PolySpyPolySpy

Privacy Policy

Last updated: March 16, 2026

1. Information We Collect

We collect the following categories of information when you use PolySpy:

Account Information

When you register, we collect your email address and password. Authentication is handled through Firebase Authentication. Passwords are hashed by Firebase and are never accessible to PolySpy in plaintext.

API Keys & Credentials

If you choose to enable live trading or Telegram alerts, you provide your Polymarket API keys and/or Telegram bot credentials. These are encrypted using AWS Key Management Service (KMS) envelope encryption before storage. We never store API keys or credentials in plaintext. Each user's credentials are encrypted with a unique data key.

Usage Data

We collect information about how you interact with the Service, including pages visited, features used, strategy configurations, backtest parameters, and timestamps. This data helps us improve the Service and diagnose issues.

Trading Activity

We store records of trades executed through the Service (including paper and live trades), strategy performance metrics, and backtesting results. This data is associated with your account and is used to provide the Service functionality.

2. How We Use Information

We use your information to:

  • Provide, operate, and maintain the Service, including executing strategies and delivering alerts.
  • Process your subscription and manage billing.
  • Send transactional communications such as account confirmations, billing receipts, and security alerts.
  • Analyze usage patterns to improve the Service, fix bugs, and develop new features.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations.

We do not use your API keys, credentials, or trading data for any purpose other than providing the Service to you.

3. Data Storage & Security

We take the security of your data seriously and employ industry-standard measures:

  • Authentication: User accounts are managed through Firebase Authentication with email/password sign-in.
  • Encryption at rest: Polymarket API keys and Telegram credentials are encrypted using AWS KMS envelope encryption. Each user's sensitive data is encrypted with a unique data encryption key, which is itself encrypted by an AWS KMS customer master key.
  • Encryption in transit: All communication between your browser and our servers is encrypted via TLS/HTTPS.
  • Infrastructure: The Service is hosted on Fly.io with isolated application containers. Database connections are encrypted and access is restricted to the application layer.

While we implement strong safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following limited circumstances:

  • Service providers: We use third-party services to operate the platform, including Firebase (authentication), AWS (encryption), Fly.io (hosting), and payment processors (billing). These providers receive only the minimum data necessary to perform their services.
  • Legal requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.

5. Cookies & Analytics

PolySpy uses essential cookies required for the Service to function, including session management and authentication state.

We may use privacy-respecting analytics tools to understand aggregate usage patterns. We do not use third-party advertising cookies or trackers. We do not build advertising profiles from your usage data.

6. Data Retention

We retain your account information and trading data for as long as your account is active or as needed to provide the Service. Backtesting results and strategy configurations are retained indefinitely while your account exists.

If you delete your account, we will delete your personal information, encrypted API keys, and credentials within 30 days. Anonymized, aggregated data that cannot be used to identify you may be retained for analytical purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data. You can delete your account at any time through your account settings.
  • Portability: Request an export of your data in a machine-readable format.
  • Objection: Object to certain processing of your personal data.

To exercise any of these rights, contact us at support@polyspy.app. We will respond to your request within 30 days.

8. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at support@polyspy.app.

9. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries outside your country of residence, which may have different data protection rules. We take steps to ensure that your data receives an adequate level of protection wherever it is processed.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates the most recent revision. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised policy.

11. Contact

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at support@polyspy.app.