Back to Home

Privacy Policy

Last Updated: January 9, 2026

1. Introduction

Welcome to Polycopy. We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this Privacy Policy carefully.

By using Polycopy, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

2. Information We Collect

2.1 Account Data

When you create an account on Polycopy, we collect your email address for authentication and communication purposes. We use passwordless "magic link" authentication through Supabase, which means you log in via a secure link sent to your email rather than a traditional password.

2.2 Wallet Information (Premium Users Only)

If you subscribe to Polycopy Premium and connect your Polymarket wallet, we collect:

  • Public wallet address: Your Ethereum/Polygon wallet address associated with your Polymarket account
  • Turnkey wallet identifiers: References to your wallet stored in Turnkey's infrastructure (organization ID, user ID, wallet ID)

IMPORTANT: We never collect, receive, access, or store your private keys or recovery phrases. Wallet connection and private key management are handled entirely by Turnkey, a third-party wallet infrastructure provider. Your private key is encrypted in your browser and sent directly to Turnkey's secure servers. Polycopy has zero access to your unencrypted private key at any time.

2.3 Blockchain and Trading Data

We collect and display public blockchain data and trading activity from Polymarket, including:

  • Public wallet addresses of traders you choose to follow
  • Trading activity, positions, and performance metrics available through Polymarket's public APIs and the Polygon blockchain
  • Market data, prices, and outcomes from prediction markets
  • Transaction history, trade timestamps, and trade amounts

This data is publicly available on the blockchain and through Polymarket's platform. We aggregate and display this information to provide our Service.

2.4 Usage Data

We automatically collect certain information when you visit and use the Service, including:

  • Browser type and version
  • Device type and operating system
  • IP address (which may be anonymized)
  • Pages visited and features used
  • Time and date of visits
  • Time spent on pages
  • Referring website addresses
  • Click patterns and navigation paths

2.5 User-Generated Data

We store information about your use of the Service, including:

  • Traders you follow
  • Trades you mark as "copied" (for tracking purposes)
  • Your performance tracking data (entry prices, amounts invested, exit prices)
  • Your preferences and settings
  • Notification preferences
  • Onboarding completion status

2.6 Payment Information

If you subscribe to Polycopy Premium, payment processing is handled by Stripe. We collect:

  • Stripe customer ID: A reference linking your Polycopy account to your Stripe customer profile
  • Subscription status: Whether you have an active premium subscription
  • Subscription dates: When you subscribed and when your subscription renews

We do NOT collect or store your credit card numbers, CVV codes, or other payment card details. All payment information is processed and stored securely by Stripe.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide the Service: To create and manage your account, display trading data, enable you to follow traders, track performance, and execute trades (premium users)
  • Authentication: To send magic link authentication emails when you log in and verify your identity
  • Trade Execution (Premium): To submit trades to Polymarket on your behalf using your connected wallet when you explicitly authorize a trade
  • Payment Processing: To process premium subscriptions, manage billing, and handle cancellations through Stripe
  • Notifications: To send you email notifications about trading activity from traders you follow (if you enable this feature)
  • Analytics: To understand how users interact with our Service, identify popular features, and improve functionality
  • Display Leaderboards: To aggregate and display trader performance metrics and rankings based on public blockchain data
  • Service Improvements: To diagnose technical issues, improve our algorithms, develop new features, and enhance user experience
  • Communication: To respond to your inquiries, provide customer support, and send important service announcements
  • Security: To detect and prevent fraud, abuse, security incidents, and other harmful activity
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests

4. Third-Party Services

We use the following third-party services to operate Polycopy. Each service has its own privacy policy that governs how they handle your data:

4.1 Supabase (Authentication & Database)

We use Supabase for authentication and database services. Your email address, account data, and user preferences are stored on Supabase's secure infrastructure. Supabase's privacy policy can be found at supabase.com/privacy.

4.2 Turnkey (Wallet Infrastructure - Premium Only)

Premium users who connect their wallets use Turnkey for secure private key management. Turnkey encrypts and stores your private key using enterprise-grade security. Polycopy never has access to your unencrypted private key. Turnkey's privacy policy can be found at turnkey.com/privacy-policy.

4.3 Stripe (Payment Processing)

We use Stripe to process premium subscription payments. Your payment card information is transmitted directly to Stripe and is never stored on our servers. We only receive a Stripe customer ID and subscription status from Stripe. Stripe's privacy policy can be found at stripe.com/privacy.

4.4 Vercel (Hosting)

Our Service is hosted on Vercel's infrastructure. Vercel may collect anonymized usage data as part of their hosting services, such as request logs and performance metrics. Vercel's privacy policy can be found at vercel.com/legal/privacy-policy.

4.5 Resend (Email Delivery)

We use Resend to deliver transactional emails, including magic link authentication emails and trade notifications. Your email address is shared with Resend for delivery purposes. Resend's privacy policy can be found at resend.com/legal/privacy-policy.

4.6 Polymarket APIs & Polygon Blockchain

We fetch public blockchain and trading data from Polymarket's APIs and the Polygon blockchain to display trader information and market data. This data is publicly available and does not require sharing your personal information with Polymarket through our Service. When premium users execute trades, those transactions are submitted directly to Polymarket and recorded on the Polygon blockchain.

4.7 Google Analytics

We use Google Analytics to analyze usage patterns and improve our Service. Google Analytics collects information about your visit, including pages viewed, time spent, interactions, and anonymized demographic information. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

4.8 Mixpanel & Marketing Pixels (Planned)

We plan to integrate Mixpanel for advanced product analytics and may add marketing pixels from Google, Meta (Facebook), X (Twitter), and other platforms for advertising and conversion tracking. We will update this privacy policy before implementing these services.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

  • Service Providers: We share data with third-party service providers (listed above) who help us operate the Service
  • Legal Requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities
  • Business Transfers: If Polycopy is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction
  • With Your Consent: We may share your information with third parties when you give us explicit consent to do so

6. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

6.1 Account Data

When you delete your account, we will delete your email address and personal account data from our systems within 30 days. However:

  • We may retain anonymized usage data and aggregated statistics for analytics purposes
  • Publicly available blockchain data will remain accessible on the blockchain
  • Backup copies may exist for a limited time in our disaster recovery systems

6.2 Wallet Data (Premium Users)

When you disconnect your wallet or delete your account, we will delete your wallet address from our database. Your encrypted private key stored in Turnkey's infrastructure is subject to Turnkey's data retention policies. Contact Turnkey directly at support@turnkey.com to request deletion of your private key from their systems.

6.3 Payment Data

Payment data is retained by Stripe according to their data retention policies and legal requirements. We retain your Stripe customer ID for as long as you have an account with us or as required by law for tax and accounting purposes.

6.4 Legal Retention

We may retain certain information for longer periods if required by law, to comply with legal obligations, resolve disputes, enforce our agreements, or prevent fraud and abuse.

7. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

Our security measures include:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
  • Encryption at rest: Sensitive data stored in our database is encrypted
  • Secure authentication: Passwordless magic link authentication through Supabase reduces credential theft risk
  • Private key security: Your private keys are never stored on our servers and are managed exclusively by Turnkey using hardware security modules (HSMs)
  • Access controls: Strict access controls and authentication requirements for our systems and databases
  • Regular security updates: Continuous monitoring and updates to address security vulnerabilities
  • Secure payment processing: PCI-DSS compliant payment processing through Stripe
  • Security audits: Regular security reviews and testing of our infrastructure

Your Responsibilities: You are responsible for maintaining the security of your email account (used for authentication) and any devices you use to access Polycopy. We recommend enabling two-factor authentication on your email and using a strong, unique password.

8. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

8.1 General Rights

  • Access: You can request a copy of the personal information we hold about you
  • Correction: You can update your account information through your profile settings
  • Deletion: You can request deletion of your account and personal information by contacting support@polycopy.app
  • Data Portability: You can request a copy of your data in a machine-readable format (JSON/CSV)
  • Opt-Out: You can opt out of email notifications through your account settings
  • Object to Processing: You can object to certain types of data processing
  • Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

8.2 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, disclose, and sell
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

8.3 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with your local data protection authority

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at support@polycopy.app. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. Cookies are small data files stored on your device that help us remember your preferences and improve functionality.

We use the following types of cookies:

  • Essential Cookies: Required for authentication and basic functionality
  • Analytics Cookies: Help us understand how users interact with the Service
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of the Service.

10. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.

11. International Data Transfers

Polycopy operates globally, and your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from the laws of your jurisdiction.

When we transfer personal data from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards such as:

  • Standard Contractual Clauses approved by the European Commission
  • Ensuring our service providers participate in recognized privacy frameworks
  • Other legally approved transfer mechanisms

By using the Service, you acknowledge and consent to the transfer of your information to the United States and other countries where our service providers operate, including:

  • Supabase: United States
  • Stripe: United States (with regional data centers)
  • Turnkey: United States
  • Vercel: United States (with global edge network)
  • Google Analytics: United States

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Sending an email to the address associated with your account
  • Posting a prominent notice on the Service
  • Updating the "Last Updated" date at the top of this policy

We will provide notice at least 30 days before material changes take effect. Your continued use of the Service after the effective date of any changes indicates your acceptance of the updated Privacy Policy. If you do not agree to the changes, you should stop using the Service and may delete your account.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Do Not Track Signals

Some browsers include a "Do Not Track" (DNT) feature that signals websites you visit that you do not want to have your online activity tracked. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to DNT signals. We will continue to monitor developments around DNT technology and may implement such support in the future.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you and relevant regulatory authorities as required by applicable law. Notification will be provided without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

We will provide information about the breach, including:

  • The nature of the breach and categories of data affected
  • The likely consequences of the breach
  • Measures we have taken or propose to take to address the breach
  • Contact information for questions or concerns

15. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@polycopy.app

Response Time: We aim to respond to all privacy inquiries within 30 days.

For data protection inquiries from EEA, UK, or Swiss residents, you may also contact your local data protection authority.

By using Polycopy, you acknowledge that you have read and understood this Privacy Policy.