Privacy policy · v2026-05-22

Hedgepit privacy policy

Effective 2026-05-22. This policy describes how Hedgepit Labs ("we", "us", "our") handles information in connection with the Hedgepit interface at hedgepit.com (the "Interface").

1. Scope

Hedgepit is a non-custodial interface to the Hyperliquid protocol. By design, the personal information we process is limited to what is necessary to operate the Interface, meet our regulatory obligations, secure the service, and maintain compliance evidence. We do not collect or process information about you beyond what is described here.

2. Information we collect

We collect the following categories of information:

(a) Wallet attestation records

When you connect a wallet and confirm the eligibility statements in our Terms of Service, we record a timestamped attestation that contains:

  • Your wallet address (stored lower-cased; an Ethereum address is a public identifier);
  • The version of the Terms of Service you accepted;
  • The IP-derived country of the request at the time of attestation (we do not store the IP address itself);
  • The user-agent string of your browser;
  • The UTC timestamp of the attestation.

(b) Server logs

Our hosting and edge providers automatically log requests to the Interface, which typically includes IP address, request timestamp, request path, response status, and user-agent string. These logs are kept by the provider for a limited period for security and operational purposes. We do not correlate these logs to wallet addresses.

(c) Local interface state

The Interface stores certain information locally in your browser using localStorage and IndexedDB. This information stays on your device and is not transmitted to us. It includes:

  • Agent-wallet keypair — a per-master signing keypair used to sign Hyperliquid L1 actions without an additional wallet popup. The private key is generated in your browser and never sent to us.
  • Attestation cache — a flag indicating that the address has accepted the current Terms version, used to suppress re-prompting.
  • UI preferences — selected market, tab state, theme, dialog dismissals.
  • Cached metadata — Hyperliquid spot metadata cached to make the Interface usable while the live data loads.

(d) On-chain activity

Transactions you submit through the Interface are recorded on the Hyperliquid protocol. These are public and we have no control over their retention. The Interface reads on-chain data from public RPC endpoints to render your positions, balances, and order history.

3. What we do not collect

  • We do not collect, hold, custody, or have access to your private keys, seed phrases, or agent-wallet keys.
  • We do not collect, hold, custody, or transmit your funds. All trading and transfer actions go directly from your wallet (or agent wallet) to the Hyperliquid protocol.
  • We do not collect government identifiers, financial account numbers, or KYC documents.
  • We do not collect device-fingerprint, advertising, or cross-site tracking identifiers, and we do not sell any information about you.

4. How we use information

We use the information described above to:

  • Operate, secure, and improve the Interface and our infrastructure;
  • Enforce the geographic and sanctions restrictions in our Terms of Service;
  • Maintain auditable evidence of user attestations as compliance evidence;
  • Investigate and respond to abuse, fraud, security incidents, and unlawful activity;
  • Respond to lawful requests from regulators, law enforcement, or courts of competent jurisdiction;
  • Comply with our legal obligations.

5. Legal bases

Where the General Data Protection Regulation (GDPR), UK GDPR, Swiss FADP, or an equivalent regime applies, we rely on the following legal bases:

  • Performance of a contract — operating the Interface and providing the service you request when you connect a wallet;
  • Legal obligation — keeping records that support our compliance with sanctions and other obligations;
  • Legitimate interests — security, abuse prevention, infrastructure operation, audit, and limited analytics.

6. Third parties and service providers

We rely on third-party providers to operate the Interface, including hosting and edge networks, RPC and indexing providers, infrastructure-monitoring vendors, and wallet and signing SDKs. Each provider receives only the information necessary to perform its function and is contractually bound to handle that information consistently with this policy. We do not share attestation records with marketing providers or data brokers.

7. International transfers

Because the Interface is operated from Sweden and our providers operate globally, information processed in connection with the Interface may be transferred to and stored in jurisdictions outside your country of residence. Where required, we use appropriate transfer mechanisms (such as Standard Contractual Clauses or equivalent safeguards) for transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland.

8. Retention

Attestation records are retained indefinitely as compliance evidence. Server logs are retained for the shorter of (a) the retention period of the relevant provider, or (b) the period required to satisfy our legitimate operational and legal purposes. Local interface state stays in your browser until you clear it or your browser does so automatically.

9. Your rights

Depending on the laws that apply to you, you may have some or all of the following rights with respect to the personal data we hold about you: access, rectification, erasure (where consistent with our compliance obligations), restriction, portability, objection, and withdrawal of consent. To exercise these rights, contact us at legal@hedgepit.com and include the wallet address whose attestation record is the subject of your request, so that we can locate it.

You also have the right to lodge a complaint with a supervisory authority in your country of residence.

10. Children

The Interface is not intended for and may not be used by anyone under the age of 18. We do not knowingly collect information from anyone under 18. If we become aware that we have done so, we will delete the information.

11. Security

We apply industry-standard technical and organisational measures to protect the information we process, but no system is perfectly secure. You are responsible for the security of your devices, browser, and wallet keys.

12. Changes

We may update this policy from time to time. When we do, we will update the version identifier at the top of this page and, where the changes are material to the attestation contract, prompt for re-attestation when you next connect a wallet.

13. Contact

Privacy enquiries may be sent to legal@hedgepit.com.