Legal
Privacy Policy
We collect the minimum required to run a trading terminal — broker tokens, order history, and login credentials. Nothing is sold. Nothing is shared with marketers.
What we collect
Account
Email, hashed password, Google profile (if you sign in via Google), country/timezone.
Broker tokens
Encrypted OAuth tokens for Zerodha / Upstox / Dhan. AES-256-GCM at rest. Only order-placement & read scopes.
Order ledger
Every order intent, fill, rejection, and slippage value. Append-only. Used to compute your stats and our public honesty page (aggregated, never per-user).
Telemetry
Page views, latency probes, error reports. Self-hosted Plausible. No third-party advertising pixels.
Payments
Razorpay handles card/UPI data. We store only the subscription ID and last-4.
What we will never do
- · Sell or rent your data to third parties.
- · Request fund-withdrawal scope from your broker.
- · Publish your individual P&L, even anonymously.
- · Track you across other websites.
- · Read or store your broker password (we use OAuth).
Your rights
You can export your full ledger as CSV from settings, request deletion of your account (we keep ledger rows for 7 years to comply with SEBI record-keeping), and revoke broker access from your broker's dashboard at any time.
Where data lives
Primary Postgres in ap-south-1 (Mumbai). Encrypted nightly backups in ap-south-1 and ap-southeast-1 (Singapore) as DR. No personal data leaves Asia.
Privacy questions? privacy@dyadscalp.app