Legal

Privacy Policy

Last updated: 5 June 2026

We collect the minimum information needed to run the platform. We never sell user data, ever. This policy explains exactly what we collect, why, and how to control it.

What we collect

  • Account data: username, hashed password, email (when supplied).
  • Session data: JWT-based authentication cookie required to keep you logged in.
  • Usage data: page paths visited, timestamps, broad device/browser type (for debugging and capacity planning).
  • Trade simulation data: paper trades and autotrade settings you configure.
  • Technical logs: server access logs (IP, user agent) retained up to 30 days for security and abuse prevention.

What we don't collect

  • We don't collect your broker credentials.
  • We don't collect your bank or payment information directly — any future paid tier will use a regulated payment processor.
  • We don't load third-party advertising trackers.
  • We don't profile you for ad targeting.

Why we collect it

  • To authenticate you and keep your sessions secure.
  • To deliver the platform features you use (saved settings, paper trades, autotrade config).
  • To investigate bugs, abuse, and security incidents.
  • To send transactional emails (account-related) when relevant.

Cookies

We use a single first-party HTTP-only session cookie to keep you logged in. No third-party advertising cookies. If we add privacy-friendly analytics in the future (e.g., Plausible), it will be cookie-less or this policy will be updated.

Data sharing

We share data only with:

  • Infrastructure providers (Vultr, Cloudflare) strictly to operate the service.
  • Market-data providers (AngelOne, Deribit, Binance) only as required for the data API integration — your personal data is never sent to them.
  • Law enforcement, when legally compelled by a valid order from a competent Indian court or authority.

We do not sell user data. We do not share user data with brokers, advertisers, or any third party for marketing.

Data security

All traffic is encrypted in transit (HTTPS via Cloudflare). Passwords are hashed using industry-standard algorithms. Database access is limited to a minimal team with audit logging. We maintain reasonable administrative, technical, and physical safeguards consistent with the sensitivity of the data.

Data retention

  • Account data: retained as long as your account is active. Deleted within 30 days of account closure.
  • Server logs: 30 days.
  • Paper trade and autotrade history: retained while your account is active.
  • Backups: removed within 90 days of primary deletion.

Your rights (DPDPA)

Under India's Digital Personal Data Protection Act, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or outdated data.
  • Request deletion of your data (subject to legal retention requirements).
  • Withdraw consent and close your account at any time.
  • Lodge a complaint with the Data Protection Board of India.

To exercise any of these rights, email us via the contact page. We will respond within 30 days.

Children

The platform is not intended for users under 18. We do not knowingly collect data from minors.

International users

Data is processed and stored on infrastructure located in India. If you access the platform from outside India, you consent to the processing of your data in India.

Changes to this policy

We may update this policy. Significant changes will be highlighted on the landing page or via email if applicable.

Privacy questions? Get in touch.