polymocket
Browse · Polygon (no wallet)

Last updated: 2026-05-08

Privacy Policy

Polymocket (“we”, “us”) is operated by a German entity. This notice describes what personal data we collect, why, how long we retain it, who we share it with, and the rights you have under the EU General Data Protection Regulation (GDPR). By using polymocket.com you accept the processing described here. For the technical companion document, see web/privacy.md.

Controller

The data controller under Art. 4(7) GDPR is the German entity operating Polymocket. Contact for privacy enquiries: [email protected].

Data we collect

  • Wallet address. When you connect a wallet, your public Ethereum address is visible to the application. Polymocket does not store this server-side; trades and positions are read directly from the public chain.
  • L2 API credentials. If you use the LIVE mode bridge to Polymarket, an encrypted credential triple is held only in your browser (IndexedDB), wrapped with an AES-GCM key derived from a wallet signature. Keys never leave your device.
  • Crash + error reports. Errors are reported to Sentry with the user identified by a one-way SHA-256 hash of your wallet address. No IPs, no request bodies, no order payloads.
  • Analytics (opt-in). If — and only if — you click “Accept” on the cookie banner, a first-party polymocket-analytics cookie is set. Until then no analytics tooling is loaded.
  • Server logs. The CLOB API records request URL, status code, and timing. Source IPs are dropped at ingest. Logs roll over after 14 days.

Purposes + legal bases

  • Providing the service (Art. 6(1)(b) GDPR — performance of contract): wallet connection, order routing, settlement.
  • Securing the service + abuse prevention (Art. 6(1)(f) — legitimate interest): error reporting, request logs, position-cap enforcement.
  • Analytics (Art. 6(1)(a) — consent): only after you click “Accept” on the cookie banner. You can withdraw consent at any time by clearing site data in your browser settings.

Retention

  • Wallet address: not stored server-side. Visible only to the on-chain record, which is permanent and outside our control.
  • L2 credentials: stored only on your device until you clear them.
  • Crash reports (Sentry): 90 days.
  • Server logs: 14 days.
  • Analytics cookie: 1 year, or until you withdraw consent.

Recipients

We use a small set of processors operating under EU-adequate contractual safeguards: Sentry (error reporting), UptimeRobot (uptime probing of public endpoints only), and the public Polygon network (on-chain settlement, by definition global).

We do not sell or rent personal data, and we do not use your data for profiling or automated decision-making within the meaning of Art. 22 GDPR.

Your rights

Under Articles 15–22 GDPR you have the right to access, rectification, erasure, restriction of processing, data portability, and to object to processing based on legitimate interest. You also have the right to withdraw your analytics consent at any time, and to lodge a complaint with the competent supervisory authority (in Germany, the Landesbeauftragte für Datenschutz of the relevant federal state).

To exercise any of these rights, contact [email protected].

Cookies

Polymocket uses two categories of cookies:

  • Strictly necessary — session state needed to keep the application running. These are not subject to consent under § 25(2) TTDSG.
  • Analytics (opt-in) — set only if you click “Accept” on the cookie banner. The cookie name is polymocket-analytics; max-age 1 year; SameSite=Lax. Reject is the default.

Updates

We may update this notice as the platform evolves. The “Last updated” date at the top reflects the latest revision. Material changes will be flagged via the cookie banner so the prior consent is re-confirmed.

See also our Terms of Service.