Privacy Notice

Pre-launch placeholder · Last updated 30 April 2026

Who we are

AurumOracle is operated by an independent team. For data-protection enquiries: privacy@aurumoracle.com.

What we collect

• Wallet address. When you connect a wallet, your public Algorand address is visible to our backend so we can show your balances, history and leaderboard standing. We do not collect or have access to private keys, ever.
• Email. Only if you submit it via the launch list, alert subscriptions, or support requests. Stored encrypted at rest. Used only for the purpose you signed up for.
• Server logs. Standard request logs (IP, user-agent, path, timing) retained briefly for security, abuse-prevention and debugging.
• Cookies. No third-party tracking. Local storage holds session preferences (selected tab, dismissed banners) and is not transmitted off-device.
• On-chain activity. Anything you sign and broadcast is, by definition, public. We may index it for leaderboards, history views and analytics.

What we don't collect

• No third-party analytics (no Google Analytics, no Meta pixel, no Mixpanel).
• No advertising trackers.
• No fingerprinting beyond standard request metadata.
• No private keys, seed phrases or signed payloads we did not request.

Why we process data

• To run the platform (display balances, settle markets, compute leaderboards).
• To send you the emails you asked for.
• To prevent abuse, fraud, money laundering and terrorist financing.
• To debug bugs and improve performance.

Sharing

We share data only with infrastructure providers strictly required to operate the service:

• Amazon Web Services (hosting, email, storage) — eu-west-2 region.
• Anthropic (AI prediction streaming) — only the prompt context, never your wallet address or email.
• Algorand network — public on-chain data only.

We do not sell personal data. We do not share with advertisers.

Retention

• Email list entries: until you unsubscribe (one-click in every email).
• Server logs: typically 30 days, longer if required for security investigations.
• On-chain history: permanent (Algorand ledger; outside our control).

Your rights

If you are in the UK or EEA you have rights under UK GDPR / GDPR including access, rectification, deletion, restriction and objection. Email privacy@aurumoracle.com to exercise them. We aim to respond within 30 days. You also have the right to complain to the Information Commissioner's Office (UK) or your local supervisory authority.

Children

AurumOracle is not intended for anyone under 18. We do not knowingly collect data from children. If you believe we have, contact us and we will delete it.

Security

We follow the OWASP Top 10 in our application code, run helmet + CSP on the BFF, use AWS-managed secrets, and require HTTPS site-wide. No system is perfectly secure; report suspected vulnerabilities to security@aurumoracle.com.

Changes

We will surface material changes in-app on next visit and update the "Last updated" date above.