Aegium
Legal

Privacy Policy

Last updated: June 19, 2026

This Privacy Policy describes how Aegium ("we", "us", or "our") collects, uses, and protects your personal information when you use the Aegium platform at dashboard.aegiumlabs.com (the "Service").

1. Information We Collect

We collect the following types of information:

  • Account information: Email address and hashed password when you register
  • Usage data: Pages visited, features used, and interaction patterns within the Service
  • Payment information: Processed securely through Stripe. We do not store your credit card details
  • Exchange API keys: If you connect an exchange account — for portfolio tracking, or, for eligible institutional users, a live-account execution layer — API keys are stored encrypted at rest, requested with the minimum permissions required, and never granted withdrawal access
  • Device and browser data: Browser type, operating system, and IP address for security and abuse prevention

2. Legal Basis and How We Use Your Information

We process your personal data based on the following legal grounds:

  • Performance of a contract (Art. 6(1)(b) GDPR): Account information, authentication, and service provision
  • Legitimate interest (Art. 6(1)(f) GDPR): Security monitoring, fraud prevention, and service improvement
  • Legal obligation (Art. 6(1)(c) GDPR): Tax, accounting, and regulatory compliance
  • Consent (Art. 6(1)(a) GDPR): Analytics cookies and marketing (when enabled)

Specific purposes include:

  • Provide, maintain, and improve the Service
  • Authenticate your identity and manage your account
  • Process payments and manage subscriptions
  • Send transactional emails (verification, password reset, billing)
  • Monitor for security threats and abuse
  • Comply with legal obligations

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Cookies

The Service uses the following categories of cookies:

  • Essential Cookies (always active): aegium_session (authentication), aegium_verified, aegium_role, aegium_plan (verification cache). These are required for the Service to function and cannot be disabled.
  • Analytics Cookies (with consent): PostHog cookies for understanding user behavior and improving our Service. Only placed with your explicit consent.
  • Marketing Cookies: Currently not used. If implemented in the future, will only be placed with your explicit consent.

For detailed information about each cookie, please see our Cookie Policy. You can manage your cookie preferences at any time via our Cookie Settings.

4. Data Storage and Security

Your data is stored on secure servers within the European Union. We implement appropriate technical and organizational measures to protect your data, including:

  • Passwords hashed with bcrypt
  • Session tokens signed with HMAC-SHA256
  • HTTPS encryption for all data in transit
  • Exchange API keys encrypted with Fernet symmetric encryption
  • Security headers (CSP, HSTS, X-Frame-Options) on all responses

5. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will remove your personal data within 30 days, except where retention is required by law.

Trading data and analytics are retained in accordance with our data retention policies and may be aggregated in anonymized form for platform improvement.

6. Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing (Stripe Privacy Policy)
  • Resend: Transactional email delivery
  • Binance: Market data source (no personal data shared)
  • PostHog: Product analytics for understanding user behavior (anonymized data, only with your consent — PostHog Privacy Policy)

7. Your Rights

Under the GDPR and applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time — you can change your cookie preferences via our Cookie Settings

To exercise any of these rights, please contact us through our contact page.

You also have the right to lodge a complaint with a data protection supervisory authority if you believe your data protection rights have been violated. In Germany, you can contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your state data protection authority.

8. International Data Transfers

Your data is primarily stored within the EU. Where data is transferred to third-party services outside the EU (e.g., Stripe), appropriate safeguards such as Standard Contractual Clauses are in place.

9. Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects concerning you or similarly significantly affects you. Trading signals and analytics provided by the Service are for informational purposes only and do not constitute automated decisions about you as an individual.

11. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through the Service. The "Last updated" date at the top indicates the most recent revision.

13. Contact

If you have questions about this Privacy Policy or your data — including requests to access, correct, export, or delete your data — contact us at hello@aegiumlabs.com or via our contact page. The data controller is the provider named in our Imprint.