Privacy Policy
Last updated: 2026-04-24
What we collect
- Email address — required for signup and password reset. Nothing else is mandatory.
- Hashed password — bcrypt, never plaintext.
- Optional phone — only if user explicitly enrolls (currently unused).
- Deposit/withdraw transaction hashes — already public on the BTC and Arbitrum chains.
- Sender wallet addresses for self-serve USDC claims (EIP-191
personal_sign).
What we do NOT collect
- Government ID, passport, driver's license, or any KYC document.
- Real name, date of birth, residential address.
- Browser fingerprints, third-party advertising cookies, or profiling analytics.
- Tor exit node IP addresses are not logged or persisted.
Where data lives
- Account data: self-hosted PostgreSQL — not a third-party SaaS.
- Clearnet traffic: passes through Cloudflare (TLS + DDoS protection).
- Tor v3 hidden-service traffic does not pass through Cloudflare.
- Trading instructions routed to Hyperliquid L1; the platform's signer address is publicly auditable on-chain.
Third parties
- Cloudflare — clearnet edge / DDoS protection.
- Hyperliquid L1 — order routing and USDC custody.
- ChangeNOW / SimpleSwap / Guardarian — fiat on-ramp partners (link-outs only).
- We do not sell, rent, or share data with marketing brokers.
Account deletion
Email [email protected] from your signup address requesting deletion. Account row, balances, and transaction history are wiped. On-chain transactions remain on the public ledger (we cannot erase those).