1. Overview
This Privacy Policy describes how Athena ("the Service") collects, uses, and protects your information. We are committed to protecting your privacy and handling your data responsibly.
2. Information We Collect
| Data Type |
Purpose |
Storage |
| Username & Password |
Account authentication |
Password hashed with bcrypt |
| Kalshi API Keys |
Execute trades on your behalf |
Encrypted with AES-128 (Fernet) |
| Trading Preferences |
Customize your experience |
Plain text in database |
| Stop Loss Records |
Automated risk management |
Plain text in database |
| IP Address |
Security & rate limiting |
Temporary (in memory only) |
3. How We Use Your Information
We use your information solely to:
- Authenticate you and secure your account
- Execute trading operations you initiate
- Monitor and execute stop-loss orders
- Protect against unauthorized access and abuse
- Improve the Service
4. What We Do NOT Do
- We do NOT sell your data to third parties
- We do NOT share your data with advertisers or data brokers
- We do NOT use your data for marketing purposes
- We do NOT track your activity outside the Service
- We do NOT store your trading history long-term
5. Data Security 🔒 Encrypted
We implement multiple security measures to protect your data:
Encryption
- Passwords: Hashed using bcrypt with salt (industry standard)
- API Keys: Encrypted using Fernet symmetric encryption (AES-128-CBC)
- In Transit: All data transmitted over HTTPS/TLS
Access Controls
- JWT tokens expire after 24 hours
- Rate limiting prevents brute force attacks
- Each user can only access their own data
Server Security
- Encryption keys stored with restricted file permissions
- Database access limited to the application
6. Data Retention
We retain your data as follows:
- Account data: Until you request deletion
- Stop loss records: 30 days after triggered/cancelled
- Login attempt logs: 15 minutes (in memory only)
7. Your Rights
You have the right to:
- Access your stored data
- Delete your account and all associated data
- Revoke API access by changing your Kalshi keys
- Export your data upon request
8. Third-Party Services
The Service interacts with:
- Kalshi API: To execute trades and fetch market data. Your API keys are sent directly to Kalshi's servers. Please review Kalshi's Privacy Policy.
- NBA API: To fetch live game scores (no personal data transmitted)
9. Cookies
We use a single cookie:
- token: HTTP-only session cookie containing your encrypted authentication token. Expires after 24 hours. Required for the Service to function.
We do not use tracking cookies, analytics cookies, or advertising cookies.
10. Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will notify affected users as soon as reasonably possible and take immediate steps to mitigate the impact.
11. Children's Privacy
The Service is not intended for users under 18 years of age. We do not knowingly collect information from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of significant changes by posting a notice on the Service.
13. Contact
For questions about this Privacy Policy or to exercise your data rights, please contact the service administrator.
← Back to Login