What stays local (zero access)
These never leave your machine:| Data | Details |
|---|---|
| Private keys & seed phrases | Desktop: encrypted on your disk in the keystore, never transmitted. Web app: stored in Privy’s TEE, never accessible to LaserSell servers. |
| Strategy configuration | Desktop: runs entirely locally. Web app: stored in our database to maintain your session across browser visits. |
| Trade construction & signing | Desktop: transactions built and signed on your machine. Web app: transactions built server-side, signed by Privy’s TEE, submitted via LaserSell’s RPC. |
What we collect
Authentication & accounts
- Email and credentials: stored in Supabase for account authentication on app.lasersell.io.
- Profile pictures: stored in Supabase Storage if you upload one. You can remove or replace it anytime.
- OAuth profile data:if you sign in via GitHub, X/Twitter, or Google, we receive limited profile info (no passwords).
- MFA:TOTP-based. We do not collect phone numbers.
API & trading activity
- Wallet public keys:sent to the LaserSell API for authentication and session identification.
- API keys:stored encrypted for endpoint authentication.
- Trading activity:as the platform evolves, we plan to log activity tied to your API keys (PnL, configuration, trading frequency, wallet addresses) to improve the product and provide analytics.
Payments
- Stripe handles all payment processing. We do not store raw credit card numbers on our servers.
Technical data
- IP addresses, user-agents, timestamps, and error traces:collected in server logs for infrastructure monitoring and abuse prevention.
- Google Analytics:used on marketing and documentation sites only, not on the authenticated dashboard.
- Essential cookies and local storage:used on app.lasersell.io for session management.
Network connections
When the LaserSell client is running, it establishes outbound connections to:1. Solana network (your RPC)
- Destination: Your configured RPC provider (e.g., Helius, Chainstack).
- Purpose: Reading on-chain data (prices, bonding curves) and broadcasting signed transactions.
- Note: Your RPC provider can see your IP address and the requests you make.
2. Transaction sender (if applicable)
- Destination: Depends on your
send_targetsetting:Helius sender, Astralane, or direct RPC. - Purpose: Broadcasting your locally-signed transactions for fast on-chain landing.
- Note: The sender sees the signed transaction payload.
3. LaserSell API
- Destination:
api.lasersell.app - Purpose: Authentication, license verification, and the Exit Intelligence Stream (WebSocket).
Third-party services
We share data with these providers to operate the platform:| Provider | Purpose |
|---|---|
| Stripe | Payment processing and referral commission payouts (Stripe Connect) |
| Privy | Wallet key management in Trusted Execution Environments (web trading) |
| Supabase | Database and authentication |
| Better Stack | Log management (U.S.) |
| Typeform | Enterprise intake applications |
| Solana RPC nodes | On-chain data resolution |
Data retention
- Account and billing data is retained while your account is active.
- Server logs are routinely cycled or anonymized per operational security practices.
Your rights
- Update your authentication methods and API keys via the dashboard.
- Request access to, correction of, or deletion of your data by emailing support@lasersell.io.