Privacy Policy

1. What we collect

• Wallet public key — used as your account identifier. Never your private key.
• Mirror configuration — addresses you choose to copy, and your trade settings.
• Trade history — executed trades and positions associated with your account.
• Bot wallet — the encrypted private key of your Gigabot-generated trading wallet.
• Usage data — standard server logs (IP address, request timestamps) for security and debugging.

2. What we do NOT collect

• Your Phantom or Solflare private key — ever.
• Email address, phone number, or real-world identity.
• Cookies other than the secure httpOnly session JWT.
• Third-party advertising or tracking pixels.

3. How we use your data

Your data is used solely to operate the Gigabot service: authenticating your session, executing copy trades, displaying your portfolio, and maintaining your account. We do not sell, rent, or share your data with third parties except as required by law or to operate core infrastructure (Neon Postgres, Vercel, Helius, Jupiter — all processing data as processors on our behalf).

4. Session and authentication

After sign-in, we issue a JWT stored in a secure, httpOnly, SameSite=Strict cookie. It expires after 7 days. This cookie is never accessible from JavaScript.

5. Data retention

Your account data is retained while your account is active. You may delete your account by contacting us — this will delete all associated data including mirrors, trade history, and your bot wallet entry (after withdrawing any balance).

6. Security

Bot wallet private keys are encrypted with AES-256-GCM before storage. The master encryption key lives in the server environment and is never stored in the database. See our Security page for full details.

7. Changes

We may update this policy. Continued use after changes are posted constitutes acceptance. Material changes will be announced on our Discord.