Back to home

Legal

Privacy Policy

Last updated: 20 April 2026

1. Introduction

This Privacy Policy explains how Opal (“we”, “us”, operated at heyopal.ai) collects, uses, and protects your information when you use the Opal website, the DAX conversational trading interface, the MCP server at mcp.heyopal.ai, and related services (collectively, the “Service”).

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

2. Information We Collect

Account information.

When you sign in via Google OAuth, we receive your email address, name, and profile picture URL from Google. We use this to create and authenticate your Opal account and to communicate with you about the Service. We request only the minimum scopes needed for authentication and do not access your Gmail, Drive, Contacts, or other Google services.

Wallet and trading data.

If you connect a Solana wallet, we store your public wallet address and a record of trades you place through the Service, including token, size, slippage, venue, and timestamp. We do not store your private keys. Wallet signatures happen in your environment via the patterns described in our MCP documentation.

Conversation and usage data.

The DAX interface logs the messages you send, the tool calls made on your behalf, and the responses returned, so that the Service can function, improve model quality, and audit trades. We also collect standard technical logs (IP address, user agent, timestamps) to keep the Service secure and available.

API keys.

If you generate an Opal API key for MCP access, we store a hashed copy along with metadata (label, creation date, last used). We do not retain the key in plain text after generation.

Cookies and similar technologies.

We use cookies and similar technologies for authentication, session management, and basic analytics. You can disable cookies in your browser, but some parts of the Service may not function correctly as a result.

3. How We Use Your Information

  • Provide, operate, and maintain the Service.
  • Authenticate you and secure your account.
  • Execute and record trades you (or agents you authorise) place through the Service.
  • Improve the quality of DAX's responses, tool routing, and risk checks.
  • Communicate with you about changes, security issues, and product updates.
  • Detect, prevent, and respond to fraud, abuse, and security incidents.
  • Comply with legal obligations.

4. Google User Data

Opal's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use your Google account data solely to provide user-facing features of the Service (sign-in and account identification). We do not use Google user data for serving advertising, we do not sell it, and we do not permit humans to read it except (a) with your explicit consent, (b) for security investigations, or (c) to comply with applicable law.

5. How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

  • Service providers. With vendors who help us run the Service (hosting, monitoring, error reporting, email delivery) under contractual confidentiality and data protection obligations.
  • Blockchain networks. Transactions you submit are broadcast to the Solana network and become publicly visible. This is an inherent property of the blockchain, not a choice we make about your data.
  • Legal and safety. When we reasonably believe disclosure is required by law or necessary to protect rights, safety, or the integrity of the Service.
  • Business transfers. In connection with a merger, acquisition, or sale of assets, subject to confidentiality safeguards.

6. Data Retention

We retain account information for as long as your account is active. Trade and conversation logs are retained for as long as needed to provide the Service, to comply with legal and regulatory obligations, and to resolve disputes. You may request deletion of your account and associated personal data as described below; some records (for example, on-chain transaction records) cannot be deleted from the blockchain.

7. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise these rights by emailing hey@heyopal.ai. You may also revoke Opal's access to your Google account at any time via your Google Account permissions page.

8. Security

We use reasonable technical and organisational measures to protect your information, including TLS in transit, access controls on production systems, hashed storage of API keys, and audit logging. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident that affects your personal data, we will notify you as required by law.

9. International Transfers

Opal is based in the United Kingdom and may process information in other countries where we or our service providers operate. Where required, we implement appropriate safeguards for international transfers, such as standard contractual clauses.

10. Children's Privacy

The Service is not directed to anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “last updated” date at the top of this page and, where appropriate, notify you via the Service or email.

12. Contact

Questions about this Privacy Policy or our data practices? Email hey@heyopal.ai.