PRIVACY POLICY

Last updated: April 9, 2026

This Privacy Policy describes how UP/ONLY handles your personal information. If you have any questions, reach out to legal@uponlytrader.xyz.

1. Overview

UP/ONLY ("we", "us") operates the UP/ONLY Trader platform at uponlytrader.xyz. This Privacy Policy explains what information we collect, why we collect it, and how we use it. By using the service, you agree to the terms described here.

2. Information we collect

Account data: email address, encrypted password hash, optional TOTP 2FA secret. Trading data: positions, trades, P&L, risk metrics, and the algorithm configuration you select. Exchange credentials: encrypted API keys used only for order execution — we never store plaintext secrets. Technical data: IP address, device/user-agent, and audit logs for security and abuse prevention.

3. How we use your data

To operate the platform (authenticate you, execute trades on your behalf, display P&L), to communicate important updates (security alerts, TOS changes), to prevent fraud and abuse, and to comply with legal obligations.

4. Data we do not collect

We do not collect your private keys, wallet seed phrases, or funds. All trading happens via Hyperliquid DEX under your non-custodial account. We do not sell or rent your personal data to third parties.

5. Third-party services

We use the following third parties to operate the service: Hyperliquid (order execution), Cloudflare (CDN & security), backend hosting providers, email delivery, optional Telegram bot integration. Each provider handles your data under their own privacy policy.

6. Cookies & local storage

We use first-party cookies and localStorage to keep you logged in, remember your preferences, and protect against CSRF. We do not use tracking cookies or third-party advertising.

7. Data retention

Account and trading data are retained while your account is active. On account deletion, personal data is removed within 30 days, except where required to retain for legal, tax, or audit obligations.

8. Security

Passwords are hashed with bcrypt. Exchange API secrets are encrypted at rest using AES-256. TLS 1.2+ is enforced for all connections. We follow industry best practices for secret handling and access control.

9. Your rights

You may request access to, correction of, or deletion of your personal data at any time. For requests, contact legal@uponlytrader.xyz.

10. Children

UP/ONLY is not intended for users under 18. We do not knowingly collect data from minors.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and an in-app notice at least 7 days before taking effect.

12. Contact

For privacy questions, email legal@uponlytrader.xyz. For security disclosures, email security@uponlytrader.xyz.