Privacy Policy

Last updated: February 6, 2026

1. Introduction

Kerosyne ("we," "our," or "us") operates a non-custodial trading automation platform. This Privacy Policy explains how we collect, use, and protect your personal information.

2. Data We Collect

2.1 Account Information

Email address, password (encrypted), country of residence, and subscription tier.

2.2 Trading Data

Position history, trade execution logs, strategy configurations, and risk limit settings.

2.3 API Keys

Exchange API keys are encrypted and stored in Azure Key Vault. We never log, expose, or transmit API keys in plaintext.

2.4 Usage Data

Login timestamps, feature usage, dashboard interactions, and error logs.

3. How We Use Your Data

  • To provide and maintain the Kerosyne platform
  • To execute trades on your behalf via exchange APIs
  • To enforce risk limits and validate trades
  • To send notifications about position updates and risk alerts
  • To improve platform performance and user experience
  • To comply with legal and regulatory requirements

4. API Key Handling

Critical Security Information:

  • API keys are encrypted at rest using AES-256
  • Keys are stored in Azure Key Vault, not in our database
  • Keys are only decrypted at execution time by Cerberus
  • We never request withdrawal permissions
  • We never hold, custody, or control your funds
  • API keys are never logged, transmitted in plaintext, or exposed in responses

5. Non-Custodial Design

Kerosyne is non-custodial. Your funds remain on the exchange at all times. We only have read and trade permissions via API keys. We cannot withdraw, transfer, or move funds from your exchange account.

6. Cookies and Tracking

We use cookies for:

  • Authentication and session management
  • User preferences and settings
  • Analytics (anonymized)

You can disable cookies in your browser, but this may limit platform functionality.

7. Logging Practices

We log:

  • Trade execution events
  • Risk validation results
  • System errors and warnings
  • User actions (login, strategy creation, etc.)

We do not log:

  • API keys or secrets
  • Passwords
  • Payment information

8. Data Sharing

We do not sell your data. We may share data with:

  • Service Providers: Azure (hosting), Stripe (payments), SendGrid (emails)
  • Legal Requirements: If required by law or to protect our rights
  • Business Transfers: In the event of a merger or acquisition

9. Your Rights

You have the right to:

  • Access your personal data
  • Request data correction or deletion
  • Export your trading history
  • Revoke API key permissions
  • Close your account

To exercise these rights, email privacy@kerosyne.trade.

10. Data Retention

We retain your data for as long as your account is active. After account closure, we retain logs for 90 days for audit and compliance purposes, then permanently delete all personal data.

11. Security

We implement industry-standard security measures:

  • AES-256 encryption for sensitive data
  • TLS 1.3 for data in transit
  • Azure Key Vault for API key storage
  • Regular security audits
  • Role-based access controls

12. Compliance

Kerosyne complies with GDPR, CCPA, and other applicable data protection regulations. We are committed to protecting your privacy and maintaining transparency about our data practices.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or dashboard notification. Continued use of the platform after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or concerns, contact us at:

Email: privacy@kerosyne.trade