TradalloTradallo
Legal

Privacy Policy

Effective April 30, 2026

This Privacy Policy explains what information Tradallo collects, how we use it, who we share it with, and the choices you have. We try to keep this document short, plain, and honest.

Short version: We collect what we need to run your trading journal, verify your trade record, and operate the marketplace. We do not sell your personal information. On-chain attestations are public and permanent by design.

1. Information we collect

From your authentication provider

We use Privy to authenticate you. Depending on the method you choose (passkey, email, Apple, Google, or a connected wallet), we receive:

  • A unique Privy user identifier (DID)
  • Your email address (if you sign in with email or social)
  • The blockchain address of any wallet you connect or that Privy provisions for you
  • Basic profile fields shared by social providers (display name, avatar URL)

From your activity on Tradallo

  • Your handle (chosen at onboarding)
  • Trading accounts you connect or describe (broker, account mode, asset class, hashed account ID)
  • Trade records you log, import, or that we pull from a connected source
  • Notes, comments, and any other content you submit
  • Subscriptions (data feeds, agents, marketplace activity)
  • Payments (USDC transactions on the Base network associated with your account)

Automatically

  • Standard server logs (IP address, user agent, request timing) for security and abuse prevention
  • Performance and error telemetry to keep the service reliable

From public blockchain data

If you connect a wallet, we may read its public on-chain trading history (e.g., from Hyperliquid, GMX, dYdX, Drift, or other supported venues) to populate your verified record. This information is already public on the underlying chain.

2. How we use your information

  • Operate the trading journal and dashboard
  • Generate Universal Trade Receipts and post tamper-proof attestations to a public chain (Solana memo) when you opt in
  • Display your public profile, handle, and (if you choose) trades to other users and the marketplace
  • Process payments and manage your subscription tier
  • Compute reputation tiers (Active, Elite) according to the public criteria documented in our schema
  • Detect fraud, abuse, market manipulation, and wash trading
  • Send transactional messages (login codes, payment receipts, important notices)
  • Improve the product and respond to your support requests

We do not sell your personal information, and we do not use it to train third-party AI models without your explicit consent.

3. Who we share with

We share your information only with the providers and parties below:

  • Privy — authentication, embedded wallet provisioning
  • Supabase — primary database and storage (US East region)
  • Vercel — application hosting, edge network, file blob storage
  • Upstash — Redis cache for read-heavy endpoints
  • Coinbase x402 facilitator — when payment infrastructure ships, USDC payment routing on Base
  • Public blockchains — when you opt in, trade attestations are posted to a public chain (Solana for memos, Base for some payment flows). On-chain data is permanent and visible to anyone.
  • Marketplace counterparties — if you list a data feed or agent, subscribers see what you publish
  • Law enforcement and legal process — when required by valid legal process
On-chain data is irreversible. Once a trade hash is posted to Solana (or any public chain) via our notary, it cannot be removed. You control whether to opt in.

4. Data residency

Your data is primarily stored in the United States (US East). On-chain data lives on the chains where it's posted (Solana, Base, etc.) and is globally accessible by definition.

5. Your rights

  • Access — you can view and export your trades, notes, and profile data at any time
  • Correction — you can edit your profile, but trades are intentionally immutable once recorded (this is part of what makes a verified record valuable)
  • Deletion — you can delete your account; this removes your profile and personal data from our systems within 30 days. On-chain attestations cannot be removed from the underlying chain.
  • Portability — your trades export in our public Universal Trade Receipt format; the spec is open

Email hello@tradallo.com to exercise any of these rights.

6. Children

Tradallo is not directed at people under 18. If you are under 18, do not use Tradallo. If we become aware that a child has provided us information, we will delete it.

7. Security

We use industry-standard security practices: TLS in transit, encrypted at rest, secrets in a secure vault, principle of least privilege. Your authentication is handled by Privy (which uses industry-standard passkey, OAuth, and wallet signing flows). We never see or store passwords. No system is perfectly secure, but we work to minimize risk.

8. International users

Tradallo is operated from the United States. If you access the service from outside the US, you consent to having your information processed in the US. We do not currently offer GDPR-specific or UK Data Protection Act-specific workflows; if you require these, please contact us before using the service.

9. Changes

We may update this Privacy Policy. Material changes will be announced on the site and (if you have an account) by email. The "Effective" date at the top reflects the latest version.

10. Contact

Questions, requests, or concerns: hello@tradallo.com.