Privacy Policy

Last updated: November 3, 2025
Version: 1.0

1. Introduction

This Privacy Policy explains how Wick Trade LLC (“Wick Trade,” “we,” “us,” or “our”) collects, uses, shares, and safeguards information in connection with the Wick Trade mobile and web application and related online services (the “Services”).

Your use of the Services is governed by our Terms of Service. The Services are non-custodial. We do not collect private keys or seed phrases. We cannot initiate, authorize, or reverse transactions on your behalf. You remain solely responsible for your wallet and for any keys associated with it. This Privacy Policy constitutes part of our Terms of Service available at wick.trade/terms.

The Services are intended for adults eighteen years of age or older and are not directed to children. We do not knowingly collect information from anyone under eighteen. If you believe a minor has provided information to us, contact us and we will take appropriate action.

We may update this Privacy Policy from time to time. The effective date at the top of the Privacy Policy indicates when it was last revised. For material changes, we may provide an in-app notice or email notification. Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.

Certain data, such as wallet addresses and transaction identifiers, may be recorded on public decentralized networks outside our control. These entries are permanent and immutable by design. Because public blockchains are immutable and may be replicated globally, exercising certain data protection rights (such as erasure or correction) may not be technically possible for on-chain data. We cannot delete, modify, or suppress any information stored on such blockchains. Your continued use of decentralized protocols acknowledges this technical limitation.

For questions about this Privacy Policy or to exercise your privacy rights, you may contact us at contact@wick.trade or by sending notice to 30 N Gould St Ste #45179 Sheridan, WY 82801

2. Information We Collect

2.1 Account and Contact Information. When you create or access an account, we collect information you provide, such as your email address, phone number, or Sign in with Apple identifier, and your in-app profile or settings. We use this information to create and maintain your account, to authenticate you, and to communicate with you about the Services.
2.2 Wallet information. When you connect a wallet, we may process your public wallet address to display balances or activity within the app or to support troubleshooting. We do not collect or store private keys, seed phrases, or full on-chain trade histories. The authoritative record of your assets and transactions remains on the applicable public blockchain.
2.3 Device Data. We collect technical information from your device and from the app, including device type, operating system and version, app version, performance metrics, and crash or error logs. Diagnostic entries may include your public wallet address when needed to reproduce and resolve an issue. We use this information to secure, maintain, and improve the Services.
2.4 Usage Information. We collect limited information about how you interact with the Services, such as screens viewed, features used, and timestamps. We use this information to operate the Services, to enforce feature availability and safety measures, and to improve user experience.
2.5 Third-Party Services. If you choose to use features that connect to third parties, we process the information needed to facilitate those connections. This may include data exchanged with:

1. Hyperliquid for displaying market data and submitting user-initiated transactions;
2. Unit for generating deposit or withdrawal addresses for supported chains and assets;
3. MoonPay (to be enabled in a future release) for fiat on-ramp and off-ramp functionality;
4. Privy for authentication, key-management operations, and TEE-based wallet actions; and
5. infrastructure providers such as AWS, Vercel, and Cloudflare that provide hosting, delivery, and security.

When you use these features, the relevant third party may receive your public wallet address, transaction metadata, and other information needed to complete the request. Those providers process your information under their own terms and privacy policies. Your use of those features is optional.
2.6 Security and Compliance Signals. To help enforce sanctions, export controls, and regional feature restrictions, we may process transient network and location signals at the time of access. We do not retain Internet Protocol addresses or similar signals longer than necessary to complete the check or to meet a documented legal requirement, and we do not use such signals for advertising or profiling.

3. How We use information

3.1. Information we collect. We use the information described in this Privacy Policy to operate, secure, and improve the Services, and to comply with applicable law:

1. Service Delivery. We process your information to provide the Services, including to create and maintain your account, authenticate your access, and display market and wallet information. We also use information to execute your settings, preferences, and user-initiated actions within the application.
2. Security. We use diagnostic, log, and usage data to detect, investigate, and remediate errors or vulnerabilities, to enforce regional or feature-based restrictions, and to prevent unauthorized or abusive activity. This includes enforcement of feature controls, such as disabling perpetual contracts for users located in the United States unless those features are provided through a licensed partner.
3. Compliance. We may process personal information as necessary to comply with applicable laws, including sanctions and export control requirements in the United States, the European Union, and the United Kingdom. We may also process information to respond to lawful requests, court orders, subpoenas, or regulatory inquiries, and to defend legal claims or protect our rights and the rights of others.
4. Communications. We may use your account and contact information to send administrative messages, security notifications, and important updates regarding the Services, including updates to our Terms of Service or this Privacy Policy. These communications are transactional in nature and are not marketing messages.
5. Improvement. We may analyze aggregated and de-identified usage information to understand how the Services are used, to maintain performance and stability, and to develop new features. This analysis does not involve profiling or automated decision-making that produces legal or similarly significant effects.

3.2 No Sale. We do not sell personal information. We do not share information for cross-context behavioral or targeted advertising, and we do not use information to profile users for investment, marketing, or trading purposes.
3.3. Legal Bases. For users located in the European Economic Area (“EEA”) and the United Kingdom (“UK”), our processing of personal data is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR. This section describes the legal bases on which we process personal data:

1. Performance of a Contract. Processing is necessary to perform our agreement with you under the Terms of Service, including to create and maintain your account, authenticate access, and provide the Services.
2. Legitimate Interests. Where we rely on legitimate interests, we do so only where those interests are not overridden by your rights and freedoms under applicable law. We process certain information on the basis of our legitimate interests. These interests include:

• maintaining the security and integrity of the Services;
• detecting and preventing fraud, abuse, and unauthorized access;
• performing diagnostics and error logging (including where Sentry temporarily records wallet addresses for troubleshooting);
• enforcing regional feature controls and compliance with legal restrictions; and
• analyzing aggregate usage to improve reliability and performance.

3. Legal Obligation. We may process information where required by law, regulation, or governmental order. This includes compliance with sanctions programs, export control laws, and other statutory reporting or recordkeeping obligations
4. Consent. In limited cases, and only where required by law, we may rely on your consent to process personal data - for example, for certain optional analytics, communications, or feature participation. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

4. Sharing and Disclosures

4.1 Service Providers and Processors. We engage third parties to process information on our behalf and under our instructions, for the purposes described in this Privacy Policy. These include:

1. Sentry (Functional Software, Inc.) for crash/error logging, performance monitoring, and diagnostics. Diagnostic entries may include device data and, where necessary to reproduce an issue, a public wallet address.
2. Privy for authentication and trusted execution environment (TEE) wallet operations.
3. Amazon Web Services (AWS), Vercel, and Cloudflare for hosting, content delivery, and security.
4. Customer support and communication tools we use to respond to user requests.

Each processor is bound by a written agreement requiring it to protect personal information, to use it only as instructed, and to apply appropriate technical and organizational safeguards.
4.2 Third-Party Protocols. If you choose to access or interact with Hyperliquid, Unit, MoonPay (future), or other third-party protocols or on-ramp providers from within the Services, those parties will receive the data needed to complete the transaction or display the requested information. For those specific transactions they act as independent controllers (or, in limited cases, as joint controllers) and will process your information under their own terms and privacy policies. We do not control and are not responsible for their processing.
Examples include:

• Hyperliquid, which facilitates perpetual and spot trading functions displayed in the app;
• Unit, which generates deposit and withdrawal addresses for on-chain transfers; and
• MoonPay (to be integrated in a future release), which facilitates fiat on-ramp functionality.

Each third-party partner processes personal data under its own privacy policy and terms of service. We do not control, and are not responsible for, their use or disclosure of information.
4.3 Legal disclosures. We may disclose information if required to do so by law or legal process, including in response to subpoenas, court orders, or lawful governmental requests. We may also disclose information when we believe that disclosure is necessary to protect our rights, property, or safety, or that of our users, employees, or others.
4.4 Corporate transactions. We may disclose or transfer information in connection with any merger, acquisition, reorganization, financing, or sale of assets, subject to customary confidentiality obligations and safeguards to protect personal information.
4.5 No Sale. We confirm that we do not sell personal information as that term is defined under applicable U.S. privacy laws. We also do not share personal information for cross-context behavioral or targeted advertising purposes.

5. DATA TRANSFER AND RETENTION

5.1 Transfers. Wick Trade LLC is located in the United States, and personal information collected through the Services is processed and stored in the United States. When we receive or otherwise process personal data originating from the European Economic Area or the United Kingdom, we rely on Standard Contractual Clauses (SCCs) adopted by the European Commission or approved by the UK Information Commissioner’s Office; or another adequate safeguard or exemption permitted under applicable data protection law.
5.2 Retention. We retain personal information only for as long as necessary to (i) operate the Services, (ii) meet the purposes described in this Privacy Policy, or (iii) comply with legal, accounting, or reporting obligations.

1. Account and authentication data are kept while your account is active and for a reasonable period thereafter to enforce our Terms of Service, resolve disputes, and comply with law.
2. Diagnostics and error logs (including entries that may contain a wallet address) are generally retained for up to ninety (90) days and may be kept longer where needed for security, abuse investigation, or legal purposes.
3. Support communications are retained for as long as necessary to respond and to maintain a record of our interactions with you.

When data is no longer needed, we will delete, anonymize, or aggregate it in a manner consistent with applicable law.
5.3. Security Measures. We implement reasonable and appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. These include encryption in transit, access controls, secure hosting environments, and logical isolation of production systems.
5.4 Incident Response. If we become aware of a personal-data breach likely to result in a risk to individuals, we will notify affected users without undue delay and, where required, notify the competent supervisory authorities in accordance with applicable law.

6. YOUR RIGHTS AND CHOICES

6.1 Rights of U.S. users. If you are a resident of a U.S. state with a comprehensive privacy statute, including California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Virginia (VCDPA), or a similar jurisdiction, you may have the following rights with respect to your personal information:

1. Right to know and access. You may request disclosure of (i) the categories and specific pieces of personal information we have collected about you, (ii) the categories of sources, (iii) the business or commercial purposes for collecting or disclosing it, and (iv) the categories of third parties to whom we disclose it.
2. Right to delete. You may request that we delete personal information we hold about you, subject to lawful and operational exceptions.
3. Right to correct. You may request correction of inaccurate personal information.
4. Right to data portability. You may request a copy of your personal information in a readily usable and transferable format.
5. Right to non-discrimination. We will not deny services, charge different prices, or provide a different level or quality of service because you exercise your privacy rights.
6. Right to opt out. We do not sell personal information and do not share it for cross-context behavioral advertising; therefore, this right does not apply.
7. Right to appeal. If we deny your request, you may appeal by contacting contact@wick.trade. If your appeal is denied, you may have the right to contact your state regulator.

We will respond to valid requests within forty-five (45) days of receipt. We may extend by an additional forty-five (45) days where reasonably necessary and will inform you of the extension and reason.

6.2 Rights of European users. If you are located in the European Economic Area (EEA) or the United Kingdom (UK), your personal data is protected by the GDPR or UK GDPR. Subject to statutory conditions and limitations, you have the following rights:

1. Access (Art. 15 GDPR). Request confirmation and a copy of your personal data and processing details.
2. Rectification (Art. 16 GDPR). Request correction of inaccurate or incomplete personal data.
3. Erasure (Art. 17 GDPR). Request deletion where processing is no longer necessary or as otherwise required by law, subject to lawful exceptions.
4. Restriction (Art. 18 GDPR). Request that we restrict processing in certain circumstances, such as while we verify accuracy or review an objection.
5. Portability (Art. 20 GDPR). Request your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmission to another controller.
6. Objection (Art. 21 GDPR). Object to processing based on our legitimate interests, including any related profiling, unless we demonstrate compelling legitimate grounds or need the data for legal claims.
7. Withdraw Consent (Art. 7(3) GDPR). Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
8. Lodge a Complaint (Art. 77 GDPR). You may complain to your local data protection authority or the UK ICO.

We will respond to valid requests within one (1) month of receipt and may extend by one (1) additional month where permitted. We will notify you of any extension and the reason.

6.3 Submitting request. You may submit a privacy request by emailing contact@wick.trade or, where available, through in-app support. Please include enough detail to identify your account or wallet and describe your request. Before fulfilling a request, we may take reasonable steps to verify your identity or confirm your control of a wallet or account. Verification may include confirming registered details, responding via your registered contact method, or providing a cryptographic signature from a wallet you control. If you use an authorized agent, we may require written authorization or other proof of agency.

6.4 Refusals. We may deny or limit a request where permitted or required by law, including where:

1. disclosure would adversely affect the rights or freedoms of others;
2. the information is recorded immutably on a public blockchain and cannot be altered or deleted;
3. the request is manifestly unfounded or excessive; or
4. we cannot authenticate your identity or authority.

If we deny your request, we will provide a written explanation and instructions for appeal where applicable. Examples include where disclosure would infringe the rights of others, where data exists immutably on a public blockchain, or where we cannot authenticate the requester. We do not have control over, and cannot alter, delete, or suppress information that has been recorded on a public blockchain. Such data may remain publicly accessible in accordance with the design of the blockchain network..

7. Cookies and “Do Not Track”

The mobile application uses software development kits (SDKs) and other similar technologies to collect diagnostics and usage information. For example, we use Sentry to identify and correct software errors, and to monitor app performance. We do not use third-party advertising SDKs that track users across apps or websites for the purpose of targeted advertising or cross-context behavioral profiling.

Web browsers may transmit “Do Not Track” or similar signals. Because there is no consistent industry standard for responding to such signals, our Services do not currently act on them. However, we do not sell or share data for advertising, so your privacy is not affected by this limitation. If we later introduce optional analytics or web-based features that use cookies or similar technologies, we will provide additional notice, choice mechanisms, or consent options as required by applicable law.

We do not track you across apps and websites owned by other companies, and we do not request tracking permission under Apple’s App Tracking Transparency (ATT) framework. If this changes, we will request your permission first.