Legal

Privacy Policy

Last updated: March 1, 2026

This Privacy Policy describes how PolyWhale ("we", "us", or "our") collects, uses, and shares information about you when you use our platform and services. We are committed to handling your information with care and transparency.

1. Information We Collect

Information you provide directly

  • Account information: When you register, we collect your email address and a hashed version of your password. We do not store passwords in plain text.
  • Payment information: Subscription payments are processed by Stripe. We do not store your full card details. Stripe's privacy policy governs payment data.
  • API credentials: If you provide Polymarket API keys to enable automated trading, these are stored encrypted at rest using AES-256-GCM. We never log or expose your API keys in plain text.

Information collected automatically

  • Usage data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
  • Log data: Our servers automatically record technical information including IP address, browser type, operating system, referring URLs, and timestamps.
  • Cookies: We use essential cookies to maintain your session and authentication state. We do not use advertising or third-party tracking cookies.

On-chain data

PolyWhale monitors publicly visible on-chain wallet activity on the Polymarket exchange. This data is public by nature — it exists on the blockchain regardless of our Service. We aggregate and display this data to provide our whale-tracking features.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process your subscription and manage your account.
  • Execute automated trades on your behalf when you have enabled this feature and provided API credentials.
  • Send transactional emails such as account confirmations, password resets, and billing notifications.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with applicable legal obligations.

3. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

  • Service providers: We share information with third-party vendors who help us operate the Service, including Supabase (database and authentication) and Stripe (payment processing). These providers are contractually bound to use your data only as necessary to provide their services.
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business transfers: If PolyWhale is acquired or merges with another company, your information may be transferred as part of that transaction.
  • With your consent: We may share your information for any other purpose with your explicit consent.

4. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

Trade execution logs may be retained for up to 12 months for audit and support purposes. Anonymised, aggregated usage data may be retained indefinitely.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • TLS 1.3 encryption for all data in transit.
  • AES-256-GCM encryption for sensitive data at rest, including API credentials.
  • Zero-trust vault architecture for credential storage.
  • Regular security reviews and access controls.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your personal information.
  • Object to or restrict certain processing of your information.
  • Data portability — receive a copy of your data in a machine-readable format.

To exercise any of these rights, please contact us through our community channels. We will respond to all requests within 30 days.

7. Cookies

We use strictly necessary cookies to operate the Service, including session authentication cookies. We do not use advertising cookies, cross-site tracking cookies, or sell cookie data to third parties. You can configure your browser to refuse cookies, but this may prevent you from using certain features of the Service.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.

9. International Data Transfers

Our infrastructure operates across multiple regions. By using the Service, you acknowledge that your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for any international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

11. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us through our official community channels listed on the PolyWhale website.

Terms of Service →Risk Disclosure →