Privacy Policy

1. What data we collect

norn collects the following categories of personal data:

• Email address — provided by Clerk during sign-up and used for account communication and daily/weekly reports.
• Wallet addresses — your Polymarket wallet address, used to interact with prediction markets on your behalf.
• Trade data — all trades executed by your agents, including market IDs, sizes, prices, predicted probabilities, and realised P&L.
• API keys (encrypted) — Polymarket API credentials stored encrypted at rest using AES-256-GCM. We never store or log plaintext keys.
• Platform usage data — agent configuration, strategy preferences, risk settings, and onboarding state.

We do not use tracking pixels, third-party advertising networks, or behavioural analytics tools. Only essential session cookies are set.

2. How we use your data

• Authenticating your account via Clerk (contract performance).
• Executing autonomous trading agents on Polymarket on your behalf (service delivery).
• Sending daily P&L summaries and weekly reports if you have opted in (legitimate interest / consent).
• Billing and subscription management via Stripe (contract performance).
• Maintaining an immutable audit log for security and compliance purposes (legitimate interest).
• Improving platform reliability through aggregated, anonymised performance metrics (legitimate interest).

We do not sell your data to third parties. We do not use your data for advertising profiling.

3. Your rights

Under the General Data Protection Regulation (GDPR) you have the following rights:

• Article 15 — Right of access. You may request a complete export of all personal data we hold about you. Use the "Export my data" option in Settings, or call GET /api/gdpr/export.
• Article 17 — Right to erasure. You may request deletion of your account and all associated personal data. Deletion is scheduled within 30 days of request. Call POST /api/gdpr/delete or contact us at [email protected].
• Article 20 — Right to data portability. Your export (Article 15) is provided as machine-readable JSON, covering your profile, agents, and last 1,000 trades.
• Right to rectification. You may update your display name and notification preferences from Settings at any time.
• Right to restrict processing. Contact [email protected] to request a processing restriction while a complaint is investigated.
• Right to withdraw consent. Where processing is based on consent (e.g. marketing emails), you may withdraw at any time from Settings.

We will respond to rights requests within 30 days. For complex requests we may extend this by up to two months and will notify you.

4. Data retention

We retain personal data for as long as your account is active. On account deletion, personal data is permanently erased within 30 days. Anonymised aggregate metrics and immutable audit log entries may be retained for up to 7 years for legal compliance.

5. Cookies

norn uses only essential cookies required for authentication and session management (set by Clerk). We do not set analytics, advertising, or tracking cookies. A consent preference cookie (norn_consent) is stored locally to remember your cookie banner response.

6. Third-party processors

• Clerk — authentication and identity management. Clerk Privacy Policy.
• Stripe — payment processing. Stripe Privacy Policy.
• Hetzner — EU-based cloud infrastructure. Data is stored in the EU.

7. Contact

For any privacy-related enquiries, rights requests, or complaints, contact our Data Protection contact:

[email protected]

You also have the right to lodge a complaint with your local supervisory authority. In the EU, you can find your authority at edpb.europa.eu.