CopyTrail

Privacy Policy

Last updated: 2026-05-18

This Policy describes how CopyTrail collects, uses, and protects your data. We comply with GDPR, CCPA, and the Korean Personal Information Protection Act.

1. Data We Collect

  • Required: email, password hash
  • Payment: Stripe Customer ID (we never store card details — Stripe handles it directly)
  • Trading ops: Polymarket username, wallet address, AES-256-GCM encrypted private key
  • Automatically collected: IP, browser info, trade history (for service operation)

2. Purposes

  • Running the copy-trading bot
  • Processing payments and managing subscriptions
  • Legal compliance (tax, dispute resolution)
  • Security (anomaly detection)

3. Sub-processors

  • Supabase (auth, DB) — US-hosted
  • Stripe (payments) — US / Ireland
  • Vercel (web hosting) — global edge
  • Fly.io (bot hosting) — Tokyo region
  • Alchemy/Quicknode (Polygon RPC)
  • Telegram (operator alerts — optional)

4. Retention

  • Account: signup until 30 days after cancellation (incl. backups)
  • Trade history: 5 years (tax records)
  • Encrypted private key: permanently deleted on member request
  • Logs: 90 days (security, debugging)

5. Your Rights (GDPR / CCPA / K-PIPA)

  • Right to access, rectify, or erase your data
  • Right to withdraw consent
  • Right to data portability (JSON export)
  • Right to object to automated decision-making

Request via: privacy@copytrail.io

6. Security

  • All traffic HTTPS / TLS 1.3
  • Wallet private keys: AES-256-GCM (+ optional AWS KMS)
  • Passwords: bcrypt hash (Supabase Auth)
  • Admin access: IP whitelist + separate vault password + audit log

7. Cookies

Essential cookies (session, language) work without consent. Analytics cookies load only with your explicit opt-in via the consent banner.

8. Minors

We do not knowingly collect data from anyone under 18. Such accounts are terminated immediately.

Contact: privacy@copytrail.io