What is SignalFlow telegram signal copier and how does it work?

SignalFlow is a professional telegram signal copier that connects to your MT5 account and automatically copies trades from signal providers in real-time. Our signal automation eliminates manual copying and ensures you never miss a profitable trade opportunity.

Do I need programming knowledge to use this MT5 signal automation?

No programming knowledge required! Our telegram signal copier comes with an intuitive GUI interface. Simply install the software, connect your MT5 account, configure your preferred signal channels, and let the automation handle the rest.

Does this telegram signal copier work with all MT5 brokers?

Our professional signal automation works with most MT5 brokers. However, we recommend checking with our support team if you have specific broker requirements or encounter any compatibility issues.

Does this work with Gold/XAUUSD signals?

Yes! Our telegram signal copier is specifically optimized for Gold/XAUUSD trading signals. We have advanced algorithms tuned for precious metals volatility while supporting all major forex pairs.

Privacy Policy — SignalFlow

Name: SignalFlow
Price: 199 USD
Availability: InStock
Author: Wavve Labs

This policy explains what information Wavve Labs ("we", "us") collects when you use SignalFlow, why we collect it, who we share it with, and the choices you have. We wrote this in plain English on purpose. If anything is unclear, email us at wavve.labs@gmail.com.

SignalFlow has three parts: a website (signalflow.my, where you sign up, buy a license, and manage your account), a Windows desktop app that runs on your PC, and an Expert Advisor (EA) that runs inside your MetaTrader 5 terminal. They handle data differently. This policy covers all three.

1. Who we are

SignalFlow is a product of Wavve Labs, based in Malaysia. For privacy matters, contact us at wavve.labs@gmail.com. We are the data controller for information we collect through the website, the desktop app's authentication and licensing flow, and customer support.

2. What information we collect

2.1 When you create an account

Email address
Password (stored only as a bcrypt hash — we never see the plaintext)
If you enable two-factor authentication: an encrypted TOTP secret and backup codes
Account metadata: creation time, last login, whether email is verified

2.2 When you complete your profile (optional)

First and last name
Phone number and country code
Company name
Billing address (lines, city, state, postal code, country)
Timezone and preferred language
Telegram username
How you heard about us (referral source)
Notification preferences

2.3 When you buy a license

Payment is processed by Stripe. We never see or store your card number or CVV — Stripe handles that directly. We receive: transaction ID, amount, currency, Stripe customer and payment intent IDs, and the billing email you entered.
We issue you a sequential invoice number and record the purchase for tax and accounting purposes.

2.4 When you link an MT5 account

MT5 account number (the numeric login)
Broker name
IP address of the machine that activated the license
Validation timestamps

We do not collect your MT5 password, investor password, account balance, equity, open positions, trade history, or broker credentials. Those never leave your PC.

2.5 When you use the website

Session cookies (to keep you logged in) containing a hashed token
IP address and user-agent string on each active session
IP addresses in our audit log for security-sensitive admin actions
Standard server logs (via Vercel) — request paths, timestamps, status codes

2.6 When the EA validates your license

The Expert Advisor running in your MT5 terminal calls our /api/verify-license endpoint roughly every 24 hours to confirm your license is still active. The request includes your license key, MT5 account number, and broker name. We log the calling IP for fraud detection. We do not receive your trades, positions, balance, or broker password from this call.

2.7 When you use the AI signal parser (Windows app)

If the Windows app's built-in algorithmic parser can't understand a signal, it can optionally send the signal text to our /api/ai/parse-signal endpoint, which forwards it to an AI provider. The forwarded payload contains only the signal text (and optionally your custom keyword shortcuts). It does not contain your name, email, MT5 account, license key, broker, or any other identifier. We log aggregate counts (for usage metering) but not the signal text itself.

2.8 When you contact support

The contents of your messages and attachments
The email you use to reach us
Any context you share (logs, screenshots, account details)

2.9 What we do NOT collect

Your MT5 password or investor password
Your broker account balance, equity, or margin
Your open positions, orders, or trade history
Your Telegram password or session files (the desktop app stores these locally on your PC)
Card numbers, expiry dates, or CVV (Stripe handles those)
Browsing activity outside the signalflow.my domain

3. How we use your information

We use the information above only for the following purposes:

To provide the service — create your account, issue licenses, validate the EA, process purchases, deliver downloads.Legal basis (GDPR): performance of a contract with you.
To communicate with you — send receipts, license keys, renewal reminders, security alerts, and (if you opted in) product updates.Legal basis: contract performance and, for marketing emails, your consent.
To protect the service — rate-limit abuse, detect license sharing, investigate fraud, and respond to chargebacks.Legal basis: our legitimate interest in operating a safe product.
To comply with the law — keep invoice records for Malaysian tax purposes, respond to lawful requests.Legal basis: legal obligation.

We do not sell your data. We do not use it to train AI models. We do not share it with advertisers.

SignalFlow is a small operation. We rely on a short list of well-known third-party services ("sub-processors") to run the website and deliver the product. We only share the minimum each one needs.

Provider	Purpose	Data shared	Location
Stripe	Payment processing	Name, email, billing address, card data (you enter these directly into Stripe)	USA / Ireland
Resend	Transactional email delivery	Your email address, message content, bounce/complaint status	USA
Neon	Database hosting (Postgres)	Everything in Section 2 (at rest, encrypted)	USA (Singapore region available)
Vercel	Website hosting + server logs	IP addresses, request paths, session cookies	USA (global edge)
Upstash	Rate limiting	IP address and request counters (short retention)	USA
Google (Gemini)	AI chat and AI signal parsing (optional)	Your chat messages or signal text only — no identifiers	USA
DeepSeek	AI fallback provider (only if Gemini is unavailable or admin-enabled)	Your signal text only — no identifiers	China

If you do not want your signal text to be processed by DeepSeek, you can disable the AI parser in the Windows app settings — the algorithmic parser will continue to work for most signal formats without any network call.

We may also share information when legally required — for example, in response to a valid court order, or to protect the rights, property, or safety of Wavve Labs, our users, or the public.

5. Where your data goes (international transfers)

Wavve Labs is based in Malaysia, but most of our sub-processors operate servers in the United States, the European Union, or Singapore. By using SignalFlow you understand that your data may be processed outside your country of residence. For users in the EU/UK, we rely on our sub-processors' standard contractual clauses and equivalent safeguards. For users in Malaysia, we comply with the Personal Data Protection Act 2010 (PDPA).

6. How long we keep your data

Account data — kept while your account is active. If you request deletion, we remove it within 30 days, except as required below.
Purchase and invoice records — kept for 7 years to comply with Malaysian tax law. This includes your name, email, and transaction details on the invoice.
Session tokens — expire automatically and are purged.
Audit logs — kept for 12 months for security and fraud investigation.
Email logs — kept for 12 months to troubleshoot delivery issues.
Support tickets — kept for 24 months, or longer if they relate to an unresolved dispute.
Stripe records — retention follows Stripe's own policy (typically 7 years for financial records).

7. Your rights

Depending on where you live, you have some or all of the following rights:

Access — request a copy of the data we hold about you
Correction — fix anything that's wrong
Deletion — ask us to delete your account and data (subject to legal retention above)
Portability — receive your data in a portable format
Objection — object to processing based on legitimate interest
Withdrawal of consent — for anything we do based on consent (e.g. marketing emails)
Complaint — lodge a complaint with your local data protection authority (in Malaysia: the Personal Data Protection Commissioner)

To exercise any of these rights, email wavve.labs@gmail.com. We'll respond within 30 days. You can also delete your own account at any time from the customer portal.

8. Cookies and similar technologies

We use a small number of cookies, all of them first-party and essential:

Session cookie — keeps you logged in. Expires when you log out or after your session ends.
CSRF token cookie — protects against cross-site request forgery.
Theme and density preferences — stored locally in your browser to remember light/dark mode and layout density.

We do not use third-party advertising cookies, tracking pixels, or cross-site analytics. Server logs through Vercel include IP addresses and request paths but do not use tracking identifiers.

9. Security

Passwords are hashed with bcrypt. We cannot read them.
TOTP (2FA) secrets are encrypted at rest.
All traffic to signalflow.my is encrypted with TLS.
Our database runs in a private network and is backed up regularly.
Access to production data is limited to accounts that need it, protected by 2FA.
We follow the principle of collecting the minimum data necessary — which is why the EA and Windows app do their work locally on your PC rather than routing your trades through our servers.

No system is perfectly secure. If we ever suffer a data breach that affects you, we will notify you and the relevant authority as required by law — within 72 hours for EU users under GDPR.

10. How AI features work

SignalFlow includes two optional AI features: AI signal parsing (in the Windows app) and AI chat support (on the website). Both route messages to third-party AI providers listed in Section 4.

We do not train any AI model on your data.
We do not send account identifiers, MT5 numbers, or license keys to the AI provider.
The AI provider may retain the request for a limited period under their own policy. See Google's and DeepSeek's policies for details.
You can disable AI parsing in the Windows app at any time; the algorithmic parser continues to work.

11. Children

SignalFlow is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created an account, email us and we will delete it.

12. Changes to this policy

If we make material changes, we will email registered users at least 30 days before the change takes effect, and update the "Last updated" date at the top of this page. Minor changes (typos, clarifications) are made without notice.

13. Contact us

Privacy questions, access requests, complaints, or anything else — email wavve.labs@gmail.com. We read everything.