At DrawLine, we understand that your trading data and API keys are sensitive assets. Our infrastructure is built with a 'privacy-by-default' approach. We collect only what is strictly necessary to perform automated risk enforcement and provide you with behavioral insights.
Account Data: Email address, name (optional), and timezone to sync Guardian reset periods.
Exchange Data: API Keys and Secrets. These are encrypted at rest. We pull position data, trade history, and account balances to compute your Guardian status.
Behavioral Data: Reflection notes, emotion tags, and ad-hoc annotations. This data is used to generate your 'Insights' report.
- To monitor your exchange activity in real-time for rule breaches.
- To execute auto-close orders (Sentinel plan only) as per your configuration.
- To provide performance analytics and equity curve visualizations.
- We do not sell your individual trading data to third-party hedge funds or data brokers.
Your API Secret is never stored in plain text. We use AES-256-GCM encryption with keys managed through secure environment secrets. Our workers only decrypt your keys in volatile memory during the duration of an active API request to your exchange.
We use AWS for hosting, Redis for job queuing, and Postmark/FCM for notifications. These providers process data according to our instructions and are prohibited from using your data for their own purposes.
You have full ownership of your data. You may delete your account at any time from Settings → Account → Delete account. Upon deletion, all associated API keys, trade records, and behavioral data are purged from our active databases immediately. This action is irreversible.