Privacy Policy

1. Information We Collect

When you use our Services, we may collect the following types of information:

• — Account Information: Name, username, email address, phone number, organization name, and country
• — Authentication Data: Hashed passwords, OTP verification records, MFA settings
• — Payment Information: Transaction IDs, plan history, and billing records (payment card details are processed by our payment partners and never stored on our servers)
• — Usage Data: Features accessed, queries made, resources consumed, and session timestamps
• — Content Data: Data, files, images, or other content you upload to or process through the Services
• — Technical Data: IP address, browser type, device information, and operating system
• — Trading Configuration Data (Aurysia Quant): Declared capital bracket, selected instrument pairs, risk parameters, and MetaTrader account identifiers (account number only — we never have access to your login credentials, funds, or brokerage account)
• — Security Telemetry Data (Aurysia Shield): System logs, file integrity checksums, running processes, open ports, installed software inventory, network events, vulnerability scan results, configuration assessment findings, and Docker/container metadata. This data is collected by Shield agents deployed on your endpoints and transmitted securely to the Shield Engine for analysis.

2. How We Use Your Information

We use collected information to:

• —Provide, operate, and maintain our Services
• —Process payments and manage your account
• —Send verification codes, security alerts, and service notifications
• —Improve our platforms and develop new products and features
• —Prevent fraud, abuse, and enforce our Terms of Service
• —Communicate important updates about the Services
• —Provide customer support and respond to inquiries

3. Payment Processing

Payments are processed through third-party payment providers (such as Stripe) that are PCI DSS compliant. We do not store credit card numbers, CVVs, or other sensitive payment instrument details on our servers. Only transaction metadata necessary for billing and support is retained.

4. Data Sharing

We do not sell your personal information. We may share data with:

• — Payment Processors: Third-party providers for processing transactions
• — Infrastructure Providers: Cloud hosting, CDN, and other services necessary to operate our platforms
• — AI and Analytics Partners: Third-party AI model providers used to power features within the Services, subject to their own privacy policies
• — Market Data Providers (Aurysia Quant): We ingest real-time market data from third-party feed providers to power algorithmic analysis. Your trading configuration (instrument pairs, risk parameters) may be transmitted to these providers solely for the purpose of delivering relevant data streams. No personal identity information is shared.
• — Threat Intelligence Providers (Aurysia Shield): Shield may submit file hashes, IP addresses, domain names, and other indicators of compromise (IOCs) to third-party threat intelligence services (such as VirusTotal and OSINT feeds) for the purpose of enriching threat detection. Only security-relevant indicators are shared — no personal identity information, file contents, or endpoint data is transmitted to these services.
• — Legal Requirements: When required by law, court order, or government regulation

5. Data Security

We implement industry-standard security measures including:

• —Encryption of data in transit and at rest
• —Secure password hashing (bcrypt or equivalent)
• —API key and token-based authentication
• —Regular security audits and monitoring
• —Access controls and role-based permissions

6. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Services. Upon account deletion, personal data is removed within 30 days, except where retention is required by law or for legitimate business purposes (e.g., transaction records for tax compliance).

7. Your Rights

You have the right to:

• —Access the personal data we hold about you
• —Request correction of inaccurate data
• —Request deletion of your account and associated data
• —Export your data in a machine-readable format
• —Withdraw consent for optional data processing

8. Cookies and Tracking

We may use session cookies and similar technologies to maintain your authenticated state and provide core functionality. These are functional cookies essential for the Services to operate. We do not use third-party tracking cookies or advertising trackers.

9. Children's Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email or through the Services. Continued use of the Services after changes constitutes acceptance of the updated policy.