Poly Research & Robotics
Log inSign up
Legal

Privacy Policy

This policy explains what data Poly Research & Robotics collects, why we collect it, and what your rights are. We keep this short on purpose. If anything here is unclear, email cweigendev@gmail.com.

Effective: May 11, 2026Last updated: May 11, 2026
Plain summary. We collect the bare minimum to run an account portal and an API. We don't sell your data, we don't run ad-tracking, and we delete your account on request.

1. Who we are

Poly Research & Robotics (PR&R) is a community and toolset for prediction-market bot builders. This site is operated by the maintainer of polyresearchrobotics.com. References to "we", "our", and "us" mean PR&R.

2. What we collect

2.1 Account data

When you sign in to the account portal at /account, we collect:

  • Your email address (always).
  • A provider identifier from the sign-in method you chose (Google subject ID, Discord user ID, or a Cognito-issued ID for email/password sign-up).
  • The provider name you used to sign in.

That's it. We don't ask for your name, address, phone number, payment info, or anything else.

2.2 API usage

When you mint an API key at the data-set builder, we associate that key with your email. We log basic API requests (timestamp, endpoint, response size) for abuse-detection and capacity planning. Logs are retained for up to 90 days.

2.3 Browser storage

After sign-in, we store your authentication tokens in your browser's localStorage. These tokens never leave your browser except to authenticate API requests back to us. We do not use cookies for tracking. We do not embed third-party analytics or advertising scripts.

2.4 Server logs

Our hosting and backend providers (Vercel, AWS, Cloudflare) record standard request logs that include your IP address, user agent, and request URL. These logs are used to keep the service running and to investigate abuse. They are retained according to each provider's policy.

3. How we use it

  • To create and authenticate your account.
  • To issue and authorize API keys.
  • To detect and stop abuse (rate-limit violations, scraping, credential sharing).
  • To send you occasional service-related emails (account verification, security notices). We do not send marketing email.

4. Third parties we share data with

We disclose data only to the providers we need to run the service:

  • AWS (account portal infrastructure, dataset storage in S3, us-east-1).
  • Cloudflare R2 (analyze-wallet uploads).
  • Vercel (static site hosting, polyresearchrobotics.com).
  • Google (OAuth, only if you sign in with Google).
  • Discord (OAuth, only if you sign in with Discord).

We do not sell, rent, or trade your data. We do not share it with advertisers. We only disclose data when legally compelled (a valid subpoena or court order, or to investigate a credible threat to the service or its users).

5. Your rights

You can, at any time, by emailing cweigendev@gmail.com from the email tied to your account:

  • Ask what data we hold on you.
  • Correct your email address.
  • Delete your account, your API keys, and all associated logs.
  • Revoke a third-party connection (Google or Discord).

Account deletion is permanent and takes effect within 7 days. We may retain minimal records (e.g., that a deletion request was made) for compliance.

6. Data security

Authentication is handled by Amazon Cognito over TLS. Passwords (for email sign-up) are never stored by us in plain text; Cognito stores them as salted, hashed values. API keys are stored hashed where possible. Files served via presigned S3/R2 URLs are short-lived (24 hours) and tied to the requester. No system is perfectly secure, so use a strong unique password.

7. Children

This service is not directed at children under 16. If you are under 16, please do not create an account. If we learn that a child under 16 has created an account, we will delete it.

8. International users

We're a small US-based project. Data is processed in the United States and the European Union (our auth stack lives in eu-west-1). By using the service you consent to that processing. EU/UK users retain their rights under GDPR/UK-GDPR and can exercise them via the contact above.

9. Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top of this page and, for active account holders, send an email to the address on file at least 14 days before the change takes effect. Non-material changes (typos, clarifications) we just make.

10. Contact

Email cweigendev@gmail.com for anything in this policy, including data requests.

© Poly Research & RoboticsTerms of Service · Contact
Join Discord