Privacy Policy

Perpex is a self-custodial software interface that connects to Hyperliquid, a third-party decentralized exchange protocol, built and operated by Celebit Ltd. Because Perpex is non-custodial — your wallet never leaves your control and we never see your seed phrase — there is far less personal data to talk about than with a traditional exchange. This page describes the limited data we do see, how it flows through the system, and what your rights are.

By installing the Perpex mobile app or visiting the Perpex website, you accept the practices described here. If anything below is uncomfortable for you, the best protection is to stop using Perpex.

The data controller for the purposes of the UK GDPR and the EU GDPR is:

The data Perpex sees falls into a small number of buckets. We try to be specific about each one rather than hide behind vague language.

We try to be just as explicit about what we do not ask for. Perpex does not collect:

• your legal name, date of birth, photo ID, passport, or proof of address;
• your seed phrase, private keys, recovery phrases, or wallet password — these never leave your device, ever;
• your bank details, card numbers, or any traditional financial account information;
• your phone's contacts, photo library, files, microphone, or camera;
• your precise location (we may infer country from IP for compliance, but not GPS coordinates);
• any special category data such as health, biometrics, or political or religious beliefs;
• data from minors (Perpex is for adults — see Section 14).

If a feature ever needs information that does not appear in this list, we will ask you clearly before turning it on.

The purposes are pretty narrow. We use the data described in Section 4 to:

• let you sign in, link a wallet, and authenticate against the Perpex backend;
• display your positions, balances, fills, PnL, and market data;
• run features you enable — copy trading, grid bots, algo bots, conditional orders, and price alerts;
• send push notifications or in-app notifications you have asked for;
• investigate bugs, fix crashes, monitor performance, and improve the app;
• detect, prevent, and respond to abuse, fraud, sanctioned-jurisdiction access, and security incidents;
• respond to support requests and legal enquiries;
• comply with legal obligations that apply to Celebit Ltd.

We do not use your data for personalised advertising, we do not sell it, and we do not share it with data brokers.

Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:

• Performance of a contract. We need to process certain data to give you the Perpex apps and the features you ask for.
• Legitimate interests. We rely on legitimate interests for things like improving Perpex, keeping it secure, preventing abuse, and running aggregated analytics.
• Consent. We rely on your consent for optional things like push notifications and certain analytics cookies. You can withdraw consent at any time.
• Legal obligation. We rely on legal obligation when we have to comply with sanctions, anti-money-laundering rules, or court orders.

Perpex would not exist without third-party infrastructure. The providers we rely on are limited and chosen carefully. Each one acts as a processor and is bound by data protection terms.

• Hyperliquid & the Arbitrum chain — third-party public blockchain protocols that Perpex reads data from. Users sign and broadcast all transactions directly from their own wallets; Celebit Ltd does not transmit or execute transactions on users' behalf.
• Privy and WalletConnect (Reown) — wallet connection and embedded-wallet providers. They handle the cryptographic side; we never see private keys.
• QuickNode and other RPC / WebSocket providers — used to read blockchain state and stream live data.
• Railway and our hosting providers — run our backend services and database.
• Sentry — error tracking and crash reporting. Sentry receives stack traces, app version, and limited request metadata; we configure it to scrub sensitive fields.
• Google Analytics 4 — aggregated product analytics.
• Expo / Apple / Google push services — deliver push notifications via anonymous device tokens.
• Email and customer support tooling — used when you contact us at hello@perpex.co.

We may add or change providers as Perpex evolves. None of these providers are permitted to use your data for their own marketing purposes.

Celebit Ltd is based in the United Kingdom, and some of the providers listed above are located in the United States, the European Union, and other jurisdictions. When we send personal data outside the UK or the EEA, we rely on safeguards that the law recognises — including the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, the EU-US Data Privacy Framework where applicable, and the providers' own certifications. Where a provider is in a country that the UK or the EU considers adequate, no further measures are needed. By using Perpex, you consent to the transfer and processing of your information in the United Kingdom, European Economic Area, United States, and other jurisdictions where Celebit Ltd or its service providers operate.

We do not keep data forever for the sake of it. As a rough guide:

• your wallet address and any account preferences linked to it stay in our database for as long as you keep using Perpex;
• push notification tokens are kept until you disable notifications or uninstall the app;
• technical logs, crash reports, and request traces are typically kept for up to 90 days for debugging and security investigations;
• aggregated, non-identifying analytics may be retained longer because they no longer identify you;
• on-chain data is, by definition, on-chain — we have no power to delete it from the blockchain;
• we may keep limited records longer where the law requires it (for example, to defend a legal claim or comply with a regulator).

If you would like us to delete data we still hold about you, contact us and we will do so where we can.

The Perpex website uses a small number of cookies and similar browser storage technologies. They fall into three categories:

• Strictly necessary. Used for things like keeping you signed in, remembering your wallet connection, applying your theme and language, and protecting against CSRF attacks. These are always on.
• Functional. Used to remember preferences such as favourite markets, recently viewed traders, and dismissed banners.
• Analytics. Used to count visits and understand how features are used. You can disable these in your browser's privacy settings.

The mobile app uses on-device storage for the same purposes — preferences, sessions, and cached market data. None of these stores ever contains your seed phrase or private key.

Celebit Ltd applies standard administrative, technical, and organizational measures to protect the limited personal data we process. That includes encrypted connections, hardened backend services, least-privilege access, monitored systems, and incident response processes. No system on the internet can be completely secure, so we cannot promise perfection — but we treat security as a first-class concern.

A reminder that the most sensitive thing in your trading life — your seed phrase — never touches Perpex's servers, by design. Keeping that phrase safe is on you. Treat anyone who asks for it, including someone claiming to be from Perpex support, as a scammer.

Depending on where you live, you may have some or all of the following rights over the data we hold about you:

• the right to know what we process and why;
• the right to access a copy of that data;
• the right to correct anything that is inaccurate;
• the right to ask us to delete data we no longer need;
• the right to restrict or object to certain processing;
• the right to withdraw consent for anything we rely on consent for;
• the right to lodge a complaint with your local data protection regulator (in the UK, that is the Information Commissioner's Office at ico.org.uk).

Because Perpex does not maintain a profile of you as an identified individual — we mostly know you as a wallet address — exercising some of these rights can be technically tricky. To make a request, email hello@perpex.co and include enough information for us to verify that the request is yours (typically by signing a short message with the wallet in question).

Perpex is not designed for, marketed to, or intended for anyone under 18. We do not knowingly collect data from children. If you are a parent or guardian and you believe a minor has used Perpex, contact us at hello@perpex.co and we will delete what we can.

We may update this Privacy Policy from time to time as Perpex evolves, as we add new providers, or as the law changes. The latest version always lives at https://perpex.co/privacy, and the "Effective" date at the top of the page tells you when it took effect. For meaningful changes, we will try to give you a heads-up in-app or by email before the new version applies. Continuing to use Perpex after a new version is published means you accept it.

Privacy questions, data requests, or general feedback? Reach out — we read everything.

Perpex is a product of Celebit Ltd, registered in England and Wales.