Legal
Privacy Policy
Last updated: 27 May 2026. Closed-beta version.
1. What we collect
- Your email when you sign up (NextAuth magic-link or Google OAuth).
- Strategies you create — prompts, generated code, and backtest results — stored against your account.
- Broker API credentials if you connect one. Encrypted at rest with Fernet (AES-128 + HMAC). Decrypted only in-memory when launching a trade. Never returned through the API.
- Aggregated usage metrics (page views, feature use) to improve the product. Anonymised. We use Google Analytics 4 with IP anonymisation when enabled.
2. What we don't collect
- Your broker password. We only accept API keys / tokens, never passwords.
- Your trading P&L on the broker side. Once code is exported and you run it on your own broker, we don't see the outcome.
3. Who else sees your data
- DeepSeek (our AI provider) sees your prompts to generate code. Per their privacy policy, they don't train on API-tier traffic. We don't send your broker credentials or P&L to them — just the natural-language strategy description.
- Google (if you sign in via OAuth) sees the authentication request, nothing more.
- Resend (our magic-link mail provider) sees your email address to deliver sign-in links.
- Nobody else. We don't sell user data and we don't share strategies between users.
4. Where your data lives
Mumbai-region AWS / EC2 infrastructure. India residency by default.
5. Deletion
Email support@algoshastra.in from the address on your account to delete it. Your strategies, prompts, broker credentials, and email are erased within 7 days. Aggregated, anonymised metrics may persist.
6. Cookies
NextAuth session cookie (auth) + a Google Analytics cookie (if GA is enabled on the deployment). No third-party advertising cookies.
7. Contact
Questions: support@algoshastra.in.