Privacy Policy

Wallet address. The public address of the wallet you connect — embedded (Reown social) or injected (MetaMask, Rabby, hardware) — is logged with every server-action write so we can verify your EIP-712 signatures.

X handle (optional). If you sign in with X, your handle is bound to your wallet via a typed signature and stored alongside your account.

IP-derived country code. We resolve your request IP to a country at the edge for rate-limit and jurisdiction checks. We do not store the raw IP next to your account.

Optional profile bio. If you fill in a bio on your profile page, we store the text you submit.

Trading-derived data. We read your positions, fills, and account value from Hyperliquid using your public address — we do not store these long-term, we read them on demand.

No email, phone number, legal name, government ID, date of birth, or other traditional personal identifiers. Authentication is via wallet signature; we never see a password.

No private keys, seed phrases, or signed-message contents beyond what we explicitly need to verify (each EIP-712 payload is verified at the edge and discarded after).

No analytics fingerprinting, advertising cookies, or third-party trackers in the trading app.

Reown (formerly WalletConnect) — handles social login, embedded wallet creation, and the underlying RPC for signed transactions. See Reown’s privacy policy for what they collect on their side.

Supabase — hosts our database (theses, follows, X-handle bindings, profile bios). Data is encrypted at rest by Supabase.

Vercel — hosts the frontend, edge middleware, and our limited server actions. Vercel sees your IP, user agent, and request paths in standard server logs.

Hyperliquid — receives every trade, deposit, and withdrawal you submit. Their validator network is the source of truth for your balances and positions.

Onramp partners — used when you fund your account via Apple Pay or card. They independently collect and process payment information under their own privacy policies.

We use cookies for authentication state only — to remember which wallet you connected and keep your session alive across page loads. We do not use cookies for advertising or cross-site tracking.

Account-tied records (wallet address, X-handle binding, bio, theses, follows) are retained while your account is active and for up to twelve months after your last session, then purged unless we are required to retain them by law.

Server logs (IPs, request paths, user agents) are retained on Vercel for a rolling thirty-day window and then aged out.

You can request deletion of your account-tied records at any time by emailing the address in the contact section below. We will action it within thirty days unless we are legally required to preserve it.

If your account has been flagged or banned (the account-banned flag), you can still request deletion of your bio, theses, and follows. The wallet–handle binding may be retained for fraud prevention.

If you are an EU/UK resident, you also have the rights of access, rectification, restriction, and portability under GDPR/UK-GDPR. Use the same contact channel.

Questions about this policy or a deletion request: ping us via the link on the support page. A licensed attorney should review this document before public launch.