Privacy Policy

Last updated: 2025  ·  Review by a qualified privacy lawyer is recommended before this policy goes live.

1. Who we are

Stratagium ("we", "us", "our") operates the website at stratagium.ai and the user portal at portal.stratagium.ai. We are a technology company providing automated trading software as a service.

2. What information we collect

When you request access or contact us:

• Name and email address
• Self-described investor type and broker status
• Any information you voluntarily provide in free-text fields

When you use the portal:

• Email address and hashed password (bcrypt, we cannot recover your password)
• Your broker API credentials (encrypted at rest, see Section 5)
• IP address, browser user agent, and session data for security purposes
• Portal activity logs: login events, bot start/stop, credential changes

What we do not collect:

• We do not have access to your broker account funds or the ability to make withdrawals
• We do not track you across other websites
• We do not sell your data to third parties
• We do not use your data to train AI or machine learning models

3. How we use your information

• To operate and secure the platform
• To communicate with you about your account
• To comply with legal obligations
• To detect and prevent fraud or abuse
• To respond to your enquiries

We do not use your information for advertising, profiling, or sale to third parties.

4. Legal basis for processing (GDPR / Australian Privacy Act)

We process your personal data on the basis of: (a) contract, to provide the services you have requested; (b) legitimate interests, to secure the platform and prevent fraud; and (c) consent, where you have specifically provided it.

5. How we protect your data

Broker API credentials stored in our system are encrypted at rest using AES-256-GCM. Passwords are hashed with bcrypt and are never stored in recoverable form. All data in transit is protected by TLS 1.2 or higher. Access to your personal data within Stratagium is restricted to staff with a legitimate operational need and protected by multi-factor authentication.

6. Third-party services

We use Cloudflare to operate our public-facing infrastructure. Cloudflare may process metadata about requests (IP addresses, request headers) in accordance with their privacy policy. We do not use third-party analytics tools that receive personally identifiable information. Google Fonts are loaded from Google's CDN. This involves a DNS lookup to Google servers. If this concerns you, you may block Google Fonts in your browser without affecting portal functionality.

7. Data retention

Account data is retained for the duration of your account plus 12 months following account closure. Audit logs (login events, security events) are retained for a minimum of 90 days. You may request deletion of your account and associated data by contacting us, see Section 9.

8. Your rights

Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data; object to certain types of processing; and lodge a complaint with a supervisory authority. To exercise these rights, contact us at the address in Section 9.

9. Contact

For privacy enquiries or to exercise your rights: privacy@stratagium.ai

10. Changes to this policy

We may update this policy from time to time. We will notify registered users of material changes by email at least 14 days before they take effect. Continued use of the platform after that date constitutes acceptance of the updated policy.