Privacy Policy
Effective date: August 5, 2025 Contact: [email protected]
“Celerium Ltd” is the data controller for the OOGA trading platform. This policy explains what we collect and why when you use OOGA. The Service is intended for users age 18 or older. We do not require KYC except where legally compelled.
1. Data we collect
Wallet & on-chain: connected wallet addresses; transaction metadata required to route orders; referral IDs; on-chain program interactions.
Embedded wallet data: We use Turnkey to provide non-custodial wallets. Turnkey stores only encrypted key ciphertext and handles signing inside secure enclave infrastructure. We do not receive, store, or have access to your raw private keys or seed phrase.
Accounts (Google OAuth, optional): If you choose to sign in with Google, we receive your Google user ID, email, and avatar URL (if available). We do not store your password or access your full Gmail account. OAuth tokens are not persisted unless required for platform support.
Profile (optional): username, profile picture (uploaded by you or from Google), and stats/progression (XP, rank, referral totals, claimed rewards, boost eligibility).
Technical: We do not store IP addresses or infer user location. Some processors (e.g., hosting or analytics vendors) may see IPs temporarily for operational purposes, but they are not retained or used by us. We do not use fingerprinting or location-based features.
Monitoring & diagnostics: Performance metrics via Prometheus/Grafana and error telemetry via Sentry, which may momentarily access technical request metadata (e.g., request headers) during incident logging. These are not linked to identifiable users and are purged according to retention rules.
Points ledger (promotions): per-trade records used to compute giveaway entries, including slot, transaction signature, routed pair(s), input/output token amounts, the SOL amount filled, and the SOL/USD price snapshot used at execution (Pyth primary; Switchboard fallback).
Support & communications: messages you send us; your email if provided.
Cookies/storage: essential cookies/local storage for session and security. Google Sign-In and TradingView may set their own cookies. We do not use marketing or ad cookies.
2. How we use data
Provide and secure the Service; route transactions and operate smart-contract interactions.
Authenticate accounts (Google OAuth) and operate progression, referrals, and giveaway claims.
Create and display your profile (username, profile picture, stats/progression), including leaderboards and referral pages.
Prevent abuse (Sybil/wash/spoofing), monitor uptime/performance, debug/diagnose issues, and improve the Service.
Send service notices (no marketing without consent).
2A. Profile visibility
Your username, profile picture, and basic stats/progression are visible to other users (leaderboards, referral pages, winner announcements). If you win a giveaway, we may display your wallet address (partially redacted) and associated stats in winner announcements. Editing or deleting profile elements does not affect on-chain records.
3. Lawful bases (GDPR/UK)
Contract: to provide the Service and authenticate your account (Google OAuth).
Legitimate interests: security and fraud prevention; uptime/performance monitoring (Prometheus/Grafana); backend error reporting (Sentry).
Consent: marketing emails (opt-in) and any non-essential cookies in the EU/UK.
4. Sharing with processors
Hosting: AWS (us-east-1).
Wallet infrastructure: Turnkey handles wallet storage and transaction signing. We never receive unencrypted private keys, and Turnkey does not share your private key material with us.
Aggregation/market/data: Jupiter, Solanatracker, Bitquery.
Charts/widgets: TradingView. When charts load, TradingView receives technical information needed to provide the widget (e.g., IP address and user-agent) and may set its own cookies. See TradingView’s policies for details.
Identity provider: Google Sign-In (OAuth).
Monitoring/analytics: Prometheus and Grafana (metrics/dashboards).
Error reporting: Sentry (sentry.io). We also disclose data when required by law, to protect rights/security, or in a corporate transaction.
5. International transfers
For EEA/UK users, data may be transferred outside your region (e.g., to the US). Where required, we use the EU Standard Contractual Clauses and UK addendum with processors such as Sentry.
6. Retention
Profile & account data (username, profile picture, stats/progression; OAuth email/ID/tokens): retained while your account/profile is active; deleted within 30 days after you delete your profile or disconnect/delete your account (minimal logs/fraud records may be retained as permitted by law).
Server logs & monitoring metrics (Prometheus/Grafana): 12 months.
Backend error telemetry (Sentry): up to 24 months.
Support records: 24 months.
Referral/giveaway accounting: 7 years.
7. Security
TLS in transit; encryption at rest on AWS; encrypted OAuth tokens with revocation on disconnect/deletion; access controls and logging; backups; vulnerability scanning; vendor due diligence. Profile images are stored in our infrastructure or a trusted CDN with access controls. We scrub secrets from logs and error reports. No system is perfectly secure.
8. Your rights
Where applicable (EEA/UK/CA/others), you may request access, correction, deletion, restriction, objection, or portability. Contact [email protected]. You may also request deletion of your personal data. We will act on verified requests within 30 days, subject to any legal or operational retention requirements. We may verify via email and wallet signature. Response target: 30 days. You can disconnect Google OAuth in-app and via Google Account → Security → Third-party access.
9. Minors
We do not knowingly collect data from users under 18. If we learn of such use, we delete it.
10. Do Not Track
We do not respond to DNT signals.
11. Changes
We update this policy as needed and change the effective date. Material changes may be announced in-app or by email (if provided).
Last updated