Privacy Policy

Account data

When you sign up, we collect your email address and authentication metadata through our auth provider, Clerk (user ID, password hash if you use email/password, session info, MFA status). If you use a social sign-in option, we receive only the identifiers your provider sends — we never get your social-login password.

Billing metadata

When you subscribe, our payment processor Stripe collects your payment details. We receive a Stripe customer ID, billing country and postal code, card brand, card expiration, and the last four digits of the card — enough to show you which card you are using and to reconcile invoices. We never see or store full card numbers.

Usage logs

When you use the site, dashboard, or API, we log:

• IP address (in short-lived request logs);
• Browser user-agent, device type, and language;
• Pages visited and features used;
• For API calls: the API key ID (not the secret), endpoint, request time, response status, and latency. We use this to enforce rate limits, meter billing, and debug integration issues.

Error and performance data

When something goes wrong, stack traces and runtime context are captured by our error-monitoring provider, Sentry, so we can fix bugs.

Wallet addresses (agent only)

When you connect a wallet to the autonomous trading agent at skynetx.io/app, the public wallet address may be stored client-side in your browser to reconnect your session, and transmitted to us if you opt in to server-side agent state so the agent can persist across devices. Wallet addresses are public on-chain identifiers — they are not, on their own, private data.

This is important, so we are stating it clearly:

• We never collect private keys. Never. Not in logs, not in memory, not in transit, not at rest.
• We never collect seed phrases or mnemonics. The agent signs transactions through your wallet’s own signing flow. Your keys stay in your wallet.
• We do not store full payment card numbers. Stripe handles card data directly.
• We do not use advertising or cross-site tracking cookies. No ad networks, no retargeting pixels.
• We do not intentionally collect sensitive categories of personal data (health, biometric, political, religious). Do not submit such data to us.

We use the data we collect to:

• Authenticate you and operate your account;
• Bill your subscription and deliver receipts and invoices;
• Enforce rate limits and protect the Service from abuse;
• Send transactional email (sign-up, billing receipts, security alerts, policy updates);
• Debug errors and improve performance and features;
• Comply with applicable law and respond to lawful requests from authorities;
• Defend or enforce our legal rights.

Under GDPR and UK GDPR, our legal bases are contract performance (to operate your account and process payments), legal obligation (for tax, accounting, and compliance records), legitimate interests (for security, abuse prevention, and product improvement), and consent where required (for example, for marketing emails, if we ever send any).

We share personal data only with service providers that help us operate SkynetX and are contractually bound to use it on our instructions:

• Clerk — authentication and session management.
• Stripe — subscription billing and payment processing.
• Sentry — error monitoring and performance diagnostics.
• Vercel — hosting, edge delivery, and serverless functions.

We may also disclose data (a) to comply with a subpoena, court order, or legal obligation; (b) to protect the rights, property, or safety of SkynetX, our users, or the public; or (c) in connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.

We do not sell personal data. We do not share personal data for cross-context behavioral advertising.

We keep data only as long as we reasonably need it:

• Usage logs and API logs: roughly 90 days, then deleted or aggregated into non-identifying counts.
• Error logs (Sentry): roughly 90 days.
• Account data: until you ask us to delete your account, then removed within 30 days — except where we are required to keep a limited record for tax, accounting, or legal reasons.
• Billing records: retained as long as required by tax and accounting law in the relevant jurisdiction (typically around 7 years in the U.S.).

We use a small set of strictly necessary and functional cookies and local-storage keys — no advertising, no cross-site tracking. See our Cookie Policy for the full inventory.

Depending on where you live, you have rights over your personal data. Wherever you live, we will honor the following on request:

• Access — ask for a copy of the personal data we hold about you;
• Correct — ask us to fix inaccurate data;
• Delete — ask us to delete your account and associated data;
• Export — ask for your data in a portable format (we typically provide JSON);
• Object or restrict — ask us to stop or limit certain processing based on legitimate interests.

EEA / UK (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights above under the GDPR or UK GDPR, and you have the right to complain to your local data-protection authority. We will respond to valid requests within one month.

California (CCPA)

If you are a California resident, you have rights under the CCPA / CPRA to know what we collect, delete it, correct it, and opt out of sale or sharing. We do not sell or share personal data, so there is nothing to opt out of in that sense. We will not discriminate against you for exercising any right.

How to exercise a right

Email [email protected] from the address on your account. We may need to verify your identity before acting on requests involving specific pieces of personal data.

SkynetX is based in the United States and our infrastructure and service providers are primarily in the United States. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. For transfers from the EEA, UK, or Switzerland to the U.S., we and our processors rely on appropriate safeguards such as the Standard Contractual Clauses and the EU-U.S. and UK-U.S. Data Privacy Frameworks where applicable.

The Service is intended for users who are at least 18 years old. It is not directed at children under 18 and we do not knowingly collect personal data from them. If you believe a child has given us personal data, email [email protected] and we will delete it.

We use reasonable administrative, technical, and organizational safeguards — including TLS in transit, encryption at rest for production datastores, role-based access control, and audit logging. No system is perfectly secure; by using the Service you acknowledge that we cannot guarantee absolute security. If we become aware of a breach that creates a risk to your rights, we will notify the relevant authorities and, where required, affected users without undue delay.

We may update this Privacy Policy from time to time. Material changes will be announced by email or a notice in the product. Non-material changes take effect when posted; the “Last updated” date at the top reflects the current version.

Privacy questions, requests, or complaints:

SkynetX Labs, Inc. — Attn: Privacy
Email: [email protected]
Support: [email protected]