1. Who We Are
Stralines Trade is operated by Stralines Labs Private Limited, a company incorporated in India in 2026. This policy explains what we collect, how we use it, who processes it on our behalf, and the rights you have. For privacy requests, contact privacy@stralines.com.
2. Information We Collect
We collect the following information when you use Stralines:
- Account information: Name, email address, password (hashed with bcrypt)
- Exchange API keys: Your exchange API key and secret, encrypted at rest with AES-256-GCM authenticated encryption and never stored in plaintext. These keys are used only to execute the orders generated by your own configured strategies; we never use them to withdraw or move your funds.
- Trading data: Strategy configurations, signals, P&L records, positions
- Usage and product analytics: IP address, browser/device type, pages visited, timestamps, and in-product events captured via our analytics processor (PostHog) to understand and improve the product
- Payment data: Billing identifiers and transaction references from our payment processors. We do not store full card or bank details — these are handled by the processor.
- Activity logs: Login/logout times, strategy actions, exchange connections, credit transactions
3. How We Use Your Information
We use your information to: (a) provide and operate the Platform software, (b) execute the orders your configured strategies generate on your own connected exchange, (c) process subscription payments, (d) send password reset and account notification emails, (e) monitor platform health and prevent abuse, (f) improve our services and user experience. We do not sell, rent, or trade your personal data to anyone.
4. Data Security
We employ industry-standard security measures including:
- AES-256-GCM authenticated encryption for exchange API credentials
- bcrypt hashing (12 rounds) for passwords
- SHA-256 hashing for API keys
- JWT tokens with 7-day expiry and server-side session validation
- HTTPS/TLS encryption via Cloudflare
- Rate limiting to prevent brute force attacks
- Two-Factor Authentication (TOTP) available for all accounts (recommended)
5. Data Retention
Account data is retained as long as your account is active. Activity logs are retained for 3 months and then automatically deleted. Deleted accounts have their exchange API keys wiped immediately. Signal and trade data may be retained in anonymized form for platform analytics.
6. Processors and Data Sharing
We do not sell, trade, or share your personal information for marketing. We share data only with the sub-processors needed to run the service, and only as required to deliver it:
- Your connected exchange — to execute orders using your provided API keys
- Payment processors — Razorpay (live); Stripe (pending) — to take subscription payments
- Email delivery — to send account, security, and notification emails
- PostHog — privacy-respecting product analytics, proxied through our own domain
- Hosting / infrastructure — to run the application and deliver content securely
- As required by law or valid legal process
[LAWYER REVIEW] — confirm the complete sub-processor list, their locations, and the lawful international-transfer mechanism (e.g. Standard Contractual Clauses) for EU/UK personal data.
7. Cookies and Local Storage
We use browser localStorage to store: (a) authentication tokens (JWT), (b) platform gate access tokens, (c) theme preferences, and (d) your cookie-consent choice. We use PostHog for product analytics. We do not use third-party advertising cookies.
8. Your Rights
Subject to applicable law, you have the right to: (a) access your personal data, (b) request correction of inaccurate data, (c) request deletion (erasure) of your account, (d) export / port your trading data via the Reports page, and (e) object to or restrict certain processing.
If you are in the EU, UK, or another region with equivalent data-protection law (GDPR / UK GDPR), you also have the right to lodge a complaint with your local supervisory authority. To exercise any of these rights, contact privacy@stralines.com. [LAWYER REVIEW] — confirm GDPR/UK-GDPR specifics: lawful bases per processing purpose, data-controller identity and any EU/UK representative, and statutory response timelines.
9. Children's Privacy
Stralines is not intended for users under 18. We do not knowingly collect information from minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last modified" date.
11. Contact
Stralines Labs Private Limited — for privacy-related inquiries, contact privacy@stralines.com or call +91 955 955 0040.
Operated by Stralines Labs Private Limited, a company incorporated in India (2026). Registered office: 81/1, Muthukrishnapuram Main, 6th Street, Thoothukudi, Tamil Nadu, India - 628002 · GSTIN: 33ABUCS1462L1ZU.