Privacy Policy
Effective date: March 8, 2026
1. Overview
Convexly ("we", "us", "our") respects your privacy. This Privacy Policy describes how we collect, use, and protect your personal information when you use the Convexly platform ("the Service"): public wallet analysis, Edge Score and leaderboard surfaces, watchlists, coherence signals, Market Trust Cards, wallet verification reports, institutional APIs, and optional trade journal or pre-mortem tools.
2. Information We Collect
Account information:
- Email address (required for account creation)
- Display name (optional)
- Authentication tokens (managed by Supabase Auth)
Wallet and market data you provide:
- Public wallet addresses you submit for analysis or save to a watchlist
- Imported venue data, such as Polymarket wallet history or Kalshi CSV files
- Watchlist, alert, digest, and export preferences
- Verification-report requests and associated research instructions
- API keys, usage metadata, and institutional integration settings
Optional journal and pre-mortem data you provide:
- Trade notes, probability estimates, payoff scenarios, and assumptions
- Outcome results, reflection notes, and risk assessments
- Team data (if using Team features)
Automatically collected:
- Usage analytics (page views, feature usage) for product improvement
- Error logs for debugging and reliability
- IP address and browser type (standard server logs)
Payment information:
Credit card and billing details are collected and processed exclusively by Stripe. We never store, access, or transmit your full credit card number. We receive only a confirmation of payment status and the last 4 digits of your card for display purposes.
3. How We Use Your Information
- Core functionality: Computing wallet scores, Brier metrics, concentration diagnostics, market-quality cards, coherence signals, and API responses
- Research and verification: Producing watchlist history, wallet verification reports, audit-chain records, and reproducible research artifacts
- Optional AI features: Processing text you submit for structuring or summarization (see Section 7)
- Email communications: Sending wallet-watch emails, signal digests, onboarding emails, alerts, and account notices via Resend
- Billing: Processing subscription payments via Stripe
- Product improvement: Aggregated, anonymized usage patterns to improve the Service
We do not sell, rent, or trade your personal information to third parties. We do not use your wallet, watchlist, journal, or verification-report data for advertising purposes.
4. Data Storage and Security
Your data is stored in Supabase (hosted on AWS infrastructure) with the following security measures:
- Encryption at rest: All database data is encrypted using AES-256
- Encryption in transit: All connections use TLS 1.2+
- Row-Level Security (RLS): Database policies ensure users can only access their own data
- JWT authentication: API requests are authenticated with signed tokens
- API key hashing: Public API keys are stored as SHA-256 hashes, not plaintext
5. Third-Party Services
We share data with the following services, only as necessary to operate the platform:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & auth | Account, wallet, watchlist, alert, API, and optional journal data |
| Stripe | Payments | Email, subscription status |
| Resend | Email delivery | Email address, email content |
| OpenAI | Optional AI structuring and summarization | Text you explicitly submit to AI features (see Section 7) |
| Vercel | Hosting | Server logs, IP addresses |
| Railway | Backend API hosting | Request metadata and ephemeral compute data |
6. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except:
- Aggregated, anonymized analytics data (permanently retained)
- Financial records required for tax/legal compliance (retained per applicable law)
- Backup data (purged within 90 days of account deletion)
7. AI Data Processing
When you use optional AI-assisted features, the text you submit is sent to OpenAI's API for processing. Convexly does not send wallet analysis, watchlist, or verification-report content to OpenAI unless an AI feature explicitly asks for that content and you choose to use it. Important details:
- We use the OpenAI API (not ChatGPT) - your data is not used to train OpenAI models
- Submitted text is sent only when you explicitly use AI features
- OpenAI retains API data for up to 30 days for abuse monitoring, then deletes it
- You may opt out of AI features entirely by not using the AI tools
8. Cookies and Tracking
Convexly uses minimal cookies:
- Authentication cookies: Required for login sessions (essential, cannot be disabled)
- Theme preference: Stores your dark/light mode choice (localStorage)
- Onboarding state: Tracks which tooltips you've dismissed (localStorage)
We do not use third-party tracking cookies, advertising pixels, or cross-site tracking. We do not use Google Analytics or similar surveillance-based analytics tools.
9. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of your personal data (use the Export page)
- Correction: Update inaccurate information (via Settings)
- Deletion: Request deletion of your account and data
- Portability: Export your data in standard formats (CSV)
- Objection: Object to processing of your data for specific purposes
- Restriction: Request limitation of data processing
To exercise these rights, contact us at privacy@convexly.app. We will respond within 30 days.
10. Email Communications
We send the following types of emails:
- Transactional: Account creation, password reset (cannot be unsubscribed)
- Onboarding: 3-email welcome sequence for new users
- Wallet watch: Weekly wallet-change emails and saved-wallet alerts
- Signal digest: Researcher signal summaries and track-record updates
- Account notices: Billing, security, verification-report, and API notices
You can unsubscribe from non-transactional emails at any time via the unsubscribe link in any email or through Settings → Notifications.
11. Children's Privacy
Convexly is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact
For privacy questions or data requests, contact us at privacy@convexly.app.