N°/04 — PRIVACY

Privacy
policy.

Last updated 2026-04-22

The short version

  • We only collect what we need to run your account and show your public profile — email, a handle, an optional display name, a wallet address, and the on-chain transfers to that wallet.
  • We never hold private keys, seed phrases, or any login to a financial account. Payouts come from reading a public blockchain, not from connecting to your accounts.
  • We don’t sell your data. There is no ad model. The only things publicly visible are the things you explicitly made public on your profile.
  • Your wallet address is never displayed publicly. We use it server-side to find your payouts; the public sees only the aggregate total, payout count, and linked prop firms.

1. What we collect

Account data — when you sign up: email, a hashed password (if you chose email + password), or a Discord ID + username + email (if you signed up via Discord OAuth). You can edit display name, avatar, bio, and socials in settings.

Wallet address — when you connect a Rise payout wallet, we store the address and use it to fetch inbound RISEPAY transfers from public block explorers.

Payout records — for each inbound RISEPAY transfer: transaction hash, timestamp, amount, matched prop-firm signature. All of this is already on the public blockchain.

Technical logs — standard server logs (IP address, user-agent, timestamps) kept for security and debugging, and aggregated analytics through Vercel Analytics (no cross-site tracking).

2. What we don’t collect

  • No private keys, seed phrases, or signing capability.
  • No financial-account logins of any kind — no broker credentials, no open-banking tokens, no exchange API keys.
  • No third-party advertising cookies.
  • No cross-site tracking across other sites.

3. How we use the data

  • To run your account and show your profile / badge.
  • To keep your payout history up to date against the chain.
  • To respond when you contact support.
  • To send transactional emails (signup confirmation, important account notices). We don’t send marketing emails without explicit opt-in.
  • To detect and prevent abuse (e.g. account takeover, duplicate wallet claims).

4. Where the data lives

Account and payout records are stored in Supabase (Postgres, hosted in the EU). Transactional email is sent via Resend. Authentication is handled by Supabase Auth. Vercel hosts the application itself and provides anonymous usage analytics.

If you signed in through Discord, Discord processes your authentication under its own privacy policy.

5. Sharing

We share data with the processors listed above strictly to run the Service. We do not sell personal data and do not share it with third parties for their own marketing. We may disclose data if required by a valid legal order, and we will push back on overbroad requests.

6. Your rights

If you’re in the EU / EEA / UK, GDPR gives you rights to access, correct, delete, or export your data, and to restrict or object to processing. You can:

  • Access — download your data from the dashboard settings.
  • Delete — delete your account from settings; your profile goes private immediately and all linked data is purged within 30 days.
  • Correct— edit your profile in settings, or email us for anything the settings UI doesn’t cover.

Note that the underlying blockchain data is public and immutable; we can remove your attributionfrom TrustPnL but we can’t remove transactions from Arbitrum.

7. Retention

Account data is kept while the account exists and deleted within 30 days of account deletion. Security logs are retained for up to 12 months. Anonymous analytics may be retained indefinitely in aggregated form.

8. Cookies

We use strictly necessary cookies for authentication (a secure session cookie) and aggregated analytics. We do not use advertising cookies, cross-site trackers, or third-party marketing pixels.

9. Children

TrustPnL is not directed at anyone under 18. We don’t knowingly collect data from minors — if you believe we have, email hello@trustp.nl and we will delete it.

10. Changes

Material updates will be flagged here with a new "last updated" date and, if significant, announced via email to the address on your account.

11. Contact

Privacy questions or GDPR requests: hello@trustp.nl.