Privacy Policy

Last updated: January 2026

This Privacy Policy describes how Rubicon ("we", "us", "our") collects, uses, and shares information when you use our platform.

1. Information We Collect

Information You Provide

Wallet addresses — When you connect your wallet
Communications — If you contact us via email or Discord

Information Collected Automatically

Usage data — Pages visited, features used, timestamps
Device information — Browser type, operating system
IP address — For security and analytics
Blockchain data — Public transaction history

Information We Do NOT Collect

Private keys
Seed phrases
Personal identification (KYC)
Financial account details

2. How We Use Information

We use collected information to:

Purpose

Data Used

Provide the Service

Wallet address, usage data

Improve the platform

Usage analytics, feedback

Ensure security

IP address, device info

Communicate updates

Contact information

Comply with law

As required

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

Processing Activity

Legal Basis

Providing the Service

Necessary to perform our agreement with you

Security and fraud prevention

Legitimate interests in protecting our platform and users

Sanctions and compliance screening

Compliance with applicable laws and regulations

Analytics and improvements

Legitimate interests in improving our services

Communications

Your consent (where applicable) or legitimate interests for service-related messages

Responding to legal requests

Compliance with valid legal process

For users in jurisdictions with specific data protection laws (such as the EEA, UK, or California), additional rights may apply as described in the relevant sections below.

4. Blockchain Transparency

Blockchain technology has unique data characteristics you should understand:

Public by design — All blockchain transactions are publicly visible and permanently recorded
Wallet addresses as identifiers — Your wallet address and all associated trades are visible on-chain to anyone
Immutability — We cannot delete, modify, or redact blockchain data once recorded
Third-party access — Anyone can view your trading history via blockchain explorers (e.g., Hypurrscan)

Under certain data protection laws, wallet addresses may constitute personal data when linked to an identifiable individual. However, due to blockchain's immutable nature, deletion requests cannot be fulfilled for on-chain data.

5. Wallet Screening & Compliance

Sanctions Screening

To comply with applicable sanctions regulations, we may:

Screen connected wallet addresses against sanctions lists (OFAC SDN, EU consolidated list, UN sanctions)
Block or restrict access for wallets flagged as high-risk
Share wallet addresses with compliance service providers for screening purposes

Geographic Restrictions

We use IP geolocation to:

Identify users from restricted jurisdictions (United States, sanctioned territories)
Block access to the trading interface for users in restricted regions
Maintain records of access attempts for compliance purposes

Third-Party Compliance Services

We may use services such as:

TRM Labs
Chainalysis
Similar blockchain analytics providers

These services help us identify wallets associated with illicit activity or sanctions violations.

We may share information with:

Service Providers

Infrastructure providers
Analytics services
Security services

Legal Requirements

When required by law
To protect our rights
To prevent fraud or abuse

Business Transfers

In case of merger or acquisition

We do NOT:

Sell your personal data
Share data for advertising purposes

7. Data Retention

We retain different categories of data for different periods:

Data Category

Retention Period

Reason

Wallet addresses

Duration of service use + 3 years

Service provision, compliance

Usage analytics

24 months

Service improvement

Communications

3 years

Support records, legal protection

Compliance records

7 years

Regulatory requirements

IP/access logs

12 months

Security, fraud prevention

Blockchain data

Permanent

Inherent to blockchain technology

After retention periods expire, data is deleted or anonymized unless longer retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

General Rights (All Users)

Access — Request a copy of the personal data we hold about you
Correction — Request correction of inaccurate or incomplete data
Deletion — Request deletion of your data (subject to legal retention requirements and blockchain limitations)
Objection — Object to processing based on legitimate interests
Portability — Receive your data in a structured, machine-readable format

Additional Rights (EEA/UK Users)

Restriction — Request restriction of processing in certain circumstances
Withdraw consent — Where processing is based on consent, withdraw at any time
Automated decisions — We do not make decisions based solely on automated processing that produce legal effects
Supervisory authority — Lodge a complaint with your local data protection authority

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

Right to Know — Request disclosure of personal information collected, used, and disclosed
Right to Delete — Request deletion of personal information (subject to exceptions)
Right to Opt-Out — We do not sell personal information, so this right does not apply
Non-Discrimination — We will not discriminate against you for exercising your rights

Categories of Personal Information Collected: Identifiers (wallet addresses, IP addresses), internet activity (usage data), and geolocation data. See Section 1 for details.

No Sale of Personal Information: We do not sell your personal information as defined under the CCPA.

To exercise any of these rights, contact us at dev@rubiconmarkets.com. We will respond within the timeframes required by applicable law (generally 30-45 days).

9. Security

We implement security measures including:

Encryption in transit (HTTPS)
Access controls
Security monitoring
Regular reviews

However, no system is perfectly secure. You are responsible for securing your wallet and private keys.

10. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

We will notify affected users without undue delay
Notification will include: nature of the breach, categories of data affected, likely consequences, and measures taken
Where required by law, we will notify relevant supervisory authorities within applicable timeframes
We maintain incident response procedures to detect, investigate, and respond to potential breaches

11. Cookies and Tracking

We use:

Essential cookies — For basic functionality
Analytics cookies — To understand usage (can be disabled)

You can control cookies through your browser settings.

12. Third-Party Services

Our platform integrates with third-party services that have their own privacy practices:

Service

Purpose

Hyperliquid

Trading infrastructure

hyperliquid.xyz/privacy

Privy

Wallet authentication

privy.io/privacy

TRM Labs / Chainalysis

Compliance screening

See their respective policies

Analytics

We use privacy-focused analytics services that minimize data collection:

Simple Analytics or Plausible Analytics
These services do not use cookies or track individuals
They are configured to respect Do Not Track signals

Oracles and Price Feeds

Our oracle infrastructure collects pricing data from third-party sources (financial data providers). This does not involve collection of your personal data.

13. Children

The Service is not intended for users under 18. We do not knowingly collect data from minors.

14. International Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. When we transfer data internationally, we implement appropriate safeguards:

Standard Contractual Clauses — Where required, we use EU/UK-approved contractual mechanisms
Service provider agreements — Our vendors are contractually required to protect your data
Security measures — Technical and organizational safeguards apply regardless of location

For EEA/UK users: Data transfers to the US and other non-adequate countries are protected by Standard Contractual Clauses or other lawful transfer mechanisms.

15. Changes to This Policy

We may update this Privacy Policy:

Changes posted on this page
Material changes communicated via available channels
Continued use constitutes acceptance

16. Contact Us

For privacy inquiries:

Email: dev@rubiconmarkets.com
Response time: We aim to respond within 30 days

For data subject access requests, please include sufficient information to verify your identity (e.g., the wallet address associated with your account).

17. Data Controller

Rubicon Markets, LLC

As a US-based company, we are not required to appoint an EU/UK representative. However, EEA and UK users may contact us at the email address above for any privacy-related inquiries.

18. Additional Disclosures

No Fiduciary Relationship

This Privacy Policy and our collection of your data does not create any fiduciary duty, advisory relationship, or special relationship between you and Rubicon.

Limitation on Blockchain Data

Due to the immutable nature of blockchain technology, certain data (including wallet addresses and transaction history) cannot be modified or deleted once recorded on-chain. This limitation applies regardless of any deletion requests we receive.