Privacy Policy

What we collect, how we protect it, and what we never do with it. NiftyX runs on a single server and stores only what is needed to operate your terminal.

1. Information We Collect

To run your account and connect to your broker, we store:

• Account info: name, email address, hashed password.
• Broker credentials: your API key, API secret, and daily access token, encrypted at rest.
• Position data: trades you have placed through NiftyX, configured target/breach values, and watcher state.
• Imported positions: only positions you have explicitly imported from your broker via the import dialog.
• Server logs: request URLs, IP addresses, timestamps, and error traces — for operational monitoring.

We do not collect bank details, payment information, KYC documents, or your broker login (we never see your broker password).

2. How We Use Your Information

• To authenticate your NiftyX login.
• To connect to your broker and execute orders you initiate.
• To display your positions, P&L, watchers, and orders in the terminal.
• To monitor service health and investigate issues.
• To contact you about your account, security incidents, or material service changes.

We do not use your information for advertising, profiling, or marketing to third parties.

3. Broker Credentials

Your broker API key, API secret, and access tokens are stored encrypted. They are decrypted only in memory at the moment a request is made to your broker. They are never:

• Displayed back to you in plain text after you save them.
• Shared with any third party.
• Used for any purpose other than the broker actions you initiate.

You can replace or delete your broker credentials at any time from the broker connect screen.

4. Data Security

We protect your data with:

• Password hashing (one-way; we cannot recover your password).
• Encrypted storage of broker credentials and access tokens.
• HTTPS for all browser ↔ server communication.
• JWT-based session tokens with a 24-hour expiry.
• Separation of users: your data is never visible to another NiftyX user.

No system is perfectly secure. If you suspect your account has been compromised, contact support@niftyx.co immediately.

5. What We Share

We do not sell your data. We do not share it with marketers, brokers other than the one you have connected, or any third party — except:

• Your broker: orders and lookups are sent to the broker you have connected, using your credentials.
• Hosting / infrastructure: our server runs on a cloud provider (currently Vultr Mumbai). Encrypted data sits on their disks.
• Legal requirements: when compelled by valid Indian legal process.

6. Cookies & Local Storage

NiftyX uses your browser's localStorage (not third-party cookies) to store:

• Your JWT login token.
• Cached user profile (name, email).
• A short-lived flag set after broker OAuth redirects, used only to confirm a successful connection.

These items are removed when you log out. We do not use third-party analytics, tracking pixels, or advertising cookies.

7. Data Retention

Your account data is retained while your account is active. Server logs are retained for up to 90 days for operational and security purposes. On account closure your data is deleted within 30 days, except where retention is required by law.

8. Your Rights

You can:

• Request a copy of your stored data.
• Correct any inaccurate information.
• Delete your account and all associated data.
• Withdraw broker credentials at any time.

Email support@niftyx.co for any of the above.

9. Children

NiftyX is not for users under 18. We do not knowingly collect data from minors. If you believe a minor has registered, contact us and we will delete the account.

10. Changes to This Policy

We may update this policy as the service evolves (including upon vendor empanelment). Material changes will be communicated via email or in-app notice. The effective date at the top will reflect the latest version.

11. Contact

Privacy questions: support@niftyx.co