Privacy Policy

1 · What we collect

The data OBELIQ stores about you:

• An anonymous cookie ID (nxv) — generated on your first visit, used to remember your paper-trading account across sessions on the same browser.
• Your wallet address(es) — when you connect Phantom (EVM or Solana mode), we store the public address so we can bind your paper account, query your token balance for gate-checks, and route live mirror trades to the correct account.
• Encrypted agent private key — if you enable live mirror mode, we generate an EVM keypair and store the private key encrypted with AES-256-GCM. The encryption key is derived from a server-side master secret you do not have access to. Even server administrators cannot decrypt the key without the master secret.
• Paper trading history — every trade your paper account opens and closes, stored against your cookie ID or wallet address.
• Risk configuration — caps you set for live mirror mode (max position %, max leverage, max daily loss).
• Server logs — IP address, user agent, request paths, timestamps. Retained for 30 days for abuse-prevention and debugging, then deleted.

2 · What we do NOT collect

• Email addresses
• Names, phone numbers, or postal addresses
• Government IDs or KYC documents
• Passwords (there's no login — your wallet signature is your authentication)
• Payment details (we don't process any payments)
• Browsing history outside OBELIQ
• Any data from third-party trackers or advertising networks (we run none)

3 · How we use what we collect

The collected data is used exclusively to:

• Provide paper-trading functionality (your $10K account state must persist between visits)
• Check your $LIQ token balance against the access threshold
• Sign and submit live-mirror orders to Hyperliquid on your behalf (only when you've enabled live mode)
• Enforce your configured risk caps
• Prevent abuse (rate-limiting, fraud detection)
• Debug issues with the platform

We do not sell, rent, or share your data with third parties for marketing purposes. Ever.

4 · Public information

The following information about you is public on the OBELIQ leaderboard if you choose to trade:

• A shortened identifier (e.g., guest-a1b2 for cookie-based accounts, or 0x123…cd4e for wallet-bound accounts)
• Your paper account equity, win/loss record, and number of trades

Wallet addresses on a blockchain are inherently public. If you connect a wallet and trade, anyone can see the wallet's on-chain activity through standard block explorers. OBELIQ does not surface this information on the platform itself beyond the shortened identifier.

5 · Third-party services we use

• Hyperliquid — public market data WebSocket and REST endpoints. We send your wallet address as the user identifier in API calls when fetching your account state for live mirror mode. Hyperliquid's privacy practices are governed by its own policy.
• Jupiter price API — for $LIQ token-balance USD conversion. We send the token mint address only.
• Solana RPC — to query your token balance. We send your wallet address.
• Railway — hosting provider. Server logs are subject to Railway's privacy policy.
• Cloudflare — CDN and DDoS protection for static assets and DNS. Subject to Cloudflare's privacy policy.

6 · Cookies and local storage

OBELIQ uses a single first-party cookie — nxv — to identify your paper-trading account. The cookie contains a random opaque ID. We use no third-party tracking cookies, no advertising cookies, no analytics cookies.

7 · Your rights

You may at any time:

• Reset your paper-trading account (clears all trades and history for your cookie ID)
• Disconnect your wallet (removes the binding between cookie and wallet)
• Revoke the API agent (cancels live mirror authorization at Hyperliquid)
• Request deletion of all data associated with your wallet address by contacting OBELIQ through official social channels (with proof of wallet ownership via signature)

If you reside in the EU, UK, California, or another jurisdiction with applicable data protection law (GDPR, CCPA, etc.), you also have the rights to access, rectify, restrict processing, port, and object to processing of your personal data. Submit such requests through the official OBELIQ social channels.

8 · Data security

Agent private keys are encrypted at rest with AES-256-GCM. The encryption key is derived via scrypt from a master secret stored in environment variables, never committed to source code. Database access is restricted to the application server. TLS 1.3 is enforced for all client-server communication.

9 · Children

OBELIQ is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we become aware of such collection we will delete the data immediately.

10 · Changes

Updates to this Policy will be announced on OBELIQ's home page. Continued use after the effective date of any change constitutes acceptance.

11 · Contact

Privacy questions: contact through the official OBELIQ social channels (announced at launch).