NAGAIONAI · Trading
Please review carefully before using the service

Privacy Policy

Last updated: June 2026

We align with GDPR, CCPA and India DPDPA principles. We may update this policy as the service evolves; material changes will be posted here.

1. What we collect

From you directly:

  • Email + password (hashed with Argon2id — we never see the plaintext after first submit)
  • Your MT5 broker login number, server, and password (password encrypted with AES-256-GCM)
  • Payment-method details (handled by Stripe — we never see card numbers)
  • Optional: your name and KYC documents if regulated jurisdiction

Automatically:

  • IP address and browser headers, for fraud detection
  • Login timestamps and audit-log entries for security review
  • Trade records the bot writes on your behalf (anonymized for aggregate research)

2. What we DO NOT collect

  • Your funds (your broker custodies them)
  • Your card number (Stripe tokenizes it before it reaches us)
  • Your social-media identity unless you explicitly link it
  • Tracking cookies from third parties on logged-in pages

3. How we use it

  • To operate the service (place trades, calculate fees, send alerts)
  • To process payments (via Stripe)
  • To improve safety and detect abuse
  • To comply with legal requests where mandated

We do not sell your data. We do not share it with marketers.

4. How we protect it

  • AES-256-GCM encryption at rest for sensitive credentials
  • Per-user Data Encryption Keys, themselves wrapped by a master key in HSM/Vault
  • Row-Level Security on the database — your rows are invisible to other users
  • TLS 1.3 in transit; HSTS preload
  • Argon2id for password hashes (memory-hard, GPU-resistant)
  • Immutable audit log of every privileged action

5. Who can see your data

By default, no engineer can read your MT5 password — it lives only as ciphertext until a running bot needs it, when it is decrypted in memory only.

Aggregate, anonymized trade statistics may be shown internally for model improvement. We never publish identifiable user trades.

6. Your rights

  • Access — download your full record at any time from /account/export
  • Correction — fix incorrect data via your dashboard
  • Deletion — request deletion via support@nagaionai.xyz. We honor within 30 days, subject to legal retention requirements (fee records, AML logs).
  • Portability — your trade history exports as CSV

7. Retention

Active account data is retained while your account is active. After deletion, we keep minimal records (audit log entries, fee/tax records) for the period required by law — typically 7 years.

8. Cookies

We use one essential session cookie for authentication. No third-party tracking. No advertising cookies.

9. Contact

Privacy questions or data-rights requests: privacy@nagaionai.xyz