PolyFunding
Start challenge
Legal

Privacy Policy

Last updated: April 25, 2026

This policy describes what data PolyFunding collects, why, where it is stored, and what rights you have over it. If anything is unclear, email support@polyfunding.io.

What we collect

  • Account data: email address, hashed password (handled by Clerk, our auth provider), and the wallet address you use to pay or receive bounties.
  • Activity data: paper trades, positions, equity curve, challenge results, login timestamps.
  • Technical data: IP address, approximate country, browser type, device type. Used for fraud prevention, rate limiting, and geographic eligibility checks.
  • Communications: any email, Discord, or support message you send us.

What we do not collect

  • We do not perform KYC. We do not collect government IDs, social security numbers, dates of birth, or photos.
  • We do not custody your funds or your private keys. All payments are signed by you in your own wallet.
  • We do not sell your data to third parties.

Why we collect it

  • To run your account: log you in, track your challenge progress, pay your bounty.
  • To detect fraud and abuse: catching multi-account abuse, payment fraud, and bug exploitation.
  • To enforce eligibility: confirming you are not connecting from a restricted jurisdiction.
  • To improve the product: aggregated, non-identifying analytics on which features are used.
  • To meet legal obligations: responding to valid law-enforcement requests where required.

Where it lives

  • Clerk (auth.clerk.com): handles your email, password, and login sessions.
  • Supabase: stores your account, trades, positions, and challenge results.
  • Upstash Redis: short-lived caches and rate-limit counters.
  • Polymarket Gamma API: we send public market identifiers only — never your account data.
  • Solana and Polygon blockchains: your wallet address and transaction amounts are public on-chain when you pay or receive a bounty.

How long we keep it

  • Active accounts: for as long as your account is open.
  • Closed accounts: account data is retained for up to 7 years to meet financial-record obligations and respond to chargebacks or disputes, then deleted or anonymized.
  • Logs and rate-limit data: typically 30 days.
  • On-chain transactions: permanent and outside our control. Anyone can see them on a block explorer.

Your rights

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to fix anything inaccurate.
  • Deletion: ask us to delete your account and personal data, subject to financial-record retention above.
  • Portability: request your trade history in a machine-readable format.
  • Objection: ask us to stop processing your data for fraud prevention or analytics (note: this may make the service unusable).
  • To exercise any of these, email support@polyfunding.io from the address on your account.

Cookies and tracking

  • We use a small number of essential cookies to keep you logged in (set by Clerk).
  • We do not use third-party advertising or tracking pixels.
  • If we add product analytics in the future, it will be aggregated and anonymous, and we will update this policy.

International transfers

  • Our infrastructure is provided by US-based vendors (Clerk, Supabase, Upstash, Vercel). If you access PolyFunding from outside the US, your data will be transferred to and processed in the US.
  • We rely on standard contractual clauses or equivalent safeguards with each vendor.

Children

  • PolyFunding is not intended for anyone under 18. If you believe a child has used the service, contact us at support@polyfunding.io and we will close the account and delete the data.

Changes

  • We may update this policy from time to time. Material changes will be announced on the site and in Discord at least 7 days before they take effect.