Privacy Policy

Placeholder. Working draft pending legal review. GDPR / CCPA-compliant version will be published before public launch.

1. What we collect

• Account data: email, hashed password, 2FA secret.
• Onboarding profile: trading experience, risk tolerance, goals (used to personalize strategy recommendations).
• API keys: exchange API keys you provide, stored under envelope encryption with KMS.
• Trade activity: orders, fills, P&L for accounting and reporting.
• Analytics: anonymized product usage to improve the platform.

2. How we use it

• To execute the strategies you configure.
• To personalize the AI assistant and strategy recommendations.
• To send transactional emails (login alerts, billing, security).
• To detect abuse, fraud and unauthorized access.

3. What we never do

• Sell your data to third parties.
• Use your trading data to trade against you.
• Share your data with marketers.

4. Storage and retention

Account data is retained while your account is active. Trade history is retained for 7 years for tax/audit reasons. After deletion, encrypted backups expire within 90 days.

5. Your rights

Under GDPR, CCPA and similar laws, you have rights to access, rectify, delete and port your data. Submit requests to privacy@42project.app.

6. Cookies

We use a session cookie for login state. No third-party trackers, no advertising cookies. Optional analytics cookie can be disabled in your settings.

7. Sub-processors

We use a small set of vetted sub-processors (cloud hosting, email delivery, payment processing). The list is available on request and updated when new processors are added.

8. Contact

Privacy inquiries: privacy@42project.app.