Privacy Policy

Hypertape is operated by Oleum Group AS, a Norwegian limited company (registration available on request). We process personal data under the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and applicable Norwegian privacy law.

What we collect

We minimize collection to what each feature actually requires. We do not buy, rent, enrich, or sell personal data. We do not run cross-site ad-targeting pixels.

• Wallet address(es) you choose to connect via Privy. Used as your pseudonymous identifier across the platform.
• Email address if you connect via email/social login through Privy, or voluntarily provide it for support contact.
• Trading activity metadata — symbols viewed, orders placed, watchlists saved, dashboard layouts. Stored to make the product remember your state between sessions.
• Device + browser telemetry — anonymous pageview events, click events, viewport size, browser version, anonymized IP (truncated to /24). Used to debug + improve the product. Sent only to PostHog (below).
• Error reports when something crashes — stack trace + your wallet address (so we can correlate to the broken state). Sent only to Sentry (below).

We do not collect: full IP addresses (only the /24 prefix), precise geolocation, contact lists, biometrics, payment card data (there are no fiat payments — see Builder fee below), or any data subject to the special categories under GDPR Art. 9.

Processors

We use the following data processors (sub-processors). Each one receives only the data listed; we have a contractual agreement with each that requires GDPR-equivalent protection. If you object to any specific processor, contact us and we will explore alternatives where possible.

• Privy — wallet authentication, embedded wallet creation, agent-wallet delegation. Processes your wallet address + (if used) email. United States. SOC 2 Type II.
• PostHog — product analytics. Processes anonymous pageview + click events. EU region (Frankfurt). We disable session recordings + heatmaps; only event-based analytics.
• Sentry — error tracking. Processes JavaScript stack traces + your wallet address as user context. United States. SOC 2 Type II.
• Supabase — our primary database. Stores your watchlists, saved screens, dashboard layouts, and agent-wallet metadata. EU region. Row-Level Security (RLS) enforces that you can only read your own data via your authenticated wallet.
• Vercel — application hosting + CDN. Processes request logs (URL, status code, anonymized IP, user-agent). United States. SOC 2 Type II. We have a signed DPA.
• Hyperliquid — the perpetuals venue your orders route to. Sees your wallet address + the orders you sign. Pseudonymous — no off-chain personal data leaves your browser to Hyperliquid.
• TradingView — chart library. Per the Free Advanced Charts License, no personal data leaves our embed to TradingView. The library renders client-side using market data we provide.

How we use it

We use the collected data to: (a) authenticate you and route your orders to Hyperliquid; (b) remember your saved screens, watchlists, dashboards, and preferences between sessions; (c) debug crashes and performance issues; (d) measure aggregate product usage so we can improve features.

Legal basis (GDPR Art. 6): wallet + trading metadata are processed on the basis of contract (Art. 6(1)(b)) — we cannot deliver the product without them. Analytics + error reports are on the basis of legitimate interest (Art. 6(1)(f)) — improving the product. Where we add cookies that require explicit consent, that flow ships separately (below).

Retention

• Wallet + saved-state data: retained while your account is active, deleted on request.
• Analytics events (PostHog): 12 months rolling, then aggregated.
• Error reports (Sentry): 90 days rolling, then aggregated.
• Request logs (Vercel): 30 days rolling.

Your rights

Under GDPR Art. 15-22 you have the right to: access your data, correct inaccuracies, erase your data, restrict processing, object to processing, request data portability, and lodge a complaint with your local supervisory authority (in Norway: Datatilsynet). Email admin@oleum.no with any request and we will respond within 30 days.

Cookies

We currently use only essential cookies (authentication state via Privy, splitter positions / dashboard layouts via localStorage). A formal cookie banner ships when we add any non-essential analytics cookies that require explicit consent under the ePrivacy Directive. As of above, no such cookies are deployed.

International transfers

Some processors above are based outside the EEA (Privy, Sentry, Vercel — United States; Supabase region-routed). Where data leaves the EEA, transfers rely on the European Commission's Standard Contractual Clauses (SCCs). DPA copies available on request.

Changes

Material changes to this policy will be communicated in-app and via email (if we have one on file). The "Last updated" date at the top of this page is authoritative.

Contact

Oleum Group AS · Lupinveien 6A, 4022 Stavanger, Norway · admin@oleum.no