arblane

FeaturesPricingFAQAboutBlog
Sign inStart free beta
Privacy

Privacy policy

Last updated: May 2026

Plain-English version of what we collect, how we store it, and what we will and won't do with it. Read this first; the bullets are not lawyer-speak.

What we collect

Account data — email address, hashed password (via Better Auth), passkey credentials, optional name.
Auth metadata — IP address, browser user-agent, and timestamps for sign-in and re-auth events.
Geo-block result — country code from Polymarket's geo-block API, cached per (user, IP) for one hour.
Wallet addresses — the public Polygon addresses you bind via SIWE. We never collect private keys, seed phrases, or signatures outside of typed-data order signing.
Trading data — strategy configurations, decisions proposed and approved, orders relayed, and resolved P&L.
Billing data — handled by Stripe. We store the Stripe customer ID and subscription state, not card details.
Marketing site — optional email submissions to the lead-capture form, with IP + user-agent for abuse triage.

How we store it

All data lives in AWS eu-west-1 (Ireland). Postgres (Aurora) is encrypted at rest. S3 tick data is bucket-encrypted. Wallet keys are never stored — see the safety-critical custody rule for the technical invariant. The Aurora database is publicly accessible behind an IP-whitelisted security group (single-IP whitelist of the founder's IP). Before Phase 4 (real user-funds live trading at scale), we are layering in Aurora IAM authentication or VPC-only access.

Third parties

Stripe — payment processing and subscriptions. Stripe receives your email and billing information when you subscribe.
AWS — all infrastructure (compute, database, storage, logging, secrets, DNS, CDN).
Reown / WalletConnect — the wallet-connection protocol routes one-time pairing messages through Reown relays. No signing or balance data is sent through Reown.
Polymarket — your geo-block status is fetched from Polymarket's geo API. Live orders you sign are relayed to the Polymarket CLOB.
We do not run any third-party analytics, ad scripts, session recorders, or chat widgets on this site.

Data retention

Account data is retained for as long as your account exists. On account deletion, we remove personal data within 30 days. Trading decisions and order history are kept for the lifetime of the account for your audit and P&L attribution; on deletion they are anonymized and aggregated rather than removed (we keep no PII against them). Marketing-site email captures can be deleted on request to hello@arblane.com.

Your rights

You can request a copy of your data, request deletion, or request correction by emailing hello@arblane.com. We respond within 30 days. EU users have full GDPR rights; UK users have UK-GDPR rights. We are not currently subject to CCPA but honor equivalent requests on a best-effort basis.

Contact

Privacy questions: hello@arblane.com. We're a small team — please be patient, but you will hear back.