Privacy Policy

Last updated: June 12, 2026

1. Who We Are & What This Covers

This Privacy Policy describes how AutoApe LLC ("AutoApe", "we", "us") collects, uses, stores, and shares information when you use the AutoApe website (autoape.io), the AutoApe desktop application, and related services (the "Service"). It is incorporated into our Terms of Service.

2. Information We Collect

Account information. Email address, display name, and a hashed password when you register with email; or your basic profile (name, email, avatar) from Google, Apple, or GitHub when you sign in with a social provider. We never see your social-login password.

Billing information. Payments are processed by Stripe. We receive your subscription plan, billing status, and the last four digits / brand of your card for support purposes — we do not receive or store full card numbers.

Service usage. Subscription verification events from the desktop app (login, license checks), API request metadata for our data services (endpoints called, request counts, rate limiting), device/browser information, IP address, and diagnostic logs. Referral-program activity if you participate.

Support communications. Anything you send us by email.

3. What Stays on Your Device (We Never Receive It)

The desktop application stores the following only on your device, encrypted in a local vault (Argon2id key derivation + AES-256-GCM) protected by a master password that only you know:

  • brokerage and exchange API keys and OAuth tokens (Schwab, Alpaca, OANDA, CEX keys);
  • blockchain wallet private keys and seed phrases;
  • your local trading configuration and strategy settings.

These are never transmitted to AutoApe servers. Trading operations execute directly from your device to your brokerage, exchange, or the blockchain. We cannot see, recover, or reset your master password, your keys, or your wallets. Your individual trade history lives in your local journal on your device; we do not collect it.

4. How We Use Information

  • Provide, maintain, secure, and improve the Service
  • Verify subscriptions and license entitlements for the desktop app
  • Process payments, manage subscriptions, and apply referral credits
  • Send transactional emails (account, billing, security notices)
  • Provide customer support
  • Monitor aggregate usage, performance, and abuse (rate limiting, fraud detection)
  • Comply with legal obligations

We do not use your information for third-party advertising, and we do not sell or rent personal information to anyone.

5. Sharing

We share information only with:

  • Service providers acting on our behalf — payment processing (Stripe), cloud hosting and infrastructure, email delivery — bound to use it only to provide their service to us;
  • Authorities when required by law, subpoena, or to protect the rights, safety, or property of AutoApe, our users, or the public; and
  • A successor entity in connection with a merger, acquisition, or sale of assets (your data remains subject to this policy or one at least as protective).

6. Security

We use TLS for all data in transit, encryption at rest for sensitive server-side data, hashed passwords, and access controls on internal systems. The most sensitive data in the AutoApe ecosystem — your keys — never reaches us at all (see Section 3). No method of transmission or storage is 100% secure, and we cannot guarantee absolute security; if we learn of a breach affecting your personal data we will notify you as required by law.

7. Retention

We retain account data for as long as your account is active or as needed to provide the Service. After account deletion we remove or de-identify personal data within 90 days, except where retention is required for legal, tax, billing-dispute, or fraud-prevention purposes. Aggregated, de-identified usage statistics may be retained indefinitely.

8. Cookies

The website uses essential cookies for authentication and session management, and privacy-respecting analytics to understand aggregate site usage. We do not use third-party advertising cookies. You can control cookies through your browser settings; blocking essential cookies will break sign-in.

9. Your Rights

Depending on your jurisdiction (including under GDPR and CCPA/CPRA), you may have the right to access, correct, delete, or export your personal data; to restrict or object to certain processing; to opt out of non-essential communications; and to not be discriminated against for exercising these rights. We honor these requests for all users regardless of location. To exercise any of them, email info@autoape.io — we will respond within 30 days. EU/UK users may also lodge a complaint with their supervisory authority.

10. International Transfers

We are based in the United States and process data there. If you use the Service from outside the U.S., you understand your information will be transferred to and processed in the U.S., which may have different data-protection laws than your jurisdiction.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect personal information from children; if we learn that we have, we will delete it promptly.

12. Changes & Contact

We may update this policy from time to time; material changes will be notified via email or through the Service, and the date above will change. Privacy inquiries: info@autoape.io.