Privacy Policy
Last updated: February 2026
1. Overview
Nixoa Quant ("we", "our", "the platform") is a virtual stock-trading simulator. We take your privacy seriously. This policy explains what data we collect, why we collect it, and your rights under GDPR (EU/UK) and CCPA (California).
2. Data We Collect
| Category | Examples | Purpose |
|---|---|---|
| Account data | Name, email, hashed password | Authentication, communication |
| Trading data | Virtual trades, strategies, portfolio | Platform functionality |
| Broker credentials | Alpaca API key & secret (AES-256 encrypted) | Alpaca integration (optional) |
| Usage data | Pages visited, feature usage, IP address | Security, audit log |
| Consent records | ToS acceptance timestamp, cookie preferences | Legal compliance |
3. How We Use Your Data
- To provide and improve the platform experience
- To authenticate you securely and maintain sessions
- To execute virtual trades and run automated strategies
- To send transactional emails (trade alerts, account notifications) — you can opt out in Settings
- To detect fraud and ensure platform security
- To comply with legal obligations
4. Data Sharing
We do not sell your personal data. We may share data with:
- Alpaca Markets — only when you connect your Alpaca account and only the data necessary to execute trades on your behalf.
- Infrastructure providers — hosting and database services under strict data-processing agreements.
- Law enforcement — when legally required.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, all personal data is removed within 30 days except where retention is required by law (e.g. audit logs for fraud prevention may be retained for up to 7 years).
6. Cookies
We use the following cookies:
- auth-token (essential) — keeps you signed in. HttpOnly, expires in 7 days.
- Analytics / support (optional) — only set if you accept non-essential cookies. You can change this in the cookie banner.
7. Your Rights
Access
Download all your data from Settings → Privacy & Data.
Deletion
Delete your account and all associated data from Settings → Privacy & Data.
Portability
Export your data as JSON from Settings → Privacy & Data.
Rectification
Contact us to correct inaccurate data.
Opt-out (CCPA)
We do not sell personal data. Opt out of marketing in Settings.
Lodge a complaint
You may contact your local data protection authority.
8. Security
Passwords are hashed with bcrypt. Alpaca API credentials are encrypted at rest with AES-256-GCM. All connections use HTTPS in production. We perform regular security reviews.
9. Contact
For privacy-related requests, contact us at [email protected]. We will respond within 30 days.
This policy may be updated periodically. Significant changes will be communicated by email or by a notice on the platform. Continued use of the platform after changes constitutes acceptance of the updated policy.