Privacy policy

When you sign up we store your chosen username, a deterministic avatar seed derived from it, and an optional email address used for magic-link sign-in. Your trading history (positions, trades, cash balance) is stored against your account so it survives across sessions.

If you never create an account, everything stays in your browser's localStorage and we have no record of you.

Production data is stored on Supabase (Postgres, EU region). Row-Level Security policies ensure that only you can read or modify your own profile, positions and trade history. The trading-engine endpoints run as Postgres functions with security definer — your client cannot bypass the cash check.

• No advertising trackers, no Google Analytics, no Facebook Pixel.
• No data sold or shared with third parties.
• No fingerprinting, no session replay.
• No emails outside of magic-link sign-in.

We use one localStorage entry (pokemarket-v2) for your portfolio and a Supabase auth cookie when you're signed in. That's it.

You can delete your data at any time from the portfolio page ("Reset") or by signing out and clearing localStorage. For server-side data, email privacy@pokemarket.app and we'll wipe your account.