Prophecy

Privacy Policy

What we collect, why we collect it, and what we never do.

Effective May 1, 2026

We try to keep this short. If you take one thing away: we do not sell your trading data, ever.

1. What we collect

Account data: email, username, password hash, optional 2FA secret.

KYC data: name, date of birth, country, government ID, only if required for your account tier or jurisdiction. Stored encrypted at rest with a third-party identity provider.

On-chain data: your connected wallet addresses and the transactions you authorize.

Trading activity: orders placed, fills, positions, and the markets you view.

Device data: IP address, user agent, and approximate location for fraud detection.

2. How we use it

To run the service, settle markets, calculate P&L, and pay you out.

To comply with anti-money-laundering and counter-terrorist-financing laws.

To detect fraud, abuse, and manipulation across markets and venues.

To send you transactional notifications and, if you opt in, product updates.

3. Who we share it with

Sub-processors that help us run the service: Stripe, AWS, Plaid, Persona, Postmark, Datadog. The current list is on the Disclosures page.

Regulators and law enforcement when compelled by a valid legal request.

A successor entity if we are acquired or merged; you will be notified before any transfer.

4. What we never do

We do not sell your data to advertisers, data brokers, or any third party.

We do not run third-party analytics, ad pixels, or behavioral trackers on the trading interface.

We do not share your individual positions with other users. Aggregate volume is public; your name is not attached.

5. Your rights

You can request an export of your data or its deletion at any time. We will respond within 30 days. Some records, including KYC and trade history, must be retained for 5 years per regulation.

EEA, UK, and California residents have additional rights under GDPR, UK GDPR, and CCPA. Contact us at privacy@prophecy.so to exercise them.

6. How long we keep it

Account and trade data: 5 years after account closure.

KYC documents: 5 years after account closure.

Device and IP logs: 90 days.

Marketing email opt-in: until you unsubscribe.

7. Contact our DPO

Data Protection Officer: privacy@prophecy.so. Postal mail accepted at the address on the Disclosures page.

Effective May 1, 2026 Questions? Contact us