SurgeDex

Privacy Policy

Last updated: June 6, 2026

Short version: SurgeDex does not collect personal data. There are no user accounts, no email logins, and no passwords. The only thing we "see" is what is already public on the blockchain — your wallet address — once you connect.

1. No Account, No Personal Data

SurgeDex does not require — and does not allow — registration with email, name, phone number, national ID, or any other personally identifiable information (PII). The Interface is accessible only by connecting a self-custodied Web3 wallet such as MetaMask, Rabby, WalletConnect, or any EIP-1193 compatible wallet.

2. What Information Is Visible

When you connect your wallet, the Interface and the underlying blockchain see:

  • Your public wallet address (necessary to read balances and submit transactions).
  • On-chain activity associated with that address — public by design on every public blockchain.
  • Standard server log data (IP, user agent, timestamp) recorded transiently by our hosting provider for security and abuse prevention. This data is not used for profiling, advertising or sold to third parties.

We do not link, enrich, or correlate this data with any off-chain identity.

3. Browser Storage (Local Only)

SurgeDex stores small amounts of data in your browser's localStorage and session storage so the app can function. This includes:

  • UI preferences (theme, layout, last-selected market).
  • Agent / sub-wallet keys you generate locally for paper-mode automated trading. These remain on your device and are not transmitted to SurgeDex servers.
  • Wallet connection metadata used by the wallet provider library.
  • Cookie-consent acknowledgement for this Privacy Policy.

This data is local to your browser. We do not read it. You may clear it at any time by clearing your browser's site data for SurgeDex.

4. Mirror Trading — Server-Side Key Storage

If you choose to enable mirror trading, the behaviour is different from paper-only mode. Mirror trading requires SurgeDex to execute real orders on your Hyperliquid account without your manual approval at each trade. To do this:

  • You transmit your Hyperliquid agent wallet private key to SurgeDex servers over an HTTPS-encrypted connection.
  • This key is stored in server-side encrypted storage (Vercel KV) and is used exclusively to sign mirror trade orders on Hyperliquid.
  • The key is associated with your wallet address and the specific agent subscription(s) you create. It is not used for any other purpose.
  • You may delete this stored key at any time by stopping all mirror subscriptions through the Interface, or by contacting us through official channels.
  • SurgeDex strongly recommends you use a dedicated agent wallet with limited funds for this purpose — never your primary trading wallet's key.

This is the only circumstance in which any key material leaves your device. If you do not use mirror trading, no key material is ever sent to SurgeDex servers.

5. Cookies & Tracking

We do not use:

  • Advertising cookies or retargeting pixels.
  • Behavioural analytics platforms (Google Analytics, Mixpanel, Amplitude, Hotjar, etc.).
  • Third-party trackers, fingerprinting, or session-replay tools.
  • Email or marketing automation tools (we have nothing to email you with — we don't have your email).

Cookies that may be set are strictly necessary for app function (wallet session, route-level CSRF protection where applicable). Under GDPR and similar regulations these "strictly necessary" cookies do not require opt-in consent, but we display a one-time notice anyway so you know what is and isn't happening.

6. Third-Party Services You Trigger

When you trade or run a bot, you interact with third-party services that have their own privacy practices:

  • Hyperliquid — receives your wallet address and signed transactions; settles all trades on-chain.
  • Your wallet provider (MetaMask, Rabby, WalletConnect, etc.) — handles the cryptographic signing.
  • AI model providers (OpenAI, Anthropic, Google, DeepSeek, xAI) — only when you supply your own API key for bot scans. We pass them market context, not your wallet address.
  • Optional data providers (Whale Alert, Firecrawl) — same: only used if you supply your own key.

We are not responsible for the data practices of these third parties. Review their respective privacy policies before use.

7. GDPR & Your Rights

Because we do not collect personal data, most data-subject rights under GDPR / UK GDPR / CCPA (right of access, deletion, portability, rectification) are not actionable in the conventional sense — there is nothing on our servers that we hold against your identity. You can:

  • Disconnect your wallet at any time.
  • Clear your browser's site data to remove all locally-stored preferences and agent keys.
  • Use a different wallet to interact with the Interface anonymously.

On-chain transactions, once confirmed, cannot be deleted from the blockchain by us, you, or any third party — this is a fundamental property of public ledgers.

8. Children

The Interface is not directed to anyone under 18. We do not knowingly collect any data from minors (including the limited categories above).

9. Changes

Updates to this Privacy Policy will be reflected in the "Last updated" date. Material changes will be highlighted on the site for a reasonable period.

10. Contact

Questions about this Privacy Policy can be raised through the official SurgeDex communication channels published on the site.