Legal

Privacy Policy

Last updated June 3, 2026

This Policy explains what we collect, why, and the choices you have. We collect the minimum needed to operate the Service.

1. What we collect

Account data — your username and a salted password hash (we never store plaintext passwords).
Trading data — the accounts, positions, orders, and audit entries you create in the Service.
Broker credentials — access tokens for brokers you connect, stored encrypted at rest.
Operational data — request logs and metrics used to run and secure the Service.

2. What we do not do

We do not sell your personal data. We do not take custody of your funds. We do not use your trading activity to trade against you.

3. How we use data

To authenticate you, execute the actions you direct, maintain an append-only audit trail, secure the Service, and meet legal obligations.

4. Security

Passwords are hashed with PBKDF2; broker tokens are encrypted; sessions use signed, expiring bearer tokens; every order passes a mandatory risk gate and is audited. No system is perfectly secure, but we engineer fail-closed by default.

5. Retention

We retain account and audit records for as long as your account is active and as required by law, then delete or anonymize them.

6. Your choices

You can disconnect a broker, delete positions, or request account deletion. Some records may be retained where required for legal or audit purposes.

7. Contact

Privacy questions: privacy@niroengine.com.

Niro is software for self-directed traders. It is not a broker-dealer, investment adviser, or custodian, and nothing here is investment, legal, or tax advice.