Privacy Policy
1 · Who we are (controller)
The data controller responsible for your personal data is Trinity Intelligence Network LLC, the company that operates the OBELIQ platform ("OBELIQ," "we," "us"). You can reach us about any privacy matter at privacy@obeliq.io. Our postal address for legal and CAN-SPAM purposes is:
Trinity Intelligence Network LLC, 378 Auwinala Rd, Kailua, HI 96734
2 · What we collect and why
We collect the following categories of personal data. For each, we list the purpose and the legal basis under the EU/UK GDPR. (Where we rely on "consent," you can withdraw it at any time; where we rely on "legitimate interests," you can object — see section 8.)
- Email address — account. If you create a paid subscription, we collect the email address tied to your billing account so we can deliver the service, send transactional messages (receipts, renewal notices, security and account alerts), and provide support. Legal basis: performance of a contract.
- Email address — marketing, waitlist, and outreach. We collect email addresses (a) when you join our waitlist or subscribe to updates, and (b) for cold/business outreach campaigns describing OBELIQ. We use these to send marketing and product-update emails. Legal basis: consent where required (for example, in the EU/UK); otherwise our legitimate interest in marketing our product, subject to your right to opt out at any time (see section 6).
- Email engagement data — open and click tracking. Our marketing, waitlist, and outreach emails include tracking that records whether you opened the email (via a tracking pixel) and whether you clicked links inside it (via redirect links), along with related metadata (timestamp, approximate device/client, and IP-derived approximate location). We use this to measure campaign performance, gauge interest, and stop emailing people who are not engaged. Legal basis: consent where required; otherwise legitimate interest in measuring and improving our communications. You can avoid open tracking by disabling remote-image loading in your email client, and you can stop all such emails by unsubscribing (section 6).
- Payment data. When you subscribe, payment is processed by Stripe. We receive limited billing data from Stripe (such as your email, the last four digits and brand of your card, billing country, and subscription/renewal status). We do not receive or store your full card number. Legal basis: performance of a contract; legal obligation (tax/accounting records).
- Wallet address(es). When you connect Phantom (EVM or Solana mode), we store the public address to bind your paper account, query your $OBELIQ balance for access checks, and route live-mirror trades. Legal basis: performance of a contract / your request.
- Encrypted agent private key. If you enable live mirror mode, we generate an EVM keypair and store its private key encrypted with AES-256-GCM. The key is derived from a server-side master secret to which you do not have access. Legal basis: performance of a contract / your request.
- Custodial wallet keys (Solana and EVM). For certain features, OBELIQ generates and custodies wallets on your behalf: a per-user Solana wallet (for example, to receive token airdrops or distributions) and a per-user EVM custodial trading wallet. We store the private keys for these wallets encrypted with AES-256-GCM on our server; you do not directly hold these keys. We use them to operate the features you enable. Legal basis: performance of a contract / your request.
- Custodied funds and trading activity. Where you deposit funds (for example, USDC) into an OBELIQ-generated EVM custodial trading wallet, we hold those funds in a per-user segregated wallet on your behalf and, when you enable custodial trading, trade on your behalf using that wallet. We process the associated balances, deposit and withdrawal records, and order/trade history to operate and account for this feature. Legal basis: performance of a contract / your request; legal obligation (recordkeeping).
- Paper-trading history. Every trade your paper account opens and closes, stored against your cookie ID or wallet address. Legal basis: performance of a contract / your request.
- Risk configuration. Caps you set for live mirror mode (max position %, max leverage, max daily loss). Legal basis: performance of a contract / your request.
- Session cookie ID (nxv) — generated on your first visit to remember your paper-trading account across sessions on the same browser. Legal basis: strictly necessary for the service you requested.
- Server logs. IP address, user agent, request paths, timestamps. Legal basis: legitimate interest in security, abuse prevention, and debugging.
3 · Information that is public by design
If you choose to trade, the following appears on the public OBELIQ leaderboard:
- A shortened identifier (e.g., guest-a1b2 for cookie-based accounts, or 0x123…cd4e for wallet-bound accounts).
- Your paper account equity, win/loss record, and number of trades.
Wallet addresses on a blockchain are inherently public. If you connect a wallet and trade, anyone can view that wallet's on-chain activity through standard block explorers. OBELIQ does not surface that activity on the platform beyond the shortened identifier.
4 · Processors and sub-processors we share data with
We do not sell your personal data, and we do not share it for third-party advertising. We share data with the service providers below, who process it on our behalf under contract and only for the purposes we specify:
- Stripe — payment processing, billing, and subscription management. Receives your billing email and payment metadata. Governed by Stripe's privacy policy.
- Resend — outbound email delivery for transactional, waitlist, marketing, and outreach emails. Processes your email address and the email open/click engagement data described in section 2. Governed by Resend's privacy policy.
- Railway — application hosting and infrastructure (United States). Processes whatever data passes through or is stored by the application, including server logs. Governed by Railway's privacy policy.
- PostgreSQL database — the primary data store for account, wallet, paper-trading, and subscription records, hosted within our Railway infrastructure.
- Cloudflare — CDN and DDoS protection for static assets and DNS. May process IP addresses and cache static assets in datacenters worldwide. Governed by Cloudflare's privacy policy.
- A third-party decentralized perpetual futures exchange — the execution venue. We send your wallet address as the user identifier when fetching account state and routing live-mirror orders. Such activity is governed by the third-party exchange's own policy.
- Solana RPC and Jupiter price API — used to query your $OBELIQ balance and convert it to USD. We send your wallet address (RPC) or the token mint address (Jupiter).
Custodial wallets and custodied funds. The private keys for OBELIQ-generated custodial wallets (Solana and EVM) are generated and held by OBELIQ, encrypted, within our own infrastructure (the Railway-hosted application and PostgreSQL database listed above); we do not hand these keys to a third party. When custodial trading is enabled, the public address of your custodial wallet and the related order data are transmitted to the relevant execution venue and the underlying blockchain network to place trades on your behalf, and the custodial wallet's on-chain activity (including deposits, trades, and withdrawals) is inherently public on that blockchain.
We may also disclose data where required by law, to enforce our terms, or to protect the rights, safety, and property of OBELIQ or others.
5 · Cookies and local storage
OBELIQ uses a single strictly necessary first-party cookie — nxv — containing a random opaque ID to identify your paper-trading account. We do not use third-party advertising cookies or cross-site tracking cookies on the website. Note that our emails contain open- and click-tracking as described in section 2; that tracking is separate from website cookies and is controlled by your email settings and your unsubscribe choice.
6 · Marketing email and your right to opt out
You can opt out of marketing, waitlist, and outreach emails at any time:
- Click the unsubscribe link included in every marketing email; or
- Email privacy@obeliq.io with "unsubscribe" and the address to remove.
We honor opt-outs promptly and, in any case, within the time required by applicable law. Unsubscribing stops marketing and outreach email; we may still send essential transactional messages (such as billing or security notices) tied to an active account. Consistent with the U.S. CAN-SPAM Act, every commercial email identifies the sender, includes a working opt-out, and includes our valid physical postal address (see section 1).
7 · Data retention
We keep personal data only as long as necessary for the purposes above:
- Account email & subscription records — for the life of the account, then as required for tax/accounting and dispute records (typically up to 7 years), after which we delete or anonymize.
- Marketing / waitlist / outreach email — until you unsubscribe or request deletion; suppression-list entries (to honor your opt-out) are kept indefinitely solely to ensure we do not email you again.
- Email engagement data (opens/clicks) — up to 24 months, then deleted or aggregated.
- Wallet address — until you request deletion or 365 days after last activity.
- Encrypted agent private key — until you revoke the agent, or 90 days after last live trade.
- Custodial wallet keys (Solana / EVM) & custodied-fund records — for the life of the custodial wallet; after you withdraw your funds and close the wallet, deposit/withdrawal and trade records are retained as required for accounting and dispute purposes (typically up to 7 years), then deleted or anonymized.
- Paper-trading history — until you reset your account, or 365 days after last activity.
- Server logs — 30 days, then deleted.
- Aggregate / anonymized statistics — retained indefinitely (no longer personal data).
8 · Your privacy rights (GDPR / UK GDPR / CCPA-CPRA)
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure / right to be forgotten — request deletion of your data.
- Restriction — limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — object to processing based on legitimate interests, including direct marketing (we will stop marketing to you on request).
- Withdraw consent — at any time, without affecting processing already carried out.
- Non-discrimination (CCPA/CPRA) — we will not deny service, charge a different price, or provide a different quality of service because you exercised your rights.
- Do Not Sell or Share (CCPA/CPRA) — we do not sell or "share" personal information as those terms are defined under California law; if that ever changes, we will provide a "Do Not Sell or Share My Personal Information" mechanism.
- Complain — lodge a complaint with your supervisory authority (e.g., the ICO in the UK, your national DPA in the EU, or the California Privacy Protection Agency / California AG).
To exercise any of these rights:
- Email privacy@obeliq.io; or
- Delete wallet-associated data directly by submitting
POST /api/me/forgetwith a signature from the wallet in question, which erases the data associated with that wallet address.
We verify requests before acting on them (for example, via control of the account email or a wallet signature) and respond within the timeframe required by applicable law — generally within 30 days, extendable where the law permits.
9 · International data transfers
Our application and database are hosted in the United States (Railway), and several processors (e.g., Stripe, Resend, Cloudflare) operate internationally. If you access OBELIQ from outside the US, your data will be transferred to and processed in the US and other countries. Where required for transfers out of the EEA/UK, we rely on the European Commission's Standard Contractual Clauses (and the UK Addendum) together with the data-minimization measures in this Policy.
10 · Data security
Agent private keys are encrypted at rest with AES-256-GCM; the encryption key is derived via scrypt from a master secret held in environment variables, never committed to source code. Database access is restricted to the application server. TLS 1.3 is enforced for all client-server communication. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
11 · Children
OBELIQ is not intended for users under 18. We do not knowingly collect data from minors; if we learn we have, we will delete it.
12 · Changes
We will post updates to this Policy here and announce material changes on the OBELIQ home page. The "EFFECTIVE" date above reflects the latest version. Continued use after a change takes effect constitutes acceptance.
13 · Contact
Privacy questions, requests, or unsubscribe help: privacy@obeliq.io. Postal address: Trinity Intelligence Network LLC, 378 Auwinala Rd, Kailua, HI 96734.
← back to OBELIQ