Privacy Policy

AegisRho Pte. Ltd. (UEN 202412345A), 22 Battery Road, #15-04, Raffles Place, Singapore 049908, is the data controller of personal data processed in connection with the Service. References to “we”, “us”, and “our” mean AegisRho. References to “you” mean any natural person whose personal data we process — typically a Subscriber or prospective Subscriber.

This Policy applies to personal data collected through aegisrho.com, platform.aegisrho.com, our APIs, and any related communications. It does not apply to third parties such as Connected Exchanges, KYC vendors, or analytics providers when they act as their own controllers — please consult their respective policies.

• Account data — name, email, password hash, communication preferences.
• KYC / AML data — government ID, selfie / liveness check, date of birth, residential address, nationality, source-of-funds declarations, screening results against sanctions and PEP lists.
• Trading metadata — Connected Exchange identifier, API key fingerprint (not the secret), copied trade events, position notional, fees accrued. We do not collect the underlying balance or holdings beyond what is necessary to size copied trades.
• Device & technical data — IP address, browser type, operating system, time zone, cookies, session identifiers, approximate geo-location derived from IP.
• Communications — support tickets, emails, chat transcripts, call recordings (where lawful and disclosed).
• Marketing data — newsletter subscription status, campaign click-through events.

• Performance of contract — to provide, operate, and bill for the Service.
• Legal obligation — to comply with AML, CFT, KYC, sanctions screening, tax reporting, and regulatory requests.
• Legitimate interest — to secure the Service, prevent fraud and abuse, improve performance, manage subscriber communications, and defend legal claims.
• Consent — for non-essential cookies, marketing communications, and any other processing for which consent is required by law. You may withdraw consent at any time.

We share personal data only with parties that have a legitimate need and that are bound by appropriate confidentiality and processing terms:

• KYC / AML vendors for identity verification and sanctions screening.
• Payment & billing processors for Copy Fee settlement.
• Cloud infrastructure providers for hosting and security (encrypted at rest and in transit).
• Connected Exchanges — via the API keys you provide; we do not pass profile data, only the trade instructions required for copy trading.
• Analytics & error-reporting providers for product-improvement and uptime monitoring.
• Professional advisers — auditors, lawyers, tax advisers — under professional confidentiality.
• Regulators, law enforcement, and courts when legally compelled or where disclosure is necessary to protect rights, safety, or property.
• Acquirers in the event of a merger, acquisition, or asset sale, subject to equivalent privacy protections.

We do not sell personal data. We do not share personal data with third parties for their own marketing purposes.

AegisRho is headquartered in Singapore. Where we transfer personal data outside your home jurisdiction we rely on appropriate safeguards including Standard Contractual Clauses (for EU/UK data), adequacy decisions where available, and contractual commitments from processors to apply protections at least equivalent to those required under Singapore PDPA.

• Account data — for the duration of the subscription and up to seven (7) years after termination, in line with financial-services record-keeping obligations.
• KYC documentation — five (5) to seven (7) years from the end of the relationship, as required by AML law.
• Trading metadata — seven (7) years, for audit and dispute purposes.
• Marketing data — until you unsubscribe, plus a short suppression-list retention to honour your opt-out.
• Logs & technical data — typically thirty (30) to ninety (90) days, longer where investigation of a security incident is in progress.

We apply technical and organisational measures appropriate to the risk, including encryption at rest and in transit, role-based access controls, hardware-key second-factor authentication for staff, least-privilege IAM, secret rotation, regular penetration testing, and SOC 2 Type II / ISO 27001-aligned operational controls. No security measure can guarantee absolute protection — you are responsible for safeguarding your own credentials and API keys.

Subject to applicable law, you have the right to:

• Access — a copy of the personal data we hold about you.
• Correct — inaccurate or incomplete data.
• Delete — your data, where retention is no longer justified.
• Restrict or object — to certain processing, including for direct marketing.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent — where processing relies on consent.
• Lodge a complaint — with the Personal Data Protection Commission of Singapore, or your local supervisory authority.

To exercise any of these rights, write to [email protected]. We will respond within thirty (30) days, or as required by your local law. We may need to verify your identity before acting on a request.

We use a small number of cookies and similar technologies to operate the Service. Strictly-necessary cookies (authentication, session, CSRF tokens) cannot be disabled. Analytics and preference cookies are subject to your consent, which you can adjust at any time via the cookie banner or the settings page.

We do not use cross-site advertising trackers. We use privacy-preserving product analytics to understand aggregated usage and reliability of the Service.

Some of our compliance checks (KYC verification, sanctions screening, fraud-detection scoring) involve automated processing and may have legal or similarly significant effects on you. You have the right to obtain human review of any decision based solely on automated processing — contact [email protected].

The Service is not directed at, and not intended for use by, persons under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

We may update this Policy from time to time. The “Last Updated” date at the top indicates the most recent revision. Material changes will be notified to active Subscribers by email or in-platform notice. Continued use of the Service after the effective date constitutes acceptance.

Privacy questions and rights requests: [email protected].
General support: [email protected].
Postal: AegisRho Pte. Ltd., 22 Battery Road, #15-04, Raffles Place, Singapore 049908.