Privacy Policy

Last updated: March 2026

This Privacy Policy explains how AEGIS Trading ("AEGIS," "we," "us," or "our"), operated by Lawford Campbell, collects, uses, and protects your information when you use our platform.

1. What We Collect

We collect the following information:

• Email address — used for authentication and account communications
• Password — hashed with bcrypt before storage; we never store or see your plaintext password
• Exchange API keys — encrypted at rest (see Section 3); provided voluntarily to enable live trading
• Trading activity logs — records of trades executed by AEGIS on your behalf (entry/exit prices, timestamps, P&L)
• Usage data — pages visited, features used, bot configuration settings, and general platform interactions

2. How We Use Your Data

We use the information we collect to:

• Authenticate your account and maintain your session
• Execute trades on your exchange account via API
• Display your trading history, performance, and account status
• Improve the platform, fix bugs, and develop new features
• Send important notifications about your account, billing, or service changes
• Respond to your support requests

3. API Key Security

Your exchange API keys are the most sensitive data we handle. Here is how we protect them:

• Keys are encrypted using Fernet symmetric encryption with PBKDF2 key derivation
• Keys are never stored in plaintext — not in the database, not in logs, not in backups
• Keys are never shared with any third party, employee, or external service
• Keys are decrypted only in memory at the moment a trade needs to be placed
• You can delete your API keys at any time from your account settings, or revoke them directly on your exchange

4. Third-Party Services

AEGIS uses the following third-party services:

• Stripe — processes subscription payments. Stripe receives your payment information (card number, billing address) directly. We never see or store your full card number. See Stripe's Privacy Policy.
• Anthropic Claude API — used for AI trade signal analysis. We send only technical indicator data (prices, RSI, MACD, etc.) to Claude for evaluation. No personal information, API keys, or account data is ever sent to the AI.
• Binance Public API — used to fetch public market data (candlestick prices, volume). No personal data is sent. This is a public, unauthenticated API.
• Exchange APIs (Robinhood, Gemini, Coinbase) — used to execute trades and read account balances. Communication is authenticated with your API keys and encrypted in transit.

5. Data Retention

• Your account data is retained as long as your account is active
• If you request account deletion, all personal data (email, API keys, trade logs) will be deleted within 30 days
• We may retain anonymized, aggregated data (e.g., total trade counts, system performance metrics) that cannot identify you
• Billing records may be retained as required by tax and financial regulations

6. We Never Sell Your Data

We do not sell, rent, or trade your personal data to third parties. We do not share your information for advertising or marketing purposes. Your data is used solely to operate the AEGIS platform for you.

7. Cookies and Local Storage

AEGIS does not use tracking cookies, advertising cookies, or third-party analytics cookies.

We store a JWT (JSON Web Token) in your browser's localStorage for authentication. This token keeps you logged in and is cleared when you log out. It contains only your user ID and expiration time — no personal information.

8. Your Rights

You have the right to:

• Access your data — request a copy of all personal data we hold about you
• Delete your data — request deletion of your account and all associated data
• Update your information — change your email or password from your account settings
• Revoke API access — remove your exchange API keys at any time
• Export your data — request an export of your trade history and account information

To exercise any of these rights, contact us at lawford.campbell@gmail.com. We will respond within 30 days.

9. Contact

If you have questions about this Privacy Policy or how your data is handled, contact:

Lawford Campbell
Email: lawford.campbell@gmail.com

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and notify affected users via email. Your continued use of the platform after changes take effect constitutes acceptance of the updated policy.