Privacy Policy

Last updated: June 3, 2026

This Privacy Policy explains what information Shadower ("we", "us", "our") collects, how we use it, and what rights you have. By using the Shadower web application or website, you agree to this policy.

1. Who We Are

Shadower is a cloud-based web application for copy-trading on Polymarket, operated by Danil Shadrin, a sole operator based in Serbia, trading as "Shadower". We operate at shadower.trade. For questions or data requests, contact us at support@shadower.trade. For privacy matters, this is also our point of contact (data controller).

2. What Data We Collect

Account data (stored on our servers / Supabase):

Email address — when you register or sign in with email
Account ID — a randomly generated identifier
Subscription status — plan type, expiry date, trial usage
Session metadata — session ID, last active timestamp

Trading data (stored on our servers to operate the bot):

Wallet private key — stored encrypted (see the box below). Required so the bot can sign trades on your behalf.
Wallet address — the public address of your connected wallet
Trader wallet addresses — the wallets you have chosen to copy
Bot settings — your risk limits, position sizes, and preferences
Trade history and logs — records of copied trades and bot activity

🔐 How your private key is protected Shadower is a custodial service: to trade on your behalf, your private key is stored on our servers. It is never stored in plain text. It is encrypted with AES-256-GCM using envelope encryption managed by AWS Key Management Service (KMS) — the master key never leaves AWS KMS, and every decryption is access-controlled and audit-logged. Decryption is bound to your account, so one user's key cannot be decrypted in the context of another. Our system uses the key only to replicate trades and never to withdraw or transfer your funds. We strongly recommend using a dedicated wallet funded only with what you intend to trade.

3. How We Use Your Data

To authenticate you and manage your account
To operate the copy-trading bot according to your settings
To verify and manage your subscription
To send transactional emails (account confirmation, subscription receipts)
To provide customer support when you contact us
To measure and improve our website and advertising (see Section 6)

We do not sell your personal data to third parties.

4. Third-Party Services

We use the following third-party services to operate Shadower:

Supabase — authentication and database. Stores your email, account ID, and subscription status. Supabase Privacy Policy →
AWS Key Management Service — encryption key management for your stored private key. AWS Privacy Notice →
NOWPayments — cryptocurrency payment processing. Used when you pay for a subscription. NOWPayments Privacy Policy →
Cloudflare — content delivery, DNS, and infrastructure security. Cloudflare Privacy Policy →
Polymarket — the prediction market where trades are placed. We are not affiliated with Polymarket.

5. OAuth Sign-In (Google & Discord)

If you sign in with Google or Discord, we receive only your email address and a unique identifier from that provider. We do not receive your Google password, Discord messages, or any other account content.

6. Analytics and Advertising Cookies

Our website uses cookies and similar technologies to understand traffic and measure the performance of our advertising. These may set cookies or identifiers in your browser:

Google Analytics 4 — anonymous, aggregated usage statistics. Google Privacy Policy → · Opt-out →
Reddit Pixel — measures conversions from Reddit advertising. Reddit Privacy Policy →
Yandex Metrica — website usage analytics. Yandex Privacy Policy →

These tools collect technical data such as your IP address, browser, device, and the pages you visit. You can disable cookies in your browser settings or use the opt-out links above. The trading application itself (/app) does not rely on advertising cookies to function.

7. Data Retention

Account data is retained as long as your account is active
Your encrypted private key is retained while your wallet is connected; it is removed from active use when you remove the wallet, stop using the Service, or delete your account
If you request account deletion, we remove your email, subscription records, and stored key material within 30 days

8. Your Rights

You have the right to:

Access — request a copy of the data we hold about you
Deletion — request that we delete your account and associated data
Correction — request that we correct inaccurate data
Portability — receive your data in a machine-readable format
Opt-out — opt out of analytics/advertising cookies (see Section 6)

To exercise any of these rights, contact us at support@shadower.trade.

9. Security

We take security seriously:

All communication with our servers uses HTTPS/TLS encryption
Your private key is encrypted at rest with AES-256-GCM and AWS KMS envelope encryption; the master key never leaves KMS and every decryption is audit-logged
Decryption is cryptographically bound to your account (encryption context), preventing cross-account key access
Authentication tokens expire after a limited period
We follow least-privilege access controls for systems that can request decryption

No system is perfectly secure. Providing a private key to any custodial service carries inherent risk; using a dedicated, limited-balance wallet is your primary protection.

10. Children's Privacy

Shadower is not intended for users under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this page. Continued use of Shadower after changes constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests, contact us at:
support@shadower.trade