Privacy Policy

1. Introduction

LaxharTech (“we”, “us”, or “our”) operates the Aumavi platform (“Platform” or “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Platform.

We are committed to protecting your privacy and ensuring the security of your personal information. This Policy is designed to comply with applicable Indian laws, including the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By using Aumavi, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

2.1 Information You Provide

Account Information

When you register through LaxharAccess, we collect:

• User ID (sub): Unique identifier from our authentication provider
• Email Address: For account verification and communication
• Full Name: For personalization and display
• Profile Picture: Optional avatar from your authentication profile
• Email Verification Status: Whether your email has been verified

Profile Information

You may optionally provide:

• Username: For public display and identification
• Phone Number: For optional communication
• Website: Your personal or business website
• Bio: Self-description
• Trading Experience Level: Beginner, intermediate, advanced, or professional

Trading Data

When using our trading features, we collect:

• Spot Transactions: Deposits, withdrawals, buys, sells, transfers
• Futures Transactions: Long/short positions, entry/exit prices, P&L
• Paper Trading Data: Virtual positions, orders, and trade history
• Simulator Data: Competition trades and leaderboard standings
• Rover Configurations: Automated trading bot settings

Financial Information

• Transaction Values: Amounts, prices, fees in various currencies
• Tax Configurations: Exemption amounts, tax rates, TDS preferences
• Currency Conversion Data: Historical exchange rates for audit trails
• Fiat Holdings: INR, USD, EUR balances on connected exchanges

Exchange Credentials

When connecting external exchanges:

• API Keys: Access keys for MEXC, CoinDCX, and other supported exchanges
• API Secrets: Corresponding secret keys for authentication
• Environment Settings: Configuration preferences for each connected exchange

Security Note: All exchange credentials are encrypted using AES-GCM encryption before storage and are never logged or exposed in plaintext.

Psychology Tracking (Optional)

For futures trading analytics, you may optionally provide:

• Trade performance assessment
• Trade cause (signal, greed, revenge)
• Stress level (1-10 scale)
• Health, mood, and focus states
• Entry and exit remarks

2.2 Information Collected Automatically

Usage Data

• Session Information: Login times, session duration, last activity
• Feature Usage: Which features you access and how frequently
• Import Jobs: Status, progress, and results of exchange imports
• Sync States: Last synchronization timestamps per environment

Technical Data

• IP Address: For security and localization purposes
• Browser Type: Browser name and version
• Device Information: Operating system and device type
• Cookies: As described in our Cookie Policy

2.3 Information from Third Parties

LaxharAccess (Authentication Provider)

When you authenticate, LaxharAccess provides us with your basic profile information including user ID, email, name, and profile picture.

Exchange APIs

When you connect your exchange accounts, we receive:

• Trade history and transaction data
• Deposit and withdrawal records
• Account balances (for display purposes only)
• Symbol and market data

Market Data Providers

We receive real-time and historical market data from:

• MEXC API
• CoinDCX API
• Other market data providers as added

3. How We Use Your Information

3.1 To Provide Our Services

• Create and manage your account
• Process and display your trading data
• Calculate portfolio performance and analytics
• Generate tax estimates for your transactions
• Sync data with connected exchanges
• Execute automated trading strategies (Rovers)

3.2 To Improve Our Services

• Analyze usage patterns to enhance features
• Debug issues and improve platform stability
• Develop new features based on user needs
• Generate aggregated, anonymized analytics

3.3 To Communicate With You

• Send service-related notifications
• Provide customer support
• Send important updates about Terms or Policy changes
• Respond to your inquiries and requests

3.4 For Security and Compliance

• Detect and prevent fraudulent activity
• Enforce our Terms of Use
• Comply with legal obligations
• Protect the rights and safety of our users

4. How We Share Your Information

4.1 Service Providers

We share data with trusted third parties who assist in operating our Platform:

4.2 Exchange Integrations

When you connect exchange accounts:

• Your API credentials are sent directly to the exchange (never logged by us)
• Trade and balance data is retrieved via authenticated API calls
• We do not share your data with exchanges beyond what's necessary for API calls

4.3 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

4.5 What We Do NOT Share

• We do not sell your personal information
• We do not share your data for third-party advertising
• We do not disclose your trading strategies to others
• We do not expose your exchange credentials to any party

5. Data Security

5.1 Security Measures

We implement industry-standard security practices:

• Encryption at Rest: AES-GCM encryption for sensitive credentials
• Encryption in Transit: HTTPS/TLS for all data transmission
• Session Security: iron-session with encrypted cookies
• PKCE: Proof Key for Code Exchange for OAuth2 authentication
• Database Security: User-scoped queries (all data filtered by user_id)
• Key Derivation: PBKDF2 for encryption keys

5.2 Access Controls

• Role-based access control for administrative functions
• Audit logging for sensitive operations
• Regular security reviews and updates

5.3 Incident Response

In the event of a data breach, we will:

• Notify affected users within 72 hours of discovery
• Report to relevant authorities as required by law
• Take immediate steps to contain and remediate the breach

6. Data Retention

6.1 Retention Periods

6.2 Data Deletion

Upon account deletion:

• Personal profile data is deleted within 30 days
• Transaction data may be retained for tax compliance (anonymized)
• Aggregated analytics data is retained indefinitely
• Exchange credentials are immediately and permanently deleted

7. Your Rights

7.1 Access and Portability

You have the right to:

• Access your personal data stored on our Platform
• Export your data in a machine-readable format (JSON/CSV)
• Receive a copy of your data upon request

7.2 Correction

You can update your personal information through:

• Your account settings page
• Contacting our support team

7.3 Deletion

You can request deletion of your data by:

• Deleting your account through settings
• Contacting us at [email protected]

Note: Some data may be retained for legal compliance as described in Section 6.

7.4 Objection and Restriction

You may:

• Object to processing of your data for certain purposes
• Request restriction of processing in certain circumstances
• Withdraw consent for optional data collection

7.5 Exercising Your Rights

To exercise any of these rights, contact us at:

• Email: [email protected]
• Response Time: Within 30 days

8. Children's Privacy

Aumavi is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

9. International Data Transfers

Your data is primarily stored and processed in India. When we use third-party services that may process data internationally, we ensure they maintain appropriate security measures.

For exchange integrations (MEXC, CoinDCX), data is transmitted directly to their servers in their respective jurisdictions as necessary to provide our services.

10. Cookies and Tracking

We use cookies and similar technologies as described in our Cookie Policy. Essential cookies are required for the Platform to function properly.

11. Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated Policy on this page
• Updating the “Last Updated” date
• Sending an email notification for significant changes

Your continued use of the Platform after changes constitutes acceptance of the updated Policy.

13. Grievance Officer

In accordance with the Information Technology Act, 2000 and related rules, we have appointed a Grievance Officer to address any concerns:

• Name: Grievance Officer, LaxharTech
• Email: [email protected]
• Address: LaxharTech, New Delhi, India
• Response Time: Within 30 days of receiving the complaint

14. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

• Email: [email protected]
• General Support: [email protected]
• Website: https://aumavi.laxhartech.com/contact
• Address: LaxharTech, New Delhi, India

By using Aumavi, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described.