Polymaster Privacy Policy

1. Information we collect

We collect information you provide directly, information generated through your use of the platform, and limited technical information necessary to secure, operate, and improve the service.

The categories of information collected depend on the features you use and the current product phase.

• Account and identity data, such as name, email address, invite status, role, and account status.
• Configuration data, such as copied source addresses, billing-plan selection, trading-account metadata, credential-status metadata, risk settings, and execution preferences.
• Operational and diagnostic data, such as audit events, feature usage, device and browser characteristics, IP-derived security signals, and error telemetry.
• Support and feedback data, such as messages submitted through onboarding, support, or beta feedback workflows.

2. Information we do not intend to expose back to users

The platform is designed so that sensitive credential material is not retrievable through ordinary user or admin interfaces after submission. During the current product phase, the system is built around references and metadata rather than raw secret storage in normal user flows.

We intentionally suppress or mask sensitive information in audit logs, operational logs, and administrative views to reduce exposure risk.

• Raw private keys, mnemonics, seed phrases, and secret values are not intended to be returned to the customer after submission.
• Full credential references are masked or withheld from user-facing and admin-facing views.
• Raw external payloads and secret-manager values are not intended to be exposed in normal UI or reporting workflows.

3. How we use information

• To create and manage accounts, authenticate users, and enforce access controls.
• To provide onboarding, trading configuration, activity reporting, and billing administration.
• To monitor service reliability, investigate incidents, detect abuse, and maintain platform security.
• To improve product design, prioritize features, understand beta feedback, and measure operational performance.
• To comply with legal obligations, enforce policies, resolve disputes, and protect the rights, safety, and property of users, Polymaster, and third parties.

4. Legal and operational bases

Depending on the context, we process information to perform our contract with you, pursue legitimate interests in operating and securing the platform, comply with legal obligations, and act on consent where consent is required.

If additional laws or regional requirements apply to future product phases, Polymaster may update this policy and associated workflows to reflect those obligations.

5. Sharing and disclosure

We do not sell personal information in the ordinary meaning of that term. We may share information with service providers, infrastructure vendors, professional advisers, and legal or regulatory authorities where reasonably necessary for service operation, security, compliance, or dispute resolution.

If the platform later enables additional third-party integrations, those integrations may involve additional disclosures governed by updated product terms, notices, or integration-specific settings.

• Infrastructure and hosting providers.
• Authentication, email-delivery, logging, analytics, and customer-support vendors.
• Professional advisers, insurers, auditors, and corporate affiliates where reasonably necessary.
• Law enforcement, regulators, courts, or counterparties where required by law or necessary to protect rights and safety.

6. Cookies, local storage, and similar technologies

We use cookies, session tokens, and local browser storage to maintain sign-in state, remember appearance preferences, support essential security controls, and operate the web application.

Some browser-stored values may persist across sign-out on the same device when they relate to user experience preferences rather than authentication.

7. Data retention

We retain information for as long as reasonably necessary to operate the service, maintain records, investigate incidents, comply with law, resolve disputes, and enforce agreements.

Retention periods may differ across data categories. For example, audit or operational records may be retained longer than temporary onboarding state if reasonably necessary for security, support, or compliance.

8. Security

We use administrative, technical, and organizational measures intended to protect information against unauthorized access, use, alteration, and disclosure. These measures include access controls, secret-handling restrictions, masking, and backend-owned processing design.

No security program is perfect, and we cannot guarantee absolute security. You are also responsible for protecting your email inbox, devices, passwords, and any external secret-provider accounts or wallets connected to your use of the platform.

9. International use and regional rights

If you access the platform from outside the jurisdiction where Polymaster operates, your information may be processed in other jurisdictions that may have different data-protection standards.

Depending on applicable law, you may have rights relating to access, correction, deletion, portability, objection, or restriction. Those rights are subject to legal exceptions and to our ability to verify your identity and authority.

10. Children’s privacy

The platform is not intended for children and should not be used by individuals below the age required to enter into a binding contract in their jurisdiction. We do not knowingly seek to collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect product, legal, operational, or security changes. When we do, we may revise the effective date and provide additional notice where appropriate.