Back to Home

Privacy Policy

Version: 2026-01-14

1. Data Controller

The controller responsible for processing personal data on this website is:

Erik Eremenko

Auweg 38

85748 Garching b. München

Germany

Email: [email protected]

2. Introduction

Welcome to PolySimulator ("we," "our," or "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy informs you how we look after your personal data when you visit our website (polysimulator.com) and tells you about your privacy rights and how the law protects you.

This policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

3. Data We Collect

We collect the following categories of personal data:

1.Master data (e.g., name, email address)
2.Usage data (e.g., pages visited, click paths)
3.Meta and communication data (e.g., IP addresses, timestamps)
4.Content data (e.g., trading positions, portfolio data)
5.Log data (e.g., access logs)

Google Sign-In data

When you sign in with Google, we receive your basic profile data from Google/Supabase (name, email address, and a unique account ID).

We use this data only for account authentication, account security, and linking your PolySimulator profile. We do not sell this data.

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

Consent(Art. 6(1)(a) GDPR)

The data subject has given consent.

Contract Performance(Art. 6(1)(b) GDPR)

Processing for the performance of a contract.

Legal Obligation(Art. 6(1)(c) GDPR)

Processing for compliance with legal obligations.

Legitimate Interests(Art. 6(1)(f) GDPR)

Processing for legitimate interests pursued by the controller.

5. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information.

Essential Cookies

Required

These cookies are required for the basic functionality of the website.

  • Session cookies
  • Authentication tokens
  • Consent preferences

Analytics Cookies

Optional

These cookies help us understand how visitors interact with the website.

  • Google Analytics
  • PostHog
  • Microsoft Clarity

Marketing Cookies

Optional

These cookies are used to make advertising more relevant.

  • Google Ads (currently disabled)

6. Third-Party Services

We integrate with the following third-party services to provide our platform. Each service may collect and process data according to their own privacy policies:

6.1 Authentication Services

We use OAuth providers for secure authentication:

  • Supabase

    Authentication, Database, and Backend Services

    Privacy
  • Google Sign-In

    Single Sign-On Authentication

    Privacy
  • GitHub OAuth

    Single Sign-On Authentication

    Privacy
  • Apple Sign-In

    Single Sign-On Authentication

    Privacy

6.2 Analytics Services

We use analytics to understand usage and improve the service:

  • Google Analytics 4 (GA4)

    Web Analytics and Audience Measurement

    Opt-outPrivacy
  • Google Tag Manager

    Tag Management and Analytics Integration

    Privacy
  • PostHog

    Product Analytics and Session Recording

    Privacy
  • Microsoft Clarity

    Session Recordings and Heatmaps

    Privacy
  • Plausible Analytics

    Privacy-Friendly Web Analytics

    Privacy
  • Axiom

    Log Management and Web Vitals Monitoring

    Privacy

6.3 Hosting & Infrastructure

  • Vercel

    Frontend Hosting and Edge Functions

    Privacy
  • Dokploy / Self-Hosted

    Backend API and Database Hosting

  • Cloudflare

    CDN, DDoS Protection, and DNS

    Privacy

6.4 Market Data Sources

  • Polymarket API

    Market Data and Pricing Information (Read-Only)

    Privacy

6.5 Fonts & CDN

  • Google Fonts (Inter)

    Typography and Font Rendering

    Privacy

7. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this privacy policy:

Data TypeRetention Period
Business books, annual accounts, invoices (tax retention obligation)10 years
Business correspondence and tax-relevant documents6 years
Warranty and damage claims (statute of limitations)3 years
Server log files and access logs30 days
Cookies and similar storage methods (max.)2 years

7a. Waitlist / Notification Sign-up

When you sign up for a product waitlist (e.g. API access, backtesting), we process the following data:

Data Collected

  • Email address
  • IP address (for fraud prevention)
  • Consent timestamp
  • Selected waitlist (e.g. "api-trading", "backtesting")

Purpose

One-time notification when the selected feature launches. We do not use your email for marketing or share it with third parties.

Legal Basis

Explicit consent under GDPR Art. 6(1)(a), given when you submit the sign-up form.

Retention Period

Your data will be deleted or anonymised no later than 6 months after the feature launches, or immediately upon withdrawal of your consent.

Withdrawal of Consent

You can withdraw your consent at any time via:

8. International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). When we transfer data to these providers, we ensure appropriate safeguards are in place:

  • EU-US Data Privacy Framework for US providers
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection

9. Your Rights (GDPR)

If you are in the European Economic Area (EEA), you have the following data protection rights:

Right of Access(Art. 15 GDPR)

Right to obtain confirmation and access to your data.

Right to Rectification(Art. 16 GDPR)

Right to correct inaccurate data.

Right to Erasure(Art. 17 GDPR)

Right to have personal data deleted.

Right to Restriction(Art. 18 GDPR)

Right to restrict processing.

Right to Data Portability(Art. 20 GDPR)

Right to receive data in a structured format.

Right to Object(Art. 21 GDPR)

Right to object to processing.

Right to Withdraw Consent(Art. 7(3) GDPR)

Right to withdraw given consent.

Right to Complain(Art. 77 GDPR)

Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

10. Right to Complain

You have the right to lodge a complaint with a supervisory authority. For Germany, this is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany
www.lda.bayern.de

11. Data Security

We implement appropriate technical and organizational security measures to protect your personal data, including:

  • Encryption of data in transit (TLS/SSL)
  • Secure authentication via OAuth 2.0
  • Regular security assessments
  • Access controls and logging
  • DDoS protection via Cloudflare

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page and updating the version date at the top.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us:

Email: [email protected]

Or via our Contact Page