



ElquoAI is architected as a self-hosted private instance. All configurations, API credentials, SQLite databases, and trade history parameters are stored locally within your secure Fly.io volume (`/data`) or local machine directory.
No External Data Sharing: We do not operate central telemetry tracking or sell data. Your API keys, private credentials, and trade signals are never transmitted to third parties, except directly to the exchange API nodes via secure HTTPS endpoints.
Our web interface uses basic, secure HTTP cookies to identify authenticated sessions:
Session Cookie: Temporary cookie expiring after 1 hour of user inactivity to auto-logout and protect the configurations console.
Remember Me Cookie: If you explicitly select "Remember me for 3 days" on the metallic login screen, a secure cookie is written with a 3-day duration to preserve access. No marketing or tracking cookies are utilized.
To protect your instance from unauthorized access, the server monitors failed login attempts locally.
Attempt History: Incorrect PIN inputs record the count and timestamps in `login_security.json` to trigger the 5-minute and 10-minute lockout phases, as well as permanent console freeze on the 5th attempt.
Remote Reset: Lockouts can only be cleared remotely by the instance owner via direct shell execution (`python maintenance.py --unblock-login`).