Privacy Policy

Effective date: March 1, 2026

Trade Oracle ("we," "us," or "our") operates the Trade Oracle platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

1. Information We Collect

1.1 Information You Provide

• Username: A username you choose during registration. This is the only personally identifying information we require.
• Wallet Address: Your Hyperliquid wallet address (0x…), which you provide voluntarily to enable trade syncing. This address is publicly visible on the blockchain.
• Trading Preferences: Optional settings such as experience level, trading style, risk parameters, and goals that you configure in your profile.
• Journal Entries: Notes, ratings, and tags you add to your trades.
• Trading Rules: Rules you create or accept from AI suggestions.

1.2 Information Collected Automatically

• Trade Data: When you connect your Hyperliquid wallet, we automatically sync your publicly available trade history from the Hyperliquid API. This includes trade entries, exits, prices, sizes, P&L, and funding data.
• Session Data: We store a session cookie to keep you logged in. Session tokens are cryptographically hashed before storage.
• WebAuthn Credential Metadata: Public key credential data required for passkey authentication. We never store passwords.

1.3 Information We Do NOT Collect

• We do not collect passwords (we use passwordless passkey authentication).
• We do not collect private keys or seed phrases.
• We do not have the ability to execute trades on your behalf.
• We do not collect email addresses, phone numbers, or physical addresses.
• We do not use third-party tracking cookies or advertising pixels.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Display your trade history, analytics, and performance metrics.
• Generate AI-powered insights and analysis based on your trading data (using Anthropic's Claude AI). These insights are for informational purposes only and do not constitute financial advice.
• Improve the Service and develop new features.
• Authenticate your identity and maintain session security.

3. Data Storage and Security

• Database: Your data is stored in a Supabase-managed PostgreSQL database with Row-Level Security policies enabled.
• Encryption in Transit: All connections between your browser, our servers, and our database use TLS encryption (HTTPS).
• Session Security: Session tokens are SHA-256 hashed before database storage. Cookies are HTTP-only, Secure, and SameSite.
• Authentication: We use WebAuthn/passkey authentication — no passwords are ever stored or transmitted.
• API Security: All API endpoints are rate-limited and protected with security headers (Content-Security-Policy, HSTS, X-Frame-Options, etc.).

4. Third-Party Services

We use the following third-party services to operate the platform:

• Hyperliquid API: To fetch your publicly available trade history and market data. We access only public data associated with the wallet address you provide.
• Anthropic (Claude AI): To generate AI-powered trading insights and analysis. Your trading data (aggregated metrics, not raw credentials) may be sent to Anthropic's API to generate these insights.
• TradingView: To render interactive price charts. TradingView widgets are embedded via their public charting library.
• Vercel: Our hosting provider for both frontend and serverless backend functions.
• Supabase: Our database provider (managed PostgreSQL).

Each third-party service has its own privacy policy. We encourage you to review them.

5. Data Retention and Deletion

• Your data is retained for as long as your account is active.
• Sessions expire automatically after the configured period (default: 14 days).
• WebAuthn challenge data is automatically purged after expiration.
• If you wish to delete your account and all associated data, please contact us. Upon deletion, all trade data, journal entries, AI insights, trading rules, and session data will be permanently removed.

6. Cookies

We use a single session cookie to maintain your authenticated session. This cookie is:

• HTTP-only: Cannot be accessed by JavaScript, protecting against XSS attacks.
• Secure: Only transmitted over encrypted HTTPS connections.
• SameSite (Lax): Provides protection against CSRF attacks.

We do not use advertising cookies, analytics cookies, or any third-party tracking cookies.

7. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate information in your profile.
• Delete your account and all associated data.
• Export your trade data.
• Withdraw consent by discontinuing use of the Service.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have collected data from someone under 18, we will take steps to delete it promptly.

9. International Data Transfers

Your data may be processed and stored in locations outside your country of residence, including the United States, where our infrastructure providers operate. By using the Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date at the top of this page. We encourage you to review this Privacy Policy periodically. Continued use of the Service after changes constitutes acceptance of the revised Privacy Policy.

11. Financial Disclaimer

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please reach out to us via our Discord community or X (Twitter) account.