BT GatewayLive setupDemo setupDocsConsole →

Privacy policy

Last updated: 2026-05-28

BT Gateway is a personal-scale service operated by Bogdan Ripa. This page explains what data the service collects, where it lives, and how long it stays.

What we store

  • Account identity. Your Google email and a Google-issued user ID, captured when you sign in via Google. Used only to scope your data and verify your identity on subsequent requests.
  • BT Trade credentials. Your BT username and password are encrypted with Google Cloud KMS before being stored. They are never logged, never returned over the API, and used only to sign in to BT Trade on your behalf.
  • Session data. The tokens BT issues after a successful sign-in are stored encrypted alongside your credentials, so the connection can be kept alive without re-prompting for a one-time code on every page load.
  • API keys. Only one-way hashes (SHA-256) of your generated API keys are stored. The raw key is shown once at creation and is not recoverable.
  • Audit log. Actions that change something (sign-ins, orders placed or cancelled, credential and key changes) are recorded with timestamps and who triggered them, scoped to your account.
  • Telegram integration (optional). If you set up your own Telegram bot for alerts, its token is encrypted; the chat ID and webhook path are stored as plain values (they're not sensitive on their own).

What we do not store

  • SMS messages, emails, or one-time codes — they pass through the forwarder and are consumed once.
  • Market data beyond what your own scripts choose to save through the snapshots endpoint.
  • Anything from other users. Your data is isolated from theirs and we never see across accounts.

Where the data lives

BT Gateway runs on Google Cloud (region europe-west3, in Frankfurt) and stores all persistent data in the same region. Secrets are managed by Google Cloud KMS. Diagnostic logs are kept for 30 days by default.

Who can see your data

Only you, after signing in with Google or with one of your API keys. Operator access is limited to Bogdan Ripa for debugging in response to support requests. No data is sold or shared with third parties. BT Gateway does, of course, forward requests to bt-trade.ro — that traffic is governed by Banca Transilvania's own terms.

Deleting your data

You can wipe your stored credentials and revoke all API keys from the dashboard. For a complete account deletion (everything we hold about you), email the operator — it will be done manually within 7 days.

Questions? See Terms or open an issue on GitHub.