Key Points

Data collected: registration info (name, email, phone), KYC identifiers (where applicable), broker identifiers, encrypted API credentials (sensitive), trading activity, balances and holdings, device and telemetry data.
Purpose: to provide automated trading services, compliance with securities laws, fraud detection, customer support and platform analytics.
Legal basis & consent: explicit, informed consent is requested for credential storage and automated trading. Users can withdraw consent, subject to consequences.
Sharing: Algovested shares data with: the user's chosen broker (for execution), exchanges (for compliance), payment processors (for billing) and authorized processors under contract.
Security: encryption in transit (TLS) and at rest (AES-256 or equivalent), KMS/HSM-based key management, rotation, strict IAM and audit logging.
Data subject rights: access, rectification, erasure (where permitted), restriction, portability, and the right to lodge a complaint to the Data Protection Board. How to exercise rights included below.
Breach notification: Algovested maintains an incident response program and will notify the Data Protection Board and affected principals as required by DPDP/implementing rules.
Retention: data retention periods are defined per data class (example placeholders provided) and will be disclosed in the portal and in the privacy notice.

Account and contact information (name, email, phone)
Broker identifiers and account numbers (for mapping and reconciliation)
Encrypted API credentials / OAuth tokens (stored encrypted; used only to execute trades) — treated as 'sensitive data'
Transaction history, balances, holdings, order logs and execution reports
Device identifiers, IP addresses, telemetry and logs for security and compliance

You provide API credentials or authorize OAuth. Algovested stores them encrypted using a KMS/HSM system; in normal operations Algovested personnel do not have access to plaintext.
You expressly authorize Algovested to use the encrypted credentials to place orders, query balances & holdings, and receive confirmations.
If decryption is required for incident response, such actions are logged, limited to authorized personnel, and subject to dual-authorization controls.

Automated trading decisions made by your chosen algos will occur without human intervention unless you select a managed/human-review option.
You will be shown (at onboarding) a clear summary of algorithm behavior and risk parameters; black-box algos come with additional disclosures and constraints under exchange rules.

Encryption in transit (TLS) & at rest (AES-256 or equivalent).
KMS/HSM-based key management, rotation policies, separation of duties, audit logging and periodic penetration testing.
Access controls: least privilege IAM and multi-factor authentication for admin access.

How to request access, correction, deletion or portability via the account portal or privacy@algovested.com.
Procedure and expected timeframes for responding to requests (per DPDP implementing rules).

Algovested has an incident response plan: containment, forensic investigation, assessment of harm, and notification to Data Protection Board and affected principals when required.
For major incidents we will: provide a description of the breach, data categories affected, mitigation steps and contact details for follow-up.

We only use processors under written contracts with security and confidentiality obligations. Cross-border transfers will comply with applicable law and be disclosed.
We do not sell or rent personal data.

Privacy Policy