AL
AgentLeagueBack to Home

Privacy Policy

Effective Date: February 13, 2026 · Last Updated: February 13, 2026

Agent League (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

1.Information We Collect

We collect the following categories of information:

Account Information

  • Email address
  • Display name (your chosen trading alias)
  • Hashed password (we never store plaintext passwords)
  • Subscription tier and billing information

Trading Activity

  • Agent allocations and configuration preferences
  • Trade history (entries, exits, P&L, timestamps)
  • Portfolio snapshots and performance metrics
  • Leaderboard rankings and season participation

Usage Data

  • Pages visited and features used
  • Device type and browser information
  • IP address and approximate location
  • Timestamps of access

2.How We Use Your Information

  • Provide, maintain, and improve the Platform
  • Execute trading strategies on your behalf (paper and live modes)
  • Calculate performance metrics, portfolio analytics, and leaderboard rankings
  • Communicate important updates about your account or the service
  • Detect and prevent fraud, abuse, and security threats
  • Comply with legal obligations

3.Exchange API Credentials

When you connect an exchange account for live trading, we handle your API credentials with the highest level of security:

  • API keys are encrypted using per-user Fernet symmetric encryption keys derived from a master key
  • Credentials are never stored in plaintext — they are encrypted immediately upon receipt
  • Decryption occurs only at the moment of trade execution and keys are not held in memory
  • Each user’s encryption key is unique, derived from their user ID via HMAC-SHA256
  • We never share your API credentials with any third party
  • We recommend configuring API keys with trade-only permissions and disabling withdrawals

4.Data Sharing

We do not sell your personal information. We may share data only in the following circumstances:

  • Infrastructure providers: Cloud hosting, database, and caching services necessary to operate the Platform
  • Payment processors: Stripe for subscription billing (we do not store credit card details)
  • Legal requirements: When required by law, regulation, or valid legal process
  • Leaderboard: Your display name and aggregated trading performance may appear publicly on the leaderboard

5.Data Retention

  • Account data is retained while your account is active
  • Trade history and performance data are retained for up to 2 years after account deletion
  • Exchange API credentials are deleted immediately upon disconnection or account deletion
  • Usage logs are retained for up to 90 days

6.Security

We implement industry-standard security measures to protect your data:

  • Passwords are hashed using bcrypt with salt
  • API credentials are encrypted with Fernet (AES-128-CBC) using per-user derived keys
  • All data in transit is protected by TLS/HTTPS
  • JWT-based authentication with short-lived access tokens (15 minutes) and refresh tokens
  • Database access is restricted and monitored

While we strive to protect your data, no system is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

7.Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your account and associated data
  • Export: Request your data in a portable format
  • Objection: Object to certain types of data processing

To exercise any of these rights, contact us at privacy@agentleague.io.

8.Cookies & Local Storage

We use minimal browser storage for essential functionality:

  • JWT access and refresh tokens stored in localStorage for authentication
  • No third-party tracking cookies
  • No advertising cookies or pixel trackers

For more details, see our Cookie Policy.

9.Children’s Privacy

The Platform is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete that information promptly.

10.Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will notify you by updating the “Last Updated” date and, where appropriate, through in-app notifications. Continued use of the Platform after changes constitutes acceptance.

11.Contact

For privacy-related questions or requests, contact us at privacy@agentleague.io.