Privacy Policy
Last updated 16 July 2026
This Privacy Policy explains how the operator of HBFmarket Staging ("HBFmarket Staging," "we," "us," or "our") collects, uses, discloses, and protects information when you visit or use our website, applications, trading terminal, and related services (together, the "Service"). It also explains the choices and rights available to you.
This policy covers information handled by HBFmarket Staging. Third-party services and public blockchains have their own privacy practices, which we do not control.
1. Information we collect
Account and authentication information
When you create or access an account through Privy, we receive or can access an account identifier, authentication status, linked account details, wallet addresses, and limited profile information made available by Privy. Depending on the sign-in method you choose, Privy may separately process information such as an email address, phone number, or social account details.
Wallet, market, and transaction information
We process public wallet addresses, deposit-wallet addresses, token balances, positions, orders, trades, approvals, and other public blockchain or Polymarket activity needed to display and operate the Service. Blockchain transactions are public and may remain visible permanently, even if you stop using HBFmarket Staging.
Profile, watchlist, and preference information
We process information you choose to save, such as a display name and watchlist layouts. These are currently stored as metadata associated with your Privy account. Your browser may also store your theme, cached market data, followed-trader list, interface preferences, local portfolio state, and recent activity so the terminal can restore your session.
Trading automation information
If you create a stop-loss or take-profit rule, we store the rule settings, wallet and token identifiers, expiry, a pre-signed order, and the CLOB credentials needed to submit that specific order. The credential secret and passphrase are encrypted at rest. The API key and signed order are stored with the rule. We do not ask for or store your wallet private key or seed phrase.
Compliance, device, and usage information
We may process your IP address, IP-derived country or region, request timestamps, browser or device information, error and security logs, and the outcome of geographic or wallet sanctions checks. We use this information to operate and secure the Service and to prevent access where trading is restricted.
Communications
If you contact us, we collect the information in your message and any details reasonably needed to investigate and respond.
2. How we collect information
We collect information:
- directly from you when you sign in, configure the Service, trade, or contact us;
- automatically from your browser, device, and interactions with the Service;
- from Privy and other providers you choose to connect;
- from public blockchains and public Polymarket market and account data; and
- from infrastructure and compliance providers that help us operate safely.
3. How and why we use information
We use information to:
- provide, personalise, maintain, and troubleshoot the Service;
- authenticate users and associate settings with the correct account;
- display markets, balances, positions, watchlists, and public trader activity;
- submit instructions you authorise and operate active automation rules;
- apply geographic, sanctions, fraud, abuse, and security controls;
- investigate incidents, enforce our Terms of Use, and comply with law;
- communicate with you about support, security, and material service changes; and
- understand reliability and improve the Service.
Where data-protection law requires a legal basis, we rely on performing our contract with you, complying with legal obligations, your consent where requested, and our legitimate interests in operating, securing, and improving the Service without overriding your rights.
4. Automated access decisions
The Service uses automated checks based on IP-derived location and wallet sanctions data to decide whether trading functionality may be made available. A failed or unavailable check can prevent access to trading. These controls are used for legal compliance and platform safety; they do not assess your creditworthiness. Contact us if you believe a restriction was applied in error and want the result reviewed.
5. When we disclose information
We may disclose information to:
- Privy, for authentication, account, and wallet services;
- Polymarket and blockchain networks, when requesting market data or submitting transactions and orders you authorise;
- LI.FI and its route providers, when you choose to use the deposit or bridging interface;
- hosting, database, security, and sanctions-screening providers, as needed to operate and protect the Service;
- professional advisers and authorities, where reasonably necessary to obtain advice, protect rights or safety, investigate misuse, or comply with law; and
- a successor, in connection with a merger, financing, reorganisation, or sale of all or part of the Service, subject to appropriate safeguards.
We do not sell personal information or share it for cross-context behavioural advertising. We do not currently use third-party advertising or behavioural analytics in the Service.
6. Third-party services and public blockchains
Privy, Polymarket, LI.FI, wallet providers, bridge providers, and blockchain networks process information under their own terms and privacy policies. Information broadcast to a public blockchain cannot generally be edited or deleted by us. Your wallet address may allow others to connect your transactions and positions over time.
7. Browser storage and cookies
The Service uses local browser storage and similar technology to remember settings, cache data, and maintain account-scoped features such as following lists. You can clear this data through your browser, although doing so may reset parts of the interface. Privy and other embedded providers may use cookies or storage that are necessary for authentication, security, and their services. We do not currently use advertising cookies.
8. International processing
We and our providers may process information outside your country, including in the United States, the United Kingdom, the European Economic Area, and other locations where providers operate. Those countries may have different privacy laws. Where required, we use recognised transfer safeguards or rely on another lawful transfer mechanism.
9. Retention
We keep information only for as long as reasonably necessary for the purposes described in this policy. Account metadata is generally kept while your account remains active. Active automation records are kept while needed to operate and reconcile the rule, and may be kept longer where necessary for security, dispute, or legal records. Operational logs and support communications are retained for a limited period appropriate to their purpose. Browser data remains on your device until it expires or you clear it. Public blockchain data is not controlled by us and may be permanent.
10. Security
We use reasonable technical and organisational safeguards appropriate to the information we handle, including access controls and encryption of keeper credential secrets at rest. No system is completely secure. Protect your account, devices, recovery methods, and wallet credentials, and never send us a private key or seed phrase.
11. Your rights and choices
Depending on where you live, you may have rights to request access, correction, deletion, restriction, objection, or portability of personal information, or to withdraw consent. You may also have the right to complain to a privacy regulator. These rights can be subject to legal exceptions, including where information is needed for security, compliance, or legal claims.
You can edit certain profile and watchlist information in the Service, disconnect linked wallets, cancel active automation rules, clear browser storage, or contact us to make a privacy request. We may need to verify your account or wallet control before acting on a request. We will acknowledge privacy complaints and respond within a reasonable period, ordinarily within 30 days.
12. Children
The Service is not directed to anyone under 18, and we do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us so we can investigate and take appropriate action.
13. Changes to this policy
We may update this policy when the Service, our providers, or legal requirements change. We will post the revised policy with a new "Last updated" date and provide additional notice where a change is material or law requires it.
14. Contact and complaints
Contact us using the address below with privacy questions, requests, or complaints. Please describe your request and the account or wallet address concerned, but do not send a private key, seed phrase, password, or full authentication credential.
Questions? support@hbfmarket.com