Introduction
Algonaut ("we", "us", "our") operates the Algonaut platform at algonaut.io. This policy explains what data we collect, how we use it, and your rights as a user of the service.
Data We Collect
- Account data: your email address and name when you register
- API credentials: exchange API keys and secrets you connect — stored AES-256-GCM encrypted; the plaintext never leaves our server
- Trading data: bot logs, trade history, strategy settings and backtest results you create
- Usage data: pages visited and feature usage for improving the service — no third-party analytics
How We Use Your Data
- To operate and deliver the service
- To execute trades on your behalf when you enable a live bot
- To send transactional emails (password reset, account notifications) — never marketing without your explicit consent
- Your data is never sold to third parties
API Key Security
- Keys are encrypted at rest using AES-256-GCM before being written to storage
- Keys are never logged, never transmitted to third parties, and are only decrypted in memory at the moment a trade order must be placed
- To remove your API credentials from our system, delete the bot from the bots page. To fully revoke access, also delete the API key from your exchange account.
Data Retention
- Your data is retained for as long as your account is active
- If you delete your account, all personal data, API keys, bots, strategies and trade history are permanently deleted within 30 days
- Anonymised aggregate statistics with no personal identifiers may be retained for service improvement
Cookies
We use a single authentication cookie (vault_token) to keep you logged in. This is a httpOnly, SameSite=Lax cookie — it is not accessible to JavaScript.
We do not use advertising, tracking or third-party analytics cookies.
Your Rights
- Access a copy of your personal data
- Correct inaccurate data we hold about you
- Delete your account and all associated data
To exercise any of these rights, contact us using the address below.