Privacy Policy
Effective date: February 8, 2026 · Last updated: February 8, 2026
1. Introduction
Eventa Markets ("Platform") is operated by an individual as a non-profit oriented one-person organization ("Operator", "we", "us", or "our"). The software and related materials are private property of the Operator. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you access or use our Platform.
This policy applies to all users of the Platform, including visitors, registered users, and participants in prediction markets. By using the Platform, you consent to the data practices described in this policy.
1.1 Third-party wallet and signing services
When you sign in or sign transactions using Xumm, Xaman, or other third-party wallet services, those providers process data under their own terms and privacy policies. We do not receive your wallet private keys. Their handling of your data is outside our control except as described where our systems interact with their APIs (for example, to verify a signed message or transaction).
1.2 Disclosure of organizational information
You are not entitled to organizational, corporate, or legal disclosures beyond what applicable law requires. Additional information and supporting legal documentation may be provided on request where appropriate, including in connection with partner integrations, wallet-provider review, or regulatory inquiry.
2. Data Controller
The data controller responsible for your personal data is the Operator (the individual described above), contactable for privacy matters at digitalassethedge@gmail.com.
3. Information We Collect
3.1 Information You Provide
| Category | Data Points | Purpose |
|---|---|---|
| Account Data | Email address, password (hashed), first name, last name, country | Account creation, authentication, communications |
| Wallet Data | Digital asset wallet addresses (e.g. supported networks) | Authentication, deposit/withdrawal processing |
| KYC Documents | Government-issued ID (passport, national ID, driver's license), selfie, proof of address, source of funds declaration | Identity verification, regulatory compliance |
| Communications | Support messages, dispute submissions | Customer support, dispute resolution |
3.2 Information Collected Automatically
| Category | Data Points | Purpose |
|---|---|---|
| IP Address | IPv4/IPv6 address at registration and each login | Fraud prevention, geo-restrictions, security audit trail |
| Device Data | Browser type, operating system, device type, screen resolution | Platform optimization, security monitoring |
| Usage Data | Pages visited, features used, session duration, click patterns | Service improvement, analytics |
| Transaction Data | Trade history, deposits, withdrawals, positions, P&L | Service delivery, AML compliance, dispute resolution |
4. IP Address Collection
Detailed Disclosure
We collect your IP address at registration and at each login. IP addresses are obtained via HTTP request headers and may additionally be verified through the ipify API service.
We use IP addresses for:
- Fraud prevention: Detecting unauthorized access, identity theft, and account takeover attempts by identifying unusual login patterns or locations.
- Account security: Verifying login attempts and flagging access from previously unseen locations or networks.
- AML/KYC compliance: Meeting regulatory requirements for transaction monitoring and suspicious activity reporting.
- Geographic restrictions: Enforcing jurisdictional restrictions where prediction markets or digital asset services are prohibited.
- Locale detection: Determining appropriate language and content localization for first-time visitors.
IP addresses are stored in our database associated with your user account. They are retained for the duration specified in Section 7 (Data Retention).
5. Legal Basis for Processing
We process your personal data on the following legal bases (where applicable under GDPR or equivalent legislation):
| Legal Basis | Application |
|---|---|
| Contract Performance | Processing necessary to provide Platform services: account management, trade execution, wallet operations, settlement |
| Legal Obligation | Processing required by law: KYC/AML compliance, transaction record-keeping, regulatory reporting, sanctions screening |
| Legitimate Interest | Processing for fraud prevention, security monitoring, Platform improvement, and analytics (balanced against your rights) |
| Consent | Marketing communications, optional analytics cookies (where consent is required) |
6. How We Use Your Information
- Service delivery: Operating your account, executing trades, processing deposits and withdrawals, calculating and distributing payouts.
- Security: Detecting and preventing fraud, unauthorized access, and abuse. Monitoring for suspicious transaction patterns.
- Compliance: Meeting KYC/AML obligations, responding to regulatory inquiries, filing suspicious activity reports where required.
- Communications: Sending transactional notifications (trade confirmations, withdrawal status), security alerts, and service updates.
- Improvement: Analyzing usage patterns to improve Platform functionality, performance, and user experience.
- Dispute resolution: Investigating and resolving market disputes, account issues, and support requests.
7. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Account information | Duration of account + 5 years after closure | Regulatory record-keeping requirements |
| Transaction records | 7 years from transaction date | AML regulations, tax reporting obligations |
| KYC documents | 5 years after account closure or last transaction | AML/KYC regulatory requirements |
| IP addresses & security logs | Up to 7 years | Security, fraud investigation, legal compliance |
| Usage analytics | 24 months (anonymized after) | Service improvement |
After the applicable retention period, data is securely deleted or irreversibly anonymized. Anonymized data may be retained indefinitely for statistical and research purposes.
8. Data Sharing & Disclosure
We do not sell your personal data. We may share your information with:
- Service providers: Third-party services that assist Platform operations, including hosting (Vercel, Railway), database (Neon), caching (Upstash), and KYC verification providers. These providers are contractually obligated to protect your data.
- Regulatory authorities: When required by law, regulation, or legal process, including AML/KYC obligations and court orders.
- Law enforcement: When we believe in good faith that disclosure is necessary to prevent fraud, protect safety, or comply with legal obligations.
- Transfer of operations: If operations of the Platform are ever transferred, your data may be transferred to a successor, subject to applicable law and notice where required.
9. International Data Transfers
Your data may be processed in jurisdictions outside your country of residence, including the United States and European Economic Area. When transferring data internationally, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.
10. Data Security
We implement technical and organizational measures to protect your personal data, including:
- Encryption: Passwords are hashed using industry-standard algorithms. Data in transit is protected by TLS/HTTPS.
- Access controls: Role-based access to personal data, limited to authorized personnel with a legitimate need.
- JWT authentication: Short-lived access tokens with refresh token rotation to minimize exposure.
- Rate limiting: API rate limiting to prevent brute-force attacks and abuse.
- Monitoring: Security event logging and anomaly detection for unauthorized access attempts.
- Infrastructure: Hosted on SOC 2-compliant infrastructure with regular security updates.
No system is completely secure. We cannot guarantee absolute security, but we are committed to implementing best practices and promptly addressing any security incidents.
11. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
| Right | Description |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Rectification | Request correction of inaccurate or incomplete personal data. |
| Erasure | Request deletion of your personal data, subject to legal retention requirements. |
| Restriction | Request that we restrict processing of your data in certain circumstances. |
| Portability | Request your data in a structured, machine-readable format for transfer to another controller. |
| Objection | Object to processing based on legitimate interests, including profiling. |
| Withdraw Consent | Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing. |
To exercise any of these rights, contact us at digitalassethedge@gmail.com. We will respond within a reasonable time. We may request additional verification before processing your request.
Note: Certain data must be retained to comply with legal obligations (KYC/AML regulations, tax reporting). Erasure requests will be processed to the extent permitted by applicable law.
12. Cookies & Tracking
The Platform uses the following types of cookies and similar technologies:
- Essential cookies: Required for Platform operation — authentication, session management, locale preferences. Cannot be disabled.
- Functional cookies: Remember your preferences (e.g. locale, display settings). Improve user experience.
- Analytics cookies: Collect anonymized usage data to help us understand how the Platform is used and improve our services. Subject to consent where required.
We do not use advertising or third-party tracking cookies. You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain Platform features.
13. Children's Privacy
The Platform is not intended for individuals under the age of 18 (or the age of legal majority in their jurisdiction). We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will promptly delete it.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be communicated via the Platform or email. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the Platform after changes take effect constitutes acceptance of the revised policy.
15. Supervisory Authority
If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data violates applicable data protection law.
16. Contact
For privacy-related questions, data subject requests, or complaints:
Eventa Markets — Operator (individual)
Email: digitalassethedge@gmail.com
Further legal or organizational documentation may be provided on request where appropriate (including for wallet-provider or regulatory review).