.
- SSH credentials for your DigitalOcean droplet.
- Profit and loss data from your trading activity.
3. How We Use Information
- To provision and deliver the Service (creating your DigitalOcean droplet, installing the bot software)
- To send you your setup link and operational notifications
- To gate access to Discord signal channels by tier
- To maintain records of Terms of Service acceptance for legal/compliance purposes
- To improve and secure the Service (anonymous error logs, basic analytics)
4. Third-Party Services
The Service depends on the following third parties, each governed by their own privacy policies:
- DigitalOcean — hosts your bot's server. You contract with DigitalOcean directly for hosting.
- Tastytrade — your brokerage. You contract with Tastytrade directly.
- Discord — used to deliver trading signals to your bot.
We do not control these third parties and are not responsible for their data handling practices.
5. Cookies & Sessions
We use a session cookie on deploy.tradingbot.host to keep you signed in during the deploy flow. The cookie is set with Secure and HttpOnly flags. We do not use third-party tracking cookies or advertising trackers.
6. Data Retention
- Email and Discord ID: retained while your subscription is active and for up to 12 months after cancellation
- Terms acknowledgment records: retained indefinitely for legal evidence
- OAuth tokens: retained only for the duration of the deploy session
- Session cookies: 24 hours
- Server-side error logs: 30 days
7. Data Security
We use HTTPS for all web traffic, store session cookies with the Secure flag, and limit access to operational data to authorized personnel. However, no system is perfectly secure, and you are responsible for protecting your own server, credentials, and account.
8. Your Choices & Rights
- You may delete your droplet at any time via your DigitalOcean dashboard
- You may request deletion of your email/Discord ID from our records by emailing the address in section 11
- You may revoke our DigitalOcean OAuth grant at any time from your DigitalOcean account settings
9. Children's Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect information from children. If you believe a child has provided us information, please contact us and we will delete it.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated by updating the "Last Updated" date above. Continued use of the Service after changes constitutes acceptance of the updated policy.
11. Contact
Questions or requests regarding your data may be sent to the contact email on file with The Pad.