PolyQuantX
Amoy testnet
PLANTILLA — requiere revisión de un abogado. Estos documentos son borradores generados y todavía no fueron revisados por un asesor legal calificado. No los uses como asesoramiento legal. Pablo encargará la revisión de un abogado antes del lanzamiento público.
<!-- TEMPLATE — same disclaimer as terms.md. Attorney review required before production launch. Suggested reviewer: any crypto-experienced privacy counsel familiar with GDPR, UK DPA 2018, and CCPA/CPRA. Last template review: 2026-05-17 (Claude). -->

Privacy Policy — PolyQuantX

Effective date: <FILL ON LAUNCH>

1. Posture

PolyQuantX minimizes data collection. We do not collect data we don't need to operate the Platform. We do not sell personal data. We do not run behavioural advertising. The Platform is non-custodial — operationally, most user activity happens on-chain, not on our servers.

This Policy describes the data we do collect, why, and your rights over it.

2. What we collect

CategoryExamplesPurposeLegal basis (GDPR)
Accountemail (optional), wallet address, usernameaccount creation, login, in-product notificationsContract performance + your consent
On-chain refstx hashes, contract interactions, USDC balances visible from your wallet addressplatform functionality (showing your subscriptions, escrows, jobs)Contract performance
TelemetryAPI request paths, HTTP status codes, error stacks (via Sentry)reliability, debugging, security monitoringLegitimate interest
Usagebot subscriptions, freelance jobs posted/taken, ratings, AI-assistant promptsplatform functionalityContract performance
Communicationsemail subject + body when you email us; support-ticket historyanswering you, keeping a record of correspondenceContract performance
Developer artifactsbot source code (if uploaded), backtest report PDFsprovide the developer tooling you asked forContract performance

We do NOT collect, by default:

  • Real legal names (your wallet address and chosen username are sufficient).
  • Government-issued ID, passport, or other KYC documents — unless your jurisdiction or use-pattern legally requires KYC, in which case this is flagged separately at the point of collection.
  • Physical postal address.
  • Phone numbers.
  • IP-based geolocation for marketing purposes.
  • Behavioural advertising profiles or cross-site tracking identifiers.
  • Biometric data.
  • Data about your wallet activity outside of PolyQuantX (we only see what your wallet does on the Platform, not your broader on-chain history).

3. Cookies and browser storage

TypeName(s)PurposeDefault
Essential cookiesession JWT, CSRF tokenauthentication, session integrityRequired, set on login
localStoragewallet-connect state (the Reown shim), theme preference, polyquantx-cookie-consentremember your wallet session and UI preferencesRequired
Analytics(none today)n/aDisabled by default

We do not load analytics cookies or third-party tracking scripts by default. If we add analytics in the future, we will ask for your explicit opt-in via the cookie-consent banner before loading any analytics provider, and you may continue to use the Platform if you decline.

The polyquantx-cookie-consent localStorage key records your choice (values: essential or all).

4. Third-party processors (sub-processors)

We rely on the following sub-processors. Each has its own privacy policy, which we recommend you review.

ProviderPurposeData sharedRegion
Neon (https://neon.tech)Postgres databaseaccount row, on-chain references, off-chain metadataEU (Frankfurt)
Upstash (https://upstash.com)Redis cachesession state, rate-limit countersEU
Cloudflare R2 (https://www.cloudflare.com/products/r2/)object storagebot source code uploaded by developers, backtest report PDFsEU / global edge
Resend (https://resend.com)transactional emailrecipient email address, message bodyUS
Sentry (https://sentry.io)error monitoringerror stacks (which may contain a wallet address or request path), release identifiersUS
Vercel (https://vercel.com)web-app hosting + CDNHTTP request logs, asset distributionglobal edge
Alchemy (https://www.alchemy.com)Polygon RPCwallet address and on-chain read queries you issue from the PlatformUS
OpenRouter (https://openrouter.ai)AI assistant routingthe prompt text you send to the assistantUS

We currently use only the free tier of each provider. We do not sell data to these providers or to any third party; they process data solely on our behalf as our sub-processors.

5. Your rights (GDPR and similar regimes)

If you are a data subject under the GDPR, UK DPA 2018, CCPA/CPRA, or a similar regime, you have the following rights:

  • Access: request a copy of the personal data we hold about you (we will respond within 30 days; email privacy@polyquantx.com).
  • Rectification: request that inaccurate or incomplete data be corrected.
  • Erasure: request deletion of your data, subject to legal retention obligations.
  • Restriction: request that we limit processing of your data.
  • Portability: request a machine-readable copy of data you provided to us.
  • Objection: object to processing based on legitimate interest.
  • Withdraw consent: for any processing based on your consent, at any time, without affecting prior lawful processing.
  • Complaint: lodge a complaint with your local Data Protection Authority (e.g., your national DPA in the EU; the ICO in the UK; the California Privacy Protection Agency in California).

Important caveat: on-chain data CANNOT be deleted from the blockchain. We can delete the off-chain mapping (your account row, session data, telemetry) but the on-chain record — your wallet address's history of interactions with the Contracts — will remain publicly visible on Polygon indefinitely. This is an inherent property of public blockchains.

6. Retention

DataRetention
Account data (active)While your account is active.
Account data (closed)90 days after closure, then deleted, except where longer retention is legally required.
On-chain referencesAs long as the Contracts exist and are indexed.
Telemetry / Sentry events90 days rolling.
R2 objects (bot code, reports)Until the developer deletes them or closes their account.
Email correspondence2 years from last message, for support-history continuity.
polyquantx-cookie-consent localStorageUntil you clear browser storage.

7. Children

The Platform is not directed to, and we do not knowingly collect personal data from, individuals under the age of 18. If you believe a minor has provided us with personal data, please contact privacy@polyquantx.com and we will delete it.

8. International transfers

Personal data may be processed in jurisdictions outside your country of residence, including the United States. Where required, we rely on Standard Contractual Clauses (SCCs) or equivalent transfer safeguards. The sub-processor table in Section 4 lists the primary processing region for each provider.

9. Changes

We may update this Policy from time to time. Material changes will be announced via an in-app banner at least 7 days before the effective date, and via email when an email address is on file. Continued use of the Platform after the effective date constitutes acceptance.

10. Contact

  • Privacy and DPA correspondence: privacy@polyquantx.com (placeholder)
  • Data Protection Officer (if appointed): <FILL>
  • Operator postal address: <FILL>
  • Operator legal entity: <FILL — sole proprietor / LLC / Ltd. + jurisdiction>