Privacy Notice · v4 · April 2026
A privacy notice written for wallet-first users
Most privacy policies copy boilerplate from the SaaS era. This one does not. Polymarket Copy Trade is non-custodial: the only identifier we store about you is the public wallet address you connect with MetaMask. Everything below is written around that reality.
At a glance
- We never receive, request, or store your seed phrase or private keys.
- We do not perform traditional KYC — no passport photos, utility bills, or selfies.
- We do collect your wallet address and the copy-trading settings you save server-side.
- We route payments through smart-contract calls, not card processors.
- Analytics are first-party, aggregated, and stripped of wallet addresses before warehousing.
1. What we actually see when you log in
The moment you click Connect Wallet, three pieces of information arrive on our servers — nothing more:
Public address
A 42-character hex string, e.g. 0x5A…39B. This is already visible to the whole world on Polygonscan.
Signed nonce
Proof you hold the private key, generated with EIP-4361 / Sign-In With Ethereum. Cannot be replayed.
User-agent + IP
Standard HTTP metadata. Truncated to /24 (IPv4) or /56 (IPv6) and deleted after 14 days.
Nothing else
No email, no password, no phone, no government ID. No Google/Facebook SSO. Wallet is the single identity primitive.
2. The end-to-end data flow
Follow a single copy-trade from the moment it is detected on-chain to the moment it is settled:
- Indexer → our infrastructure subscribes to Polygon logs and notices a tracked wallet buying a Yes share.
- Rule engine → matches the event against your saved
copyBotConfig(position size, filters, profit target). - Signer gateway → builds an unsigned transaction and hands it to your wallet session for signing. We never hold keys.
- Broadcast → the signed tx hits Polygon via a public RPC. The transaction hash is written to our database against your address.
- Settlement log → once Polymarket resolves the market, we fetch the PnL and display it on your dashboard. No third party receives this data.
3. Purposes & legal bases (GDPR Art. 6)
| Data | Purpose | Lawful basis |
|---|---|---|
| Wallet address | Identify your account; attribute trades | Art. 6(1)(b) — Contract |
| Copy-bot configuration | Execute the service you pay for | Art. 6(1)(b) — Contract |
| Truncated IP / user agent | Rate-limiting, abuse and fraud prevention | Art. 6(1)(f) — Legitimate interest |
| Support ticket content | Resolve your request; quality review | Art. 6(1)(b) — Contract |
| Aggregated dashboard analytics | Improve the UI | Art. 6(1)(f) — Legitimate interest |
| Payment transaction hashes | Accounting; tax compliance | Art. 6(1)(c) — Legal obligation |
4. Sub-processors we rely on
These are the only third parties that see any fragment of your data. We keep the list short on purpose.
- Cloudflare, Inc. (US/EU) — DDoS shielding and TLS termination.
- Hetzner Online GmbH (Germany) — primary application servers (EU data residency).
- Alchemy / QuickNode — Polygon RPC access; they only observe the RPC calls our backend makes.
- Plausible Analytics (EU) — privacy-friendly page-view counter; no cookies, no wallet addresses.
- Postmark (US) — transactional email only, triggered by you (e.g. ticket replies).
5. Retention schedule
| Data category | Retention | Trigger for deletion |
|---|---|---|
| Wallet address + bot config | Account lifetime | "Delete account" or 24 months of inactivity |
| IP / user-agent logs | 14 days | Rolling TTL purge |
| Copy-trade execution records | 7 years | Accounting law (many jurisdictions) |
| Support tickets | 24 months | Rolling purge after resolution |
| Aggregated analytics | Indefinite | Already anonymous; no personal data |
6. Your rights & how to exercise them
Depending on where you live, you can exercise the rights below. Because we identify you by wallet, we authenticate every request with a fresh on-chain signature — do not email a scan of your ID, we cannot use it.
- Access / portability — JSON export from Settings → Data export.
- Rectification — edit bot configuration directly; address itself cannot be changed.
- Erasure — Settings → Delete account. Your off-chain data is purged within 30 days. On-chain transactions cannot be erased; that is a protocol-level property of Polygon, not a policy choice.
- Objection / restriction — email the DPO; we pause processing during review.
- CCPA "Do Not Sell" — already applied globally. We do not sell data.
7. On-chain data is forever
Once a trade is signed by your wallet and broadcast to Polygon, it is replicated by thousands of independent nodes. Neither we nor anyone else can rewrite the ledger. If you need to dissociate yourself from a public address, the correct approach is to migrate funds to a new wallet and connect that one instead — this is a blockchain limitation, not a gap in our policy.
8. Minors & restricted regions
The service is only offered to users 18+. We also block connections from jurisdictions where prediction markets are prohibited (currently US states that restrict Polymarket access, as well as sanctioned regions). Geo-blocks are enforced at the Cloudflare edge and no personal data is retained for blocked requests beyond a short, anonymised audit log.
9. Security posture (in plain English)
- TLS 1.3 everywhere; HSTS with preload; certificate transparency monitoring.
- Application secrets held in HashiCorp Vault with role-scoped, audit-logged access.
- Database at rest encrypted with LUKS + per-tenant column encryption for bot configs.
- Quarterly third-party penetration tests; Bug Bounty program for responsible disclosure.
- Production access requires hardware 2FA (WebAuthn) — no SMS, no shared passwords.
10. Contact the Data Protection Officer
For privacy requests, data export, deletion, or complaints, write to our DPO. We respond within 30 days; typical turnaround is 5 business days.
Open a privacy ticket