RiskGlass (riskglass.app) is operated by Melange Technology Pte Ltd, a company incorporated in Singapore ("we", "us"). We are the data controller for the personal data described in this policy.
| Data | Why |
|---|---|
| Account email and authentication credentials | To create and secure your account (managed by our auth provider; we never see your password in plain text). |
| Portfolio data you enter or connect — holdings, trades, notes, public wallet addresses, read-only brokerage connections | To show you your own book. This is the product. |
| Beta acceptance record — IP address, browser user-agent, timestamp, agreement version | To keep an enforceable record that you accepted the Beta Access Agreement. |
| Card verification metadata — a card fingerprint and funding type from our payment processor | To verify you are a real person and prevent duplicate beta accounts. Your card number never touches our servers; verification is a $0 authorisation handled entirely by Stripe. |
| Support messages you send us | To reply to you. |
| Basic technical logs (requests to our servers) | Security, debugging, and abuse prevention. |
We do not collect: your brokerage passwords (connections are read-only via SnapTrade's OAuth-style flow), your private keys or seed phrases (wallet tracking uses public addresses only), or advertising identifiers. We show no ads and sell no data.
We use a small set of processors to run the service: Supabase (database and authentication), Netlify (hosting and serverless functions), Stripe (card verification and, later, billing), SnapTrade (read-only brokerage connections), and Resend (transactional email). Each receives only what it needs to perform its function.
When you track a wallet or venue by public address, that address is sent to public data providers to fetch balances and history — for example blockchain RPCs and explorers (Solana, Ethereum, Bitcoin), Hyperliquid's public API, Polymarket's public API, Azuro's public subgraphs, CoinGecko and DexScreener for prices. Public addresses are, by nature, public information; we attach no identity to them when querying.
We use browser local storage and session tokens to keep you signed in and to store app preferences and a local cache of your portfolio on your own device. We set no advertising or cross-site tracking cookies.
Your data is kept while your account exists. You can delete your account (and its data) from within the app at any time — Settings → Delete account — or by emailing us. Beta acceptance records and minimal fraud-prevention records (card fingerprint) may be retained after deletion where we have a legitimate interest or legal obligation to keep them.
Subject to the Singapore PDPA and, where applicable, the GDPR and similar laws, you may request access to, correction of, or deletion of your personal data, object to or restrict certain processing, and request portability. Write to contact@riskglass.app; we respond within 30 days. You may also complain to your local data-protection authority.
Data in transit is encrypted (TLS). Access to production systems is restricted. Brokerage access is read-only by construction — RiskGlass cannot place orders or move funds. No system is perfectly secure; keep your account credentials private.
RiskGlass is not for anyone under 18. We do not knowingly collect data from minors; if you believe a minor has an account, contact us and we will delete it.
Our processors operate globally (primarily the US and Singapore). Where required, transfers rely on appropriate safeguards such as standard contractual clauses offered by the processor.
We will post updates to this page and update the effective date above. Material changes during the beta will also be announced in the app.
← Back to riskglass.app · Terms of Service · Beta Access Agreement