Privacy Policy

We collect the following categories of personal data:

• Account data: the email address you authenticate with and the public address of the embedded wallet associated with your account.
• Trading data: the orders you submit through the Service and the resulting on-chain fills, both of which are public information on the underlying blockchain.
• Device and log data: IP address, user-agent, approximate geolocation derived from IP, timestamps, and a session identifier, recorded for security and anti-abuse purposes.
• Support data: any information you voluntarily provide when contacting us (e.g. the contents of an email or support message).

We do not collect or store your seed phrases, private keys, or any other secret material capable of moving your funds. We do not knowingly collect personal data from children under the age of eighteen.

We use this data to:

• run the Service and keep your session signed in;
• detect and stop fraud, abuse, and obvious attempts to break the app;
• debug issues and improve the product in aggregate;
• email you about service notices and, if you opted in, product updates.

We don’t do KYC, we don’t sell your data, and we don’t use third-party ad trackers.

Under the GDPR we rely on:

• Performance of a contract (Art. 6(1)(b)) - for what’s needed to actually deliver Velocity to you.
• Legitimate interests (Art. 6(1)(f)) - for security, abuse prevention, and aggregate analytics.
• Consent (Art. 6(1)(a)) - when we explicitly ask, e.g. for product update emails.

We only share data with the third-party processors that keep Velocity running, under standard data-processing terms:

• cloud hosting and database (EU-based);
• Privy, our embedded-wallet and authentication provider;
• error-monitoring and analytics tooling (configured to scrub secrets before storage).

We don’t sell your data. We don’t share it with anyone for their own marketing.

Some of our processors may be located outside the European Economic Area. Where this is the case, we rely on the European Commission’s Standard Contractual Clauses or an equivalent valid transfer mechanism under Chapter V of the GDPR to safeguard your data.

We keep your data only as long as we need it. Account data sticks around while your account is active and for a short window after so we can settle any open issues. Log data rolls off after about twelve months unless there’s an active investigation.

Subject to applicable law, you have the right to (i) access the personal data we hold about you, (ii) request correction of inaccurate data, (iii) request erasure of your data, (iv) object to or restrict certain processing, (v) request portability of the data you provided to us, and (vi) withdraw any consent you have given.

To exercise these rights, contact us at privacy@velocitytrade.xyz. You also have the right to lodge a complaint with the supervisory authority of your habitual residence.

We use a small number of strictly-necessary cookies and local storage entries required to keep you signed in, persist your UI preferences, and protect against cross-site request forgery. We do not use third-party advertising cookies. Where applicable, non-essential cookies are loaded only after you have given your consent through our cookie banner.

We maintain technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit, least-privilege access controls, audit logging, and a written incident-response plan. No system is perfectly secure; you are responsible for protecting the credentials and devices through which you access the Service.

We may update this Privacy Policy from time to time. The revised version will be posted at this URL with an updated effective date. Where the changes are material, we will notify you through the Service or by email before they take effect.

For any privacy-related question, contact our data-protection team at privacy@velocitytrade.xyz.