Privacy Policy

← Back to OmniSell Bot

This policy describes how SkyYield ("we") collects, uses, and shares information when you use OmniSell Bot (the "Service").

1. What we collect

• Wallet addresses — public Solana / EVM addresses you connect via your browser wallet. We never collect private keys.
• Session identifier — a randomly generated UUID stored in your browser's localStorage, used to scope your DCAs and preferences. No personal information.
• DCA configurations — token mints, amounts, schedules, and the on-chain DCA account public key.
• Encrypted user secrets — if you connect a centralized exchange or notification service, the API keys and tokens you provide are encrypted at rest using Fernet (AES-128 + HMAC-SHA256) before being stored. We never log them in plaintext.
• Email address — only if you provide one for trade alerts (sent through your own Resend account) or sign up for Pro (Stripe collects billing information).
• Payment information — Stripe handles all card processing. We do not store card numbers.
• Server logs — anonymous request metadata (timestamps, paths, HTTP status). No request bodies.

2. How we use it

• To execute the recurring sell flow you configured.
• To display your DCAs, balances, and revenue summaries in the dashboard.
• To send you trade notifications via your own Telegram bot or email account, if you've configured them.
• To bill the Pro subscription if you've upgraded.
• To detect abuse and protect the Service.

3. What we never do

• We do not sell your data to third parties.
• We do not custody your tokens or sign on your behalf.
• We do not run analytics trackers (no Google Analytics, no Facebook Pixel).

4. Third parties

• Jupiter — your DCA transactions are constructed and executed through Jupiter's on-chain program. Their terms apply to their service.
• Solana RPC providers — we read on-chain data from public Solana RPC endpoints to surface DCA progress and fee balances.
• Supabase — our database. They store the encrypted records described above.
• Stripe — handles all subscription billing if you upgrade to Pro.
• Vercel — hosts the dashboard.

5. Data retention

DCA records are retained while the DCA is open and for 12 months after closure for support and tax-export purposes. You may request deletion at any time via info@skyyield.io, subject to active subscription and ongoing-DCA constraints.

6. Cookies / local storage

The Service uses browser localStorage to persist your session UUID and onboarding state. We do not set tracking cookies.

7. Your rights

If you reside in the EU, UK, or California, you have rights under GDPR / UK GDPR / CCPA to access, correct, delete, or port your personal data. Contact info@skyyield.io to exercise those rights.

8. Security

We use TLS for all traffic, Fernet encryption for stored secrets, and the principle of least privilege internally. No system is perfectly secure; if we detect a breach affecting you, we will notify you within 72 hours.

9. Children

The Service is not directed at anyone under 18.

10. Changes

We will announce material changes to this policy via the in-app banner.