Our privacy principles.
Short version: we handle as little of your data as possible, broker API keys never leave your machine, we don't share anything with third parties.
1. What we collect
Email, encrypted password hash, phone (for SEBI/broker compliance), minimal product telemetry (page views, errors). Telegram chat ID if you enable alerts.
2. What we do NOT collect
Your broker API keys are encrypted client-side with AES-256-GCM and stored on your disk. Our auth server sees only sessions — never broker keys.
3. Trading data
Your trades are stored so you can review and file taxes. Never sold, never shared. CSV export or account deletion available anytime from settings.
4. Third-party subprocessors
AWS (hosting), Stripe (payments), your brokers (execution), Telegram + your SMTP (if enabled for alerts). No ad networks, no analytics SaaS trackers, no data brokers.
5. Your rights
Request full export or deletion by emailing privacy@stockroute.io. We respond within 30 days.
6. Compliance
Data handling aligns with DPDP Act 2023 (India) and applicable GDPR principles. Last updated 19 April 2026.
Placeholder document — formal legal review in progress. The principles above reflect how the product is actually built today.