Privacy Policy

1. Data We Collect

We collect only what is necessary to operate the platform:

• Account data: email address, hashed password (argon2/bcrypt — never stored in plaintext), optional display name.
• Wallet addresses: on-chain addresses associated with your LP positions. We do not collect, store, or request private keys or seed phrases under any circumstance.
• Exchange API keys: encrypted at rest using AES-256-GCM. We store ciphertext only — the raw key is never persisted in plaintext and is never shown back in the UI after initial submission.
• Trading data: positions, orders, executions, strategy configurations, and performance metrics generated by your bots.
• Telemetry: runtime errors, RPC latency, bot performance metrics, and usage patterns — anonymized where possible.
• Web analytics: page views, traffic source/medium, and country at aggregate level. No individual cross-site tracking. No fingerprinting.
• Telegram: if you enable Telegram alerts, we collect your Telegram chat ID and notification preferences. This is optional.

2. How We Use Your Data

Your data is used to:

• Authenticate your account and provide platform access.
• Execute and monitor automated strategies on your behalf.
• Display your trading history, positions, and performance.
• Send service alerts and notifications (including Telegram if enabled).
• Diagnose issues and improve the platform via aggregated telemetry.
• Meet applicable legal and regulatory obligations.

3. What We Do Not Do

• No data sales: we do not sell, rent, or trade your personal data to any third party.
• No advertising: we do not share your data with advertisers or ad networks.
• No third-party AI training: your trading data, API keys, strategy configurations, and account information are never used to train machine learning models — by Aegis or any third party.

4. Third Parties with Data Access

We limit third-party access to what is operationally necessary:

• Cloudflare: CDN and DDoS protection. Cloudflare sees traffic patterns and IP addresses in transit.
• Vercel: dashboard hosting. Vercel sees dashboard traffic and serves the application.
• Email provider (transactional only): sends account and system notifications. No marketing without explicit consent.
• PostgreSQL hosting provider: encrypted database at rest. The hosting provider has physical access to encrypted storage.
• Telegram: if you enable alerts, your chat ID is transmitted to Telegram’s API to deliver notifications.

We do not grant third parties access beyond what is listed here.

5. Data Retention

6. Your Rights (GDPR and CCPA)

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of your personal data.
• Rectification: request correction of inaccurate data.
• Deletion: request deletion of your account and associated data, subject to mandatory retention obligations. Account deletion triggers closure of all open positions managed by Aegis and revocation of all exchange API keys from our systems.
• Portability: export your trading history as a CSV file from the platform settings.
• Opt-out of sale: we do not sell data; this right is satisfied by default.

To exercise these rights, contact privacy@aegisbots.com or use the account settings in the dashboard.

7. Security

• Exchange API keys: AES-256-GCM encryption at rest; encryption key managed separately from encrypted data.
• Passwords: argon2 or bcrypt hashing — never stored in plaintext.
• Data in transit: TLS 1.3 on all connections.
• Backups: encrypted at rest with a separate key.
• Access controls: platform access restricted to authorized personnel via role-based permissions.
• We recommend enabling 2FA on your Aegis account.

8. Cookies

• Landing site: only necessary cookies (language preference). No third-party tracking cookies.
• Dashboard: session cookie for authentication. No third-party tracking cookies.
• We do not use advertising cookies, cross-site tracking pixels, or browser fingerprinting.

9. Contact

For privacy inquiries: privacy@aegisbots.com